Need help woth Backdoor Trojan

David1970 · April 18, 2010, 11:40:57 PM

TO CORRINE: The instructions said to post here, so feel free to delete my topic from the virus and trojan forum.

I have a backdoor trojan and 2 other trojans from not using a firewall. The backdoor trojan was called Trojan horse backdoor generic 12 benL- It was caught by AVG in a helper.exe file in Java after about a week of suspicious activity. The other two were detected by MallwareBytes, I deleted it from the quarantines.

So far the intruder have been playing with my newsticker program and selecting topics on his own. He also tried to open my weather gadget.and opening up menus. I could not use System Restore.

I've been told that if this trojan has rootkits, it can survive a re-format. How can I find out I have rootkits?

How can I get rid of these trojans without re-formatting my computer? I am a complete novice at all of this.

I also ran CHKDSK while booting.

I could not get RootRepeal to work, it froze my system. Here are the other two logs:

=====================================================

info.txt logfile of random's system information tool 1.06 2010-04-18 14:18:12

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
500 From Special K Software (C:\Program Files\500 From Special K\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.004"
500 From Special K Software-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\500 From Special K\ST6UNST.003"
500 From Special K-->C:\Program Files\500 From Special K\Uninstal.exe
Addicting Lines 1.1-->"C:\Program Files\Addicting Lines\unins000.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
All Solitaire Games v1.0-->"C:\Program Files\All Solitaire Games\unins000.exe"
All-Time Darts-->C:\Program Files\GZWO\AllTimeDarts\Uninstal.exe
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Application Support-->MsiExec.exe /I{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arcade Classic Pack 5.10-->"C:\Program Files\Arcade Classic Pack\unins000.exe"
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Atari Arcade Hits 1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Atari Arcade Hits 1\Uninst.isu"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bejeweled Twist-->C:\Program Files\PopCap Games\Bejeweled Twist\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Twist\Install.log"
Best of Card Games-->C:\PROGRA~1\ONHAND~1\BESTOF~1\UNWISE.EXE C:\PROGRA~1\ONHAND~1\BESTOF~1\INSTALL.LOG
Best of Poker-->C:\PROGRA~1\ONHAND~1\BESTOF~2\UNWISE.EXE C:\PROGRA~1\ONHAND~1\BESTOF~2\INSTALL.LOG
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Black Jack-->C:\Program Files\Microsoft ActiveSync\Black Jack\Uninstall.exe Black Jack
Boggle-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bridge From Special K-->C:\Program Files\Bridge From Special K\Uninstal.exe
Bridge From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Bridge From Special K\ST6UNST.004"
BrowserTraySwitch 2.05.01-->"C:\Program Files\BrowserTraySwitch\unins000.exe"
BVS Solitaire Collection version 6.6-->"C:\Program Files\BVS Solitaire Collection\unins000.exe"
Canasis Games (Aug 27 2006)-->"C:\Program Files\Canasis\unins000.exe"
Canasta From Special K (C:\Program Files\Canasta From Special K\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Canasta From Special K\ST6UNST.005"
Canasta From Special K-->C:\Program Files\Canasta From Special K\Uninstal.exe
Canasta From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Canasta From Special K\ST6UNST.004"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Championship Cribbage All-Stars 7.30-->C:\Program Files\DreamQuest\Championship Cribbage All-Stars\uninstall.exe
Championship Hearts All-Stars 7.30-->C:\Program Files\DreamQuest\Championship Hearts All-Stars\uninstall.exe
Championship Rummy All-Stars 7.18-->C:\Program Files\DreamQuest\Championship Rummy All-Stars\uninstall.exe
Championship Spades All-Stars 7.30-->C:\Program Files\DreamQuest\Championship Spades All-Stars\uninstall.exe
CLUE Classic-->C:\PROGRA~1\GAMEHO~1\CLUECL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\CLUECL~1\INSTALL.LOG
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Color Lines 3D by IstraSoft-->"C:\Program Files\IstraSoft\Color Lines 3D\uninstall.exe"
Comodo HopSurf-->"C:\Program Files\Comodo\HopSurfToolbar\hopsurf.exe"
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
COMODO livePCsupport-->MsiExec.exe /X{A31A5DFC-3439-48FC-99BB-5174168AE471}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DeskPins (remove only)-->"C:\Program Files\DeskPins\uninstall.exe"
Domino Master Gold (remove only)-->"C:\Program Files\TikGames\Domino Master Gold\Uninst.exe"
Dominoes, Win42, and WinMoon-->C:\PROGRA~1\Games\Dominoes\UNWISE.EXE C:\PROGRA~1\Games\Dominoes\INSTALL.LOG
Double-9 Dominoes-->C:\PROGRA~1\Games\Dominoes\UNWISE.EXE C:\PROGRA~1\Games\Dominoes\INSTALL.LOG
ElementKit-->C:\Program Files\ElementKit\Uninstall.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESPN BottomLine-->"C:\Program Files\ESPN\BottomLine\setup.exe" -u
Euchre From Special K (C:\Program Files\Euchre From Special K\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Euchre From Special K\ST6UNST.005"
Euchre From Special K-->C:\Program Files\Euchre From Special K\Uninstal.exe
Euchre From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Euchre From Special K\ST6UNST.004"
FileZilla Client 3.2.6.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Firework Columns 1.1.0-->"C:\Program Files\Novel Games\Firework Columns\unins000.exe"
Foxmail 5.0-->"C:\Documents and Settings\David\Desktop\fm6en\unins000.exe"
Funpuz Puzzle Games 9.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\Softgame\irunin.ini"
GameHouse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\GameHouse.rguninst" "AddRemove"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
Golden Bird 1.1-->"C:\Program Files\GoldenBird\unins000.exe"
GridinSoft Lines Game-->C:\Program Files\GridinSoft\Lines\Uninstall.exe
HighScore-->C:\WINDOWS\uninst.exe -f"C:\Program Files\HighScore\DeIsL1.isu"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hoyle Card Games 2008 (remove only)-->"C:\Program Files\Encore\Hoyle Card Games 2008\HCG_Uninstall.exe"
Hoyle Casino '99-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Casino99\Uninst.isu
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5-->C:\Program Files\HP\Digital Imaging\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}\setup\hpzscr01.exe -datfile hposcr37.dat -onestop -forcereboot
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
InstaVerse-->C:\PROGRA~1\INSTAV~1\UNWISE.EXE /U C:\PROGRA~1\INSTAV~1\INSTALL.LOG
iPulse Desktop Widget powered by WAVY.com-->msiexec /qb /x {ED284CCD-A162-3A2D-DBF2-612A0C68ED77}
iPulse Desktop Widget powered by WAVY.com-->MsiExec.exe /I{ED284CCD-A162-3A2D-DBF2-612A0C68ED77}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Jacqueline GNU Go 1.3.3.6-->C:\Program Files\Jacqueline GNU Go\uninst.exe
Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Jolly Lines 1.0-->"C:\Program Files\Jolly Lines\unins000.exe"
Libronix Digital Library System-->C:\Program Files\Libronix DLS\System\Unsetup.exe
Logitech MouseWare 9.79 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
LudoDeLuxe-->C:\Program Files\Microsoft ActiveSync\LudoDeLuxe\Uninstall.exe LudoDeLuxe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mariko 3D-->C:\Program Files\Mariko3D_Demo\Uninstal.exe
Mariko-->C:\Program Files\Mariko\Uninstal.exe
MetarWeather-->C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\MetarWeather\uninst1~.nsu"
Meter Drivers for OneTouch(R) Software v1.6-->C:\Program Files\InstallShield Installation Information\{3A672C7A-64FD-4304-B541-CC76715C329C}\setup.exe -runfromtemp -l0x0409
Mexican Train For Windows 6.2-->C:\Amuseware\Mexican Train 6.2\Uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Milton Bradley Classic Board Games-->C:\Program Files\Hasbro Interactive\Classic Games\MBUninst.exe
MONOPOLY CASINO Vegas Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Infogrames Interactive\Monopoly Casino Vegas Edition\UninstMC.isu"
Monopoly Casino-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly Casino\ScouUnin.isu"
Monopoly-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly\Uninst.isu"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Msxml4 for LDCF-->MsiExec.exe /I{D6160F37-7638-4E56-9774-F3C88F30A4A9}
Netscape Communicator 4.8-->C:\WINDOWS\cd32.exe 4.8 (en)
NoteTab Light 5 (Remove only)-->"C:\Program Files\NoteTab Light\unins001.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OneTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}\Setup.exe" -l0x9
OneTouch USB Driver-->MsiExec.exe /X{E08EC542-BC5F-4F26-BBB9-E426BA007A31}
Opera 10.50-->MsiExec.exe /X{332BCC03-A1B7-4BE7-8C8A-2B1333E22C33}
Opera 10.51-->MsiExec.exe /X{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Opera-->C:\PROGRA~1\Opera\uninst\unwise.exe C:\PROGRA~1\Opera\uninst\install.log
Othello-->C:\WINDOWS\uninst.exe -fC:\Hasbro\Othello\DeIsL1.isu
Pale Moon project (3.6.3)-->C:\Program Files\Pale Moon project\uninstall\helper.exe
Parker Brothers Classic Card Games-->C:\Program Files\Hasbro Interactive\Classic Games\PBUninst.exe
PGA Championship Golf 2000 Titanium-->C:\WINDOWS\ISUNINST.EXE -c"C:\SIERRA\PGA2000 Titanium\uninst.dll" -f"C:\SIERRA\PGA2000 Titanium\Uninst.isu"
Pradis-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{73703571-9EFC-45D0-863B-7BF97EE68F4E}
Pretty Good Solitaire - Additional Card Sets 11.0-->"C:\Program Files\goodsol\unins001.exe"
Pretty Good Solitaire version 12.3.0-->"C:\Program Files\goodsol\unins000.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Risk-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-risk.rguninst" "AddRemove"
Rummi 6.0.37-->"C:\Program Files\Rummi\unins000.exe"
Rummy From Special K (C:\Program Files\Rummy From Special K\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Rummy From Special K\ST6UNST.005"
Rummy From Special K-->C:\Program Files\Rummy From Special K\Uninstal.exe
Rummy From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Rummy From Special K\ST6UNST.004"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
SCRABBLE PLUS-->C:\PROGRA~1\GAMEHO~1\SCRABB~2\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABB~2\INSTALL.LOG
SCRABBLE-->C:\PROGRA~1\GAMEHO~1\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SCRABB~1\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Shanghai Second Dynasty-->C:\PROGRA~1\ACTIVI~1\SHANGH~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\Shanghai Second Dynasty\uninstall\Shanghai Second Dynasty.log
Shanghai: Great Moments version 2.0-->C:\Shanghai Great Moments\uninstal.exe
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SnowLinesWM by HeroCraft (remove only)-->"C:\Program Files\HeroCraft\SnowLinesWM\Uninstall.exe"
SolGames 2004 11.0-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\SolGames 2004 11.0\ST6UNST.001"
SolSuite 2010 v10.3-->"C:\Program Files\SolSuite\unins000.exe"
Sorry-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL3.isu
Spb Brain Evolution-->C:\Program Files\Microsoft ActiveSync\Spb Brain Evolution\Uninstall.exe Spb Brain Evolution
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Straight Whist-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Straight Whist\ST5UNST.LOG"
Super Columns-->"C:\Program Files\Super Columns\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Surf It!-->C:\Program Files\Surf It!\Uninstall.EXE /u:"Surf It!"
The Game Of Life-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\The Game Of Life\DeIsL2.isu" -cC:\PROGRA~1\HASBRO~1\THEGAM~1\_ISREG32.DLL
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Tonk-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Tonk\ST5UNST.LOG"
Tropical Lines 1.03-->C:\Program Files\Tropical Lines\uninst.exe
TurboTop 2.7-->"C:\Program Files\TurboTop\unins000.exe"
Ultimate Bid Whist-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Ultimate Bid Whist\ST5UNST.LOG"
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Pixoria\Konfabulator\UnixUtils\uninstall.exe
Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
Uno(TM) CD-Rom-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9416484D-7002-4CDF-8B46-8748962DF3CF}\setup.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Virtual Pool 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Interplay\Virtual Pool 3\Uninst.isu"
VMN Toolbar-->C:\Program Files\vmntoolbar\uninstall.exe
Weather Exchange-->MsiExec.exe /X{7DADDB60-CFD0-4AB0-94B6-74FD319F5DE7}
Weather Watcher Alerts-->"C:\Program Files\Weather Watcher Alerts\unins000.exe"
Weather Watcher Live-->"C:\Program Files\Weather Watcher Live\unins001.exe"
Weather Watcher-->"C:\Program Files\Weather Watcher\unins001.exe"
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
WeatherBug-->MsiExec.exe /X{8F931595-5561-4E26-AC78-7E9B1E3E9C98}
Whist From Special K (C:\Program Files\Whist From Special K\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Whist From Special K\ST6UNST.005"
Whist From Special K-->C:\Program Files\Whist From Special K\Uninstal.exe
Whist From Special K-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Whist From Special K\ST6UNST.004"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WorldFlash-->C:\WINDOWS\iun6002.exe "C:\Program Files\WorldFlash\irunin.ini"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Pixoria\KONFAB~1\uninstall.exe
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: COMODO Antivirus (disabled)
AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall
FW: COMODO Firewall

======System event log======

Computer Name: DAVID-013E8D442
Event Code: 54
Message:
Record Number: 1324
Source Name: UnlockerDriver5
Time Written: 20100227221028.000000-300
Event Type: warning
User:

Computer Name: DAVID-013E8D442
Event Code: 54
Message:
Record Number: 1323
Source Name: UnlockerDriver5
Time Written: 20100227221028.000000-300
Event Type: warning
User:

Computer Name: DAVID-013E8D442
Event Code: 54
Message:
Record Number: 1322
Source Name: UnlockerDriver5
Time Written: 20100227221028.000000-300
Event Type: warning
User:

Computer Name: DAVID-013E8D442
Event Code: 54
Message:
Record Number: 1321
Source Name: UnlockerDriver5
Time Written: 20100227221028.000000-300
Event Type: warning
User:

Computer Name: DAVID-013E8D442
Event Code: 54
Message:
Record Number: 1320
Source Name: UnlockerDriver5
Time Written: 20100227221028.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DAVID-013E8D442
Event Code: 1000
Message: Faulting application chrome.exe, version 0.0.0.0, faulting module chrome.dll, version 5.0.312.0, fault address 0x00667780.

Record Number: 74
Source Name: Application Error
Time Written: 20100131230205.000000-300
Event Type: error
User:

Computer Name: DAVID-013E8D442
Event Code: 1000
Message: Faulting application chrome.exe, version 0.0.0.0, faulting module chrome.dll, version 5.0.312.0, fault address 0x00667780.

Record Number: 73
Source Name: Application Error
Time Written: 20100131230054.000000-300
Event Type: error
User:

Computer Name: DAVID-013E8D442
Event Code: 1000
Message: Faulting application palemoon.exe, version 1.9.2.3678, faulting module mozcrt19.dll, version 8.0.0.0, fault address 0x00018114.

Record Number: 52
Source Name: Application Error
Time Written: 20100131000039.000000-300
Event Type: error
User:

Computer Name: DAVID-013E8D442
Event Code: 1000
Message: Faulting application palemoon.exe, version 1.9.2.3678, faulting module mozcrt19.dll, version 8.0.0.0, fault address 0x00018114.

Record Number: 44
Source Name: Application Error
Time Written: 20100130153210.000000-300
Event Type: error
User:

Computer Name: DAVID-013E8D442
Event Code: 1000
Message: Faulting application wcesmgr.exe, version 4.5.5096.0, faulting module wcesmgr.exe, version 4.5.5096.0, fault address 0x0002ea3d.

Record Number: 43
Source Name: Application Error
Time Written: 20100113095731.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Tcl\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.tcl
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

=========================================================

HERE'S THE OTHER ONE

==================================================================

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2010-04-18 14:21:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (9%) free of 38 GB
Total RAM: 479 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:40, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pixoria\Konfabulator\YahooWidgets.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\WorldFlash\WrldFlsh.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Program Files\Pixoria\Konfabulator\YahooWidgets.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Pale Moon project\palemoon.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Documents and Settings\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://biblemegasite.com/outline2-nltsb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WFGStartup] C:\Program Files\WorldFlash\WFGStartupU.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Pixoria\Konfabulator\YahooWidgets.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201299372328
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D3CBF04-4652-4FCC-BD96-5BB33AEDC702}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10903 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-790525478-1677128483-1606980848-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-1677128483-1606980848-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD37C3D4-CACF-4DA3-B405-4715BC02A5E5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll [2009-07-30 909040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-07 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-01 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 2022912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll [2009-07-30 909040]
{A057A204-BACC-4D26-8287-79A187E26987} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 2022912]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Locked
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2010-04-17 1331392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-02-27 15872]
"Logitech Utility"=C:\WINDOWS\LOGI_MWX.EXE [2003-11-07 19968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-01 2064224]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-07 202256]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-04-09 2029456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2006-11-13 1289000]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"WFGStartup"=C:\Program Files\WorldFlash\WFGStartupU.exe [2005-12-07 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^AccuWeather.lnk]
C:\Program Files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\David\Start Menu\Programs\Startup
Yahoo! Widgets.lnk - C:\Program Files\Pixoria\Konfabulator\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Atari\Scrabble Online\scrabbleo.exe"="C:\Program Files\Atari\Scrabble Online\scrabbleo.exe:*:Enabled:scrabbleo"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\TikGames\Domino Master Gold\Domino.exe"="C:\Program Files\TikGames\Domino Master Gold\Domino.exe:*:Enabled:Game Executable"
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Tams11\Games\Parchisi\parchisi.exe"="C:\Program Files\Tams11\Games\Parchisi\parchisi.exe:*:Enabled:parchisi"
"C:\Program Files\Tams11\Games\Hand And Foot\handandfoot.exe"="C:\Program Files\Tams11\Games\Hand And Foot\handandfoot.exe:*:Enabled:handandfoot"
"C:\Program Files\Tams11\Games\Domino Toe\dominotoe.exe"="C:\Program Files\Tams11\Games\Domino Toe\dominotoe.exe:*:Enabled:dominotoe"
"C:\Program Files\CyberTV\CyberTV.exe"="C:\Program Files\CyberTV\CyberTV.exe:*:Enabled:TV and Radio online"
"C:\FLARE\lib\IeEmbed.exe"="C:\FLARE\lib\IeEmbed.exe:*:Enabled:JDesktop Integration Components binary"
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe"="C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe"="C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\DigitalFusion\Real Domino\Domino3D.exe"="C:\Program Files\DigitalFusion\Real Domino\Domino3D.exe:*:Enabled:Domino3D"
"C:\Program Files\DigitalFusion\Real Dominoea\Domino3D.exe"="C:\Program Files\DigitalFusion\Real Dominoea\Domino3D.exe:*:Enabled:Domino3D"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Yahoo! Games\Q-bert 2004\Q-Bert 2004.exe"="C:\Program Files\Yahoo! Games\Q-bert 2004\Q-Bert 2004.exe:*:Enabled:Q*bert 2004"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\MyiQ\MyiQ.exe"="C:\Program Files\MyiQ\MyiQ.exe:*:Enabled:MyiQ"
"C:\Program Files\MyiQ\update.exe"="C:\Program Files\MyiQ\update.exe:*:Enabled:MyiQ"
"C:\Program Files\Opera 10.10 Beta\opera.exe"="C:\Program Files\Opera 10.10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 10 Beta\opera.exe"="C:\Program Files\Opera 10 Beta\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program F

Corrine · April 19, 2010, 12:15:24 AM

Hi, David.

Thank you. That is a great start and I am pleased to see that you have a firewall now.

Unfortunately, the forum software cut off the rest of your log. Please go to C:\rsit and open log.txt. Locate the last line shown above ("C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program F) and copy/paste the remainder here as a rely.

To check for a rootkit, let's start with a RootRepeal log.

Please download RootRepeal from Here, Here, or Here and save it to your desktop.

Open the RootRepeal icon on your desktop.
Click the Report tab .
Click the Scan button .
In the Select Scan dialog, check ONLY the Drivers, Processes, SSDT and Hidden Services boxes as illustrated here:
Push Ok
If asked to select drives, check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the Save Report button . Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.

Please post the rest of the RSIT log.txt and the RootRepeal.txt logs in your next reply.

David1970 · April 19, 2010, 01:12:08 AM

Unfortunately I couldn't get roolrepeal to work, even after 15 minutes it was still initualizing. I Have decided to go offline until I replace the hard drive.

here's the rest of the log you requested:

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a7bffb2-1347-11de-8e56-00e04cb0b294}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f259ebe2-c8fe-11dc-a72f-00e04cb0b294}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f48f1952-d03c-11dc-a779-00e04cb0b294}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2010-04-18 14:14:11 ----D---- C:\Program Files\trend micro
2010-04-18 14:13:47 ----D---- C:\rsit
2010-04-17 15:06:26 ----HD---- C:\VritualRoot
2010-04-17 15:00:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
2010-04-17 14:41:48 ----D---- C:\Program Files\Comodo
2010-04-17 14:41:48 ----D---- C:\Documents and Settings\David\Application Data\Comodo
2010-04-17 14:34:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Comodo Downloader
2010-04-17 11:45:09 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-04-17 11:44:38 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-04-17 11:44:37 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-04-17 11:44:14 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-04-17 11:43:38 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-04-17 11:43:34 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-04-17 11:43:28 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-04-17 11:43:23 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-04-17 11:43:18 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-04-17 11:38:54 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-04-17 11:38:54 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-04-17 11:38:53 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-04-16 12:37:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-04-16 11:49:07 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-16 11:49:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-16 11:49:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-16 11:49:06 ----A---- C:\WINDOWS\system32\java.exe
2010-04-16 02:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-16 02:10:42 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-16 02:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-16 02:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-16 02:08:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-15 02:08:11 ----D---- C:\374ffdb9599f2a1968797f6bdb646204
2010-04-15 02:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-10 23:48:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2010-04-10 20:38:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-04-10 20:36:50 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-10 20:36:49 ----D---- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2010-04-09 01:26:12 ----A---- C:\WINDOWS\system32\guard32.dll
2010-04-03 11:22:06 ----D---- C:\Program Files\RSS Advantage
2010-03-27 23:38:30 ----D---- C:\Documents and Settings\David\Application Data\K-Meleon

======List of files/folders modified in the last 1 months======

2010-04-18 14:22:59 ----D---- C:\WINDOWS\Temp
2010-04-18 14:14:38 ----D---- C:\WINDOWS\Prefetch
2010-04-18 14:14:11 ----RD---- C:\Program Files
2010-04-18 14:10:11 ----D---- C:\Program Files\Common Files\Akamai
2010-04-18 08:08:16 ----SD---- C:\WINDOWS\Tasks
2010-04-17 21:10:42 ----SHD---- C:\WINDOWS\Installer
2010-04-17 20:57:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 20:51:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-17 20:50:59 ----D---- C:\WINDOWS\system32
2010-04-17 20:48:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-17 19:02:45 ----SHD---- C:\WINDOWS\CSC
2010-04-17 14:56:56 ----HD---- C:\Config.Msi
2010-04-17 14:45:34 ----D---- C:\WINDOWS\Internet Logs
2010-04-16 19:20:52 ----A---- C:\WINDOWS\WORDPAD.INI
2010-04-16 15:52:49 ----D---- C:\Documents and Settings\David\Application Data\FileZilla
2010-04-16 12:36:50 ----D---- C:\Program Files\Common Files\Java
2010-04-16 11:48:30 ----D---- C:\Program Files\Java
2010-04-16 10:40:42 ----D---- C:\Program Files\Opera
2010-04-16 02:36:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-16 02:34:25 ----D---- C:\WINDOWS
2010-04-16 02:14:08 ----HD---- C:\WINDOWS\inf
2010-04-16 02:13:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-16 02:11:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-16 02:11:05 ----A---- C:\WINDOWS\imsins.BAK
2010-04-16 02:06:46 ----D---- C:\WINDOWS\ie8updates
2010-04-13 23:01:59 ----D---- C:\Program Files\SolSuite
2010-04-12 00:19:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-11 22:05:57 ----D---- C:\Program Files\CCleaner
2010-04-10 20:33:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-10 18:36:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-06 13:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-06 09:45:52 ----D---- C:\Program Files\Pale Moon project
2010-04-01 07:59:29 ----D---- C:\Documents and Settings\David\Application Data\U3
2010-03-31 02:12:46 ----D---- C:\Program Files\Internet Explorer
2010-03-28 00:41:07 ----D---- C:\Program Files\Mozilla Firefox
2010-03-27 23:10:38 ----D---- C:\Program Files\Minefield
2010-03-27 01:31:50 ----D---- C:\Documents and Settings\David\Application Data\WeatherWatcher
2010-03-24 22:50:53 ----D---- C:\Program Files\WorldFlash
2010-03-24 22:50:17 ----A---- C:\WINDOWS\iun6002.exe
2010-03-22 09:53:30 ----D---- C:\Program Files\Opera10
2010-03-19 17:48:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-13 242696]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2010-04-09 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-04-09 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-04-09 25240]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-11-07 51486]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 S3Psddr;S3Psddr; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-03-02 167040]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ewdmaudn;ewdmaudn; \??\C:\DOCUME~1\David\LOCALS~1\Temp\ewdmaudn.sys []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-03-02 167040]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-04-09 1769216]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Corrine · April 20, 2010, 11:51:06 PM

Hi, David.

Since you have decided to go offline until you replace the hard drive, when that has been completed, we would be happy to advise you how to keep the new hard drive secure.

In addition, considering that your current System drive C only has 4 GB (9%) free of 38 GB and 13% available RAM available, it would be a good idea for you to remember to uninstall old, outdated software from your computer. For example, I'm seeing multiple versions of the same browser installed on your computer, yet none of them are the current version.

I hope the process goes well for you.

Need help woth Backdoor Trojan

David1970

Corrine

David1970

Corrine