Jump to content

sewez

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by sewez

    Google Redirects - Infected

    in Resolved Malware Removal Logs

    Posted

    here is the first log you requested:

    Logfile of random's system information tool 1.06 (written by random/random)

    Run by Ben Jones at 2009-08-19 13:28:20

    Microsoft Windows XP Professional Service Pack 3

    System drive C: has 66 GB (85%) free of 78 GB

    Total RAM: 639 MB (26% free)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 1:29:06 PM, on 8/19/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16876)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    C:\Program Files\Spyware Terminator\sp_rsser.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\UPS\WSTD\WSTDMessaging.exe

    C:\Program Files\LivePerson\hc.exe

    C:\Documents and Settings\Ben Jones\Local Settings\Application Data\Citrix\GoToMyPC\gotomypc_428.exe

    C:\DOCUME~1\BENJON~1\LOCALS~1\Temp\G2_428\g2viewer.exe

    C:\UPS\WSTD\WorldShipTD.exe

    C:\UPS\WSTD\upslnkmg.exe

    C:\Documents and Settings\Ben Jones\Desktop\Security\RSIT.exe

    C:\Program Files\Trend Micro\HijackThis\Ben Jones.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - S-1-5-19 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'LOCAL SERVICE')

    O4 - S-1-5-18 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'SYSTEM')

    O4 - .DEFAULT Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'Default user')

    O4 - Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe

    O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.fullcontrol.net/activex/AxisCamControl.cab

    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing)

    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

    O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --

    End of file - 6303 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1224078009.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

    AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-18 1783808]

    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-24 1948440]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\medicsp2]

    C:\Program Files\twc\medicsp2\bin\sprtcmd.exe [2007-03-07 198184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

    C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    C:\Program Files\QuickTime\qttask.exe -atboottime []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

    C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]

    C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe [2008-08-04 18968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

    C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

    C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-05-15 217193]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

    C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

    C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-10-22 167936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

    C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDMessaging.exe

    UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\wstdPldReminder.exe

    C:\Documents and Settings\Ben Jones\Start Menu\Programs\Startup

    LivePerson.lnk - C:\Program Files\LivePerson\hc.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

    C:\WINDOWS\system32\avgrsstx.dll [2009-06-24 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

    C:\WINDOWS\system32\LMIinit.dll [2007-05-25 63040]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    "dontdisplaylastusername"=0

    "legalnoticecaption"=

    "legalnoticetext"=

    "shutdownwithoutlogon"=1

    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "NoDriveTypeAutoRun"=323

    "NoDriveAutoRun"=67108863

    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    "HonorAutoRunSetting"=

    "NoDriveAutoRun"=

    "NoDriveTypeAutoRun"=

    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

    "C:\Program Files\LivePerson\hc.exe"="C:\Program Files\LivePerson\hc.exe:*:Enabled:LivePerson Application"

    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

    "C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"

    "C:\Program Files\InterVideo\DVD5\WinDVD.exe"="C:\Program Files\InterVideo\DVD5\WinDVD.exe:*:Enabled:WinDVD"

    "C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe"="C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe:*:Enabled:UPS WorldShip MSDE"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-08-19 13:28:20 ----D---- C:\rsit

    2009-08-19 12:51:54 ----A---- C:\RootRepeal report 08-19-09 (12-51-54).txt

    2009-08-19 10:28:28 ----A---- C:\ComboFix.txt

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\zip.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWXCACLS.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWSC.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\SWREG.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\sed.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\PEV.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\NIRCMD.exe

    2009-08-19 09:57:15 ----A---- C:\WINDOWS\grep.exe

    2009-08-19 09:56:51 ----D---- C:\WINDOWS\ERDNT

    2009-08-19 09:56:26 ----D---- C:\Qoobox

    2009-08-18 15:08:48 ----D---- C:\Program Files\Trend Micro

    2009-08-18 11:34:15 ----SHD---- C:\WINDOWS\CSC

    2009-08-18 11:34:00 ----A---- C:\WINDOWS\ntbtlog.txt

    2009-08-18 10:05:35 ----D---- C:\WINDOWS\Minidump

    2009-08-17 09:36:30 ----D---- C:\_OTM

    2009-08-17 09:18:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

    2009-08-13 11:23:56 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2009-08-12 20:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

    2009-08-12 20:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

    2009-08-12 20:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

    2009-08-12 20:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

    2009-08-12 20:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

    2009-08-12 20:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

    2009-08-12 20:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

    2009-08-12 20:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

    2009-08-12 20:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

    2009-08-11 16:08:50 ----D---- C:\Documents and Settings\Ben Jones\Application Data\Malwarebytes

    2009-08-11 16:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

    2009-08-11 16:08:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

    2009-08-11 15:19:13 ----A---- C:\WINDOWS\wininit.ini

    2009-07-21 11:32:04 ----D---- C:\Program Files\Common Files\Bcgsoft

    2009-07-21 11:20:56 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL

    2009-07-21 11:20:56 ----A---- C:\WINDOWS\system32\eosih.dll

    ======List of files/folders modified in the last 1 months======

    2009-08-19 12:40:32 ----D---- C:\WINDOWS\Prefetch

    2009-08-19 12:40:24 ----D---- C:\WINDOWS\system32\drivers

    2009-08-19 12:34:40 ----D---- C:\WINDOWS\Temp

    2009-08-19 12:33:25 ----A---- C:\WINDOWS\wstdUPSWSHIP.INI

    2009-08-19 12:33:13 ----D---- C:\Program Files\LivePerson

    2009-08-19 12:30:43 ----A---- C:\WINDOWS\SchedLgU.Txt

    2009-08-19 10:32:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

    2009-08-19 10:32:15 ----D---- C:\Program Files\Spyware Terminator

    2009-08-19 10:32:15 ----D---- C:\Documents and Settings\Ben Jones\Application Data\Spyware Terminator

    2009-08-19 10:28:31 ----D---- C:\WINDOWS\system32

    2009-08-19 10:27:33 ----SD---- C:\WINDOWS\Tasks

    2009-08-19 10:27:09 ----RSHDC---- C:\WINDOWS\system32\dllcache

    2009-08-19 10:26:45 ----D---- C:\WINDOWS\system32\CatRoot2

    2009-08-19 10:21:56 ----N---- C:\WINDOWS\system.ini

    2009-08-19 10:21:56 ----D---- C:\WINDOWS

    2009-08-19 10:17:14 ----SHD---- C:\WINDOWS\Installer

    2009-08-19 10:17:13 ----RSD---- C:\WINDOWS\Fonts

    2009-08-19 10:15:52 ----D---- C:\WINDOWS\AppPatch

    2009-08-19 10:15:41 ----D---- C:\Program Files\Common Files

    2009-08-18 15:08:48 ----RD---- C:\Program Files

    2009-08-17 10:12:17 ----DC---- C:\WINDOWS\system32\DRVSTORE

    2009-08-17 09:12:54 ----HD---- C:\$AVG8.VAULT$

    2009-08-14 15:21:26 ----SD---- C:\Documents and Settings\Ben Jones\Application Data\Microsoft

    2009-08-13 17:23:25 ----D---- C:\WINDOWS\Debug

    2009-08-13 11:40:11 ----HD---- C:\WINDOWS\inf

    2009-08-13 11:23:02 ----D---- C:\WINDOWS\WinSxS

    2009-08-12 20:21:13 ----A---- C:\WINDOWS\imsins.BAK

    2009-08-12 20:20:46 ----HD---- C:\WINDOWS\$hf_mig$

    2009-08-12 20:20:19 ----D---- C:\Program Files\Outlook Express

    2009-08-12 18:49:48 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

    2009-08-12 18:46:51 ----D---- C:\Program Files\Brother

    2009-08-12 18:46:50 ----HD---- C:\Program Files\InstallShield Installation Information

    2009-08-11 18:03:54 ----RASH---- C:\boot.ini

    2009-08-11 18:03:54 ----A---- C:\WINDOWS\win.ini

    2009-08-11 18:02:47 ----D---- C:\Program Files\Spybot - Search & Destroy

    2009-08-11 18:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2009-08-08 08:59:17 ----AC---- C:\WINDOWS\NeroDigital.ini

    2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll

    2009-08-03 14:20:55 ----D---- C:\UPS

    2009-07-29 18:41:43 ----D---- C:\WINDOWS\system32\en-US

    2009-07-29 18:41:43 ----D---- C:\Program Files\Internet Explorer

    2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe

    2009-07-21 11:21:28 ----D---- C:\Futura 3

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]

    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-24 27784]

    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-18 108552]

    R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

    R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-03-12 351744]

    R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []

    R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

    R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.6; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2003-10-20 15781]

    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-03-14 90176]

    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224]

    R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

    R3 embflopy;Embroidery floppy Disk; C:\WINDOWS\system32\DRIVERS\embflopy.sys [2001-08-24 20027]

    R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]

    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

    R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-04-17 10144]

    R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]

    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]

    R3 Nmea;Sprint Connection Manager - emulates the NMEA ports; C:\WINDOWS\system32\DRIVERS\pctnullport.sys [2008-07-07 38680]

    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]

    R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 194048]

    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]

    R3 SydexFDD;Sydex Floppy Driver; C:\WINDOWS\System32\Drivers\Sydexfdd.sys [2003-02-05 13359]

    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

    R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2006-10-16 194362]

    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

    S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

    S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856]

    S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-03-06 135424]

    S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712]

    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

    S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

    S3 busbcrw;USB Card Reader Writer driver; C:\WINDOWS\System32\Drivers\busbcrw.sys [2006-10-27 18944]

    S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []

    S3 CBUSB;MARX CryptoTech LP; C:\WINDOWS\System32\drivers\CBUSB.sys [2009-04-01 45136]

    S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2003-11-11 336800]

    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]

    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]

    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]

    S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

    S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2007-10-12 27072]

    S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []

    S3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2008-07-07 24840]

    S3 swmx00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys [2008-07-07 149000]

    S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [2008-07-07 164480]

    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

    S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-17 907032]

    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-24 298776]

    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

    R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [2005-05-04 9150464]

    R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-03-14 206400]

    R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-18 570880]

    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]

    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

    S2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchast.exe []

    S2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe -run []

    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []

    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]

    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]

    S3 SprintRcAppSvc;Sprint RcAppSvc; C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe [2008-07-07 111896]

    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [2005-05-03 323584]

    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

    and here is the second log:

    info.txt logfile of random's system information tool 1.06 2009-08-19 13:29:11

    ======Uninstall list======

    FUTURA CE-150 Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8C74A7C-F2F4-4F6C-90AA-6C351570419F}\Futura3Setup.EXE" -l0x9

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B785F89C-FD1A-466F-9AF3-32A060A1099A}\setup.exe" -l0x9

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\Setup.exe" -l0x9 -remove -s -f1"C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\setup.iss" -f2"C:\Program Files\InstallShield Installation Information\{447716E9-424F-4DA4-92C3-A52B597E1EC7}\remove.log" -removeonly

    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\Setup.exe" -l0x9 -remove -s -f1"C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\setup.iss" -f2"C:\Program Files\InstallShield Installation Information\{8DE4AC83-5D22-40C5-B4D1-CC2285C0CAA0}\remove.log" -removeonly

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

    Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}

    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

    AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

    CCC-->MsiExec.exe /I{95749C5B-BC37-41E3-8D39-EEF4C21A2825}

    Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u

    Dakota AlphaSizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27ED82E0-E3F4-11D5-8BE7-00A0C921EDB5}\Setup.exe" -uninst

    Dell Laser Printer 1110 Software Uninstall-->C:\Program Files\DELL\Dell Laser Printer 1110\Install\setup.exe /Uninstall

    Digitizer EX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{175A008A-BFE2-4123-9E9B-BB2CEB9F9878}\setup.exe" -l0x9 -removeonly

    DRAWings4-->MsiExec.exe /I{7C380283-0E9E-4144-A129-EC929C63AA80}

    FormsComponent-->MsiExec.exe /I{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}

    FOSS-->MsiExec.exe /I{EA9629DA-5715-48BA-B054-28169702B176}

    Free Internet Window Washer-->C:\PROGRA~1\FREEIN~1\UNWISE.EXE C:\PROGRA~1\FREEIN~1\INSTALL.LOG

    Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"

    Guardian PC Security Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACB7D6F2-71A2-44A3-A703-550FA65679D9}\setup.exe"

    HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

    hp deskjet 656c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 656c series

    hp instant support-->C:\PROGRA~1\HEWLET~1\hpis\Uninstall.exe /s CeS

    HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}

    HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}

    hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}

    InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL

    Jasc Paint Shop Pro 9 GDI+ Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG

    Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG

    Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}

    Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

    Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

    LivePerson-->C:\PROGRA~1\LIVEPE~1\UNWISE.EXE C:\PROGRA~1\LIVEPE~1\INSTALL.LOG

    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

    MDSingleClickInstaller-->MsiExec.exe /I{F8508621-62C8-4D2F-96E3-944F40154E32}

    Melco Sizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98DD5A41-5C9A-4CBE-9AE3-C48FB5ADC681}\Setup.exe" -uninst

    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

    Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}

    Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}

    Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}

    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

    MSIChecker-->MsiExec.exe /I{C9D43B38-34AD-4EC2-B696-46F42D49D174}

    MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall

    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

    NA1Messenger-->MsiExec.exe /I{9376D1C4-434F-40C9-90AC-ED6F22D36F3A}

    NA1Messenger-->MsiExec.exe /I{D44E7219-947E-4F1B-830E-66EF11ACC543}

    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

    NRF-->MsiExec.exe /I{68AF09E3-1167-4771-903C-CCCDCF7E171C}

    PE-DESIGN Lite_2 (C:\Program Files\Brother\PE-DESIGN Lite_2)-->C:\Program Files\InstallShield Installation Information\{22C465CE-CD91-4ECD-B92F-B2754ABE2618}\setup.exe -runfromtemp -l0x0009 -removeonly

    PE-DESIGN Lite-->C:\Program Files\InstallShield Installation Information\{CF0D524A-30A7-453F-AC03-C5DFD2F7B62C}\setup.exe -runfromtemp -l0x0009 -removeonly

    PolicyManager-->MsiExec.exe /I{56B59C2A-EFB8-44AC-88F5-3280171E4522}

    Reconciler-->MsiExec.exe /I{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}

    ReportServer-->MsiExec.exe /I{33035862-543C-4405-9CC6-08593CF2C25F}

    Road Runner Medic 6.1-->"C:\Program Files\twc\medicsp2\unins000.exe"

    RRU-->MsiExec.exe /I{ED782024-4713-4DD6-85FA-B2B038DE4007}

    Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

    Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

    Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

    Sentinel Protection Installer 7.2.2-->MsiExec.exe /I{6DC0632A-A838-4B34-AC19-0FA18E1C533C}

    Sprint SmartView-->MsiExec.exe /X{5121C4F9-BC62-4F47-B313-474A619E3813}

    Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

    SupportUtility-->MsiExec.exe /I{C30E30A6-0AB5-470A-AB67-D322938F5429}

    System-->MsiExec.exe /I{DB2C58E0-6284-4B48-97F2-22A980B6360B}

    Thread Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{551917CB-A1A5-447D-A0E5-7294A5249463}\Setup.exe"

    TrueMobile 1300 USB 2.0 WLAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\setup.exe" -l0x9 -L0x9

    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

    UPS WorldShip-->C:\UPS\WSTD\Uninstall\Uninstall.exe

    UPSDB-->MsiExec.exe /I{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}

    UPSICC-->MsiExec.exe /I{390160B4-D276-4A04-8002-8D3101A0D367}

    UPSlinkHTTP-->MsiExec.exe /I{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}

    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

    WebHelp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C5BD501-AD5D-4A75-9321-076509B438FC}\Setup.exe" -l0x9 -removeonly

    Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

    Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

    Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    WinFF 1.0.2-->"C:\Program Files\WinFF\unins000.exe"

    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    WorldShip-->MsiExec.exe /I{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: BACK

    Event Code: 7000

    Message: The LogMeIn Kernel Information Provider service failed to start due to the following error:

    The system cannot find the path specified.

    Record Number: 6691

    Source Name: Service Control Manager

    Time Written: 20090507181028.000000-240

    Event Type: error

    User:

    Computer Name: BACK

    Event Code: 7023

    Message: The IPSEC Services service terminated with the following error:

    The attempted operation is not supported for the type of object referenced.

    Record Number: 6666

    Source Name: Service Control Manager

    Time Written: 20090507142340.000000-240

    Event Type: error

    User:

    Computer Name: BACK

    Event Code: 7000

    Message: The LogMeIn Kernel Information Provider service failed to start due to the following error:

    The system cannot find the path specified.

    Record Number: 6665

    Source Name: Service Control Manager

    Time Written: 20090507142340.000000-240

    Event Type: error

    User:

    Computer Name: BACK

    Event Code: 19

    Message: Sharing printer failed + 1722, Printer UPS Thermal share name UPS-Thermal-Back.

    Record Number: 6664

    Source Name: Print

    Time Written: 20090507142338.000000-240

    Event Type: error

    User: NT AUTHORITY\SYSTEM

    Computer Name: BACK

    Event Code: 1002

    Message: The IP address lease 192.168.10.5 for the Network Card with network address 02045A7C89FB has been

    denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

    Record Number: 6661

    Source Name: Dhcp

    Time Written: 20090507142329.000000-240

    Event Type: error

    User:

    =====Application event log=====

    Computer Name: BACK

    Event Code: 19011

    Message:

    Record Number: 449

    Source Name: MSSQL$UPSWSDBSERVER

    Time Written: 20070608095420.000000-240

    Event Type: warning

    User:

    Computer Name: BACK

    Event Code: 1015

    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 447

    Source Name: MsiInstaller

    Time Written: 20070608095238.000000-240

    Event Type: warning

    User: BACK\Ben Jones

    Computer Name: BACK

    Event Code: 11905

    Message: Product: WorldShip -- Error 1905.Module C:\UPS\WSTD\wstdShipmentValidator.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

    Record Number: 437

    Source Name: MsiInstaller

    Time Written: 20070608085038.000000-240

    Event Type: error

    User: BACK\Ben Jones

    Computer Name: BACK

    Event Code: 11905

    Message: Product: RRU -- Error 1905.Module C:\UPS\WSTD\RateEditBusService.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

    Record Number: 430

    Source Name: MsiInstaller

    Time Written: 20070608084840.000000-240

    Event Type: error

    User: BACK\Ben Jones

    Computer Name: BACK

    Event Code: 19011

    Message:

    Record Number: 414

    Source Name: MSSQL$UPSWSDBSERVER

    Time Written: 20070524030747.000000-240

    Event Type: warning

    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe

    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn

    "windir"=%SystemRoot%

    "OS"=Windows_NT

    "PROCESSOR_ARCHITECTURE"=x86

    "PROCESSOR_LEVEL"=15

    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel

    "PROCESSOR_REVISION"=000a

    "NUMBER_OF_PROCESSORS"=1

    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

    "TEMP"=%SystemRoot%\TEMP

    "TMP"=%SystemRoot%\TEMP

    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------

    Will post other info shortly.....

    Google Redirects - Infected

    in Resolved Malware Removal Logs

    Posted

    here you go:

    ROOTREPEAL © AD, 2007-2009

    ==================================================

    Scan Start Time: 2009/08/19 12:40

    Program Version: Version 1.3.5.0

    Windows Version: Windows XP SP3

    ==================================================

    Drivers

    -------------------

    Name: dump_atapi.sys

    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

    Address: 0xF67B0000 Size: 98304 File Visible: No Signed: -

    Status: -

    Name: dump_WMILIB.SYS

    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

    Address: 0xF8ECE000 Size: 8192 File Visible: No Signed: -

    Status: -

    Name: rootrepeal.sys

    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

    Address: 0xF4431000 Size: 49152 File Visible: No Signed: -

    Status: -

    Hidden/Locked Files

    -------------------

    Path: C:\hiberfil.sys

    Status: Locked to the Windows API!

    Path: c:\program files\liveperson\plog.txt

    Status: Size mismatch (API: 15908, Raw: 15725)

    Path: c:\windows\temp\hlktmp

    Status: Allocation size mismatch (API: 33570816, Raw: 0)

    SSDT

    -------------------

    #: 025 Function Name: NtClose

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e606

    #: 037 Function Name: NtCreateFile

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e05a

    #: 041 Function Name: NtCreateKey

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2dd3c

    #: 050 Function Name: NtCreateSection

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2f652

    #: 063 Function Name: NtDeleteKey

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2de46

    #: 065 Function Name: NtDeleteValueKey

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2df30

    #: 071 Function Name: NtEnumerateKey

    Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7562

    #: 073 Function Name: NtEnumerateValueKey

    Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7567

    #: 097 Function Name: NtLoadDriver

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e8cc

    #: 116 Function Name: NtOpenFile

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e362

    #: 119 Function Name: NtOpenKey

    Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7576

    #: 160 Function Name: NtQueryKey

    Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d7571

    #: 177 Function Name: NtQueryValueKey

    Status: Hooked by "C:\WINDOWS\system32\ntoskrnl.exe" at address 0x804d756c

    #: 247 Function Name: NtSetValueKey

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2dbba

    #: 257 Function Name: NtTerminateProcess

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e814

    #: 274 Function Name: NtWriteFile

    Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xf6e2e494

    ==EOF==

    Google Redirects - Infected

    in Resolved Malware Removal Logs

    Posted

    here is the log from MalwareBytes, which I actually ran before doing your fix and it is still returning no results for infections

    Malwarebytes' Anti-Malware 1.40

    Database version: 2657

    Windows 5.1.2600 Service Pack 3

    8/19/2009 12:23:42 PM

    mbam-log-2009-08-19 (12-23-42).txt

    Scan type: Quick Scan

    Objects scanned: 19988

    Time elapsed: 8 minute(s), 27 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    Google Redirects - Infected

    in Resolved Malware Removal Logs

    Posted

    First I want to say I really appreciate the super quick reply and the help you provide! Ok here is the log you requested, during the Combo-Fix run it asked me if I wanted to install "console" and since you did not mention that, I clicked "no" as I wanted to follow your directions to the letter as I am so scared of "messing" something up.....

    During the Combo-Fix run it asked me to write down the following file names as I may need them later and I thought I would share these with you too

    Files it asked me to write down:

    c:\windows\system32\drivers\skynetpeqrapul.sys

    c:\windows\system32\skynetptqfwbyf.dll

    c:\windows\system32\skynethmxtcvbu.dat

    c:\windows\system32\skynettwvdomge.dll

    c:\windows\system32\skynetxnsvttnm.dat

    and here is the log:

    ComboFix 09-08-18.04 - Ben Jones 08/19/2009 10:10.1.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.359 [GMT -4:00]

    Running from: c:\documents and settings\Ben Jones\Desktop\Combo-Fix.exe

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\windows\Fonts\ZWAdobeF.TTF

    c:\windows\Installer\7a7958.msi

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro

    c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk

    c:\windows\system32\drivers\SKYNETpeqrapul.sys

    c:\windows\system32\images

    c:\windows\system32\images\i1.gif

    c:\windows\system32\images\i2.gif

    c:\windows\system32\images\i3.gif

    c:\windows\system32\images\j1.gif

    c:\windows\system32\images\j2.gif

    c:\windows\system32\images\j3.gif

    c:\windows\system32\images\jj1.gif

    c:\windows\system32\images\jj2.gif

    c:\windows\system32\images\jj3.gif

    c:\windows\system32\images\l1.gif

    c:\windows\system32\images\l2.gif

    c:\windows\system32\images\l3.gif

    c:\windows\system32\images\pix.gif

    c:\windows\system32\images\t1.gif

    c:\windows\system32\images\t2.gif

    c:\windows\system32\images\up1.gif

    c:\windows\system32\images\up2.gif

    c:\windows\system32\images\w1.gif

    c:\windows\system32\images\w11.gif

    c:\windows\system32\images\w2.gif

    c:\windows\system32\images\w3.gif

    c:\windows\system32\images\w3.jpg

    c:\windows\system32\images\wt1.gif

    c:\windows\system32\images\wt2.gif

    c:\windows\system32\images\wt3.gif

    c:\windows\system32\SKYNEThmxtcvbu.dat

    c:\windows\system32\SKYNETptqfwbyf.dll

    c:\windows\system32\SKYNETtwvdomge.dll

    c:\windows\system32\SKYNETxnsvttnm.dat

    Infected copy of c:\windows\system32\mspmsnsv.dll was found and disinfected

    Restored copy from - c:\windows\system32\dllcache\MsPMSNSv.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_SKYNETrxewticv

    -------\Legacy_SKYNETrxewticv

    ((((((((((((((((((((((((( Files Created from 2009-07-19 to 2009-08-19 )))))))))))))))))))))))))))))))

    .

    2009-08-18 19:08 . 2009-08-18 19:08 -------- d-----w- c:\program files\Trend Micro

    2009-08-17 13:36 . 2009-08-17 13:36 -------- d-----w- C:\_OTM

    2009-08-17 13:18 . 2009-08-17 14:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

    2009-08-13 15:23 . 2009-08-17 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

    2009-08-12 22:48 . 2006-10-27 13:48 18944 ----a-r- c:\windows\system32\drivers\busbcrw.sys

    2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\documents and settings\Ben Jones\Application Data\Malwarebytes

    2009-08-11 20:08 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-08-11 20:08 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-08-11 20:08 . 2009-08-11 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

    2009-07-21 15:32 . 2009-07-21 15:32 -------- d-----w- c:\program files\Common Files\Bcgsoft

    2009-07-21 15:20 . 1999-05-25 19:14 113956 ----a-w- c:\windows\system32\eosih.dll

    2009-07-21 15:20 . 1998-10-27 15:08 317952 ----a-w- c:\windows\system32\ROBOEX32.DLL

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-08-19 14:21 . 2008-06-20 15:10 -------- d-----w- c:\program files\LivePerson

    2009-08-19 13:51 . 2008-08-18 17:04 -------- d-----w- c:\program files\Spyware Terminator

    2009-08-19 13:38 . 2008-08-18 17:04 -------- d-----w- c:\documents and settings\Ben Jones\Application Data\Spyware Terminator

    2009-08-18 14:25 . 2008-08-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

    2009-08-12 22:46 . 2008-08-27 18:06 -------- d-----w- c:\program files\Brother

    2009-08-12 22:46 . 2006-02-07 22:32 -------- d--h--w- c:\program files\InstallShield Installation Information

    2009-08-11 22:02 . 2006-02-07 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy

    2009-08-11 22:02 . 2006-02-07 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-08-05 09:01 . 2006-02-07 21:46 204800 ----a-w- c:\windows\system32\mswebdvd.dll

    2009-07-17 19:01 . 2002-08-29 08:40 58880 ----a-w- c:\windows\system32\atl.dll

    2009-07-17 15:01 . 2008-08-18 17:27 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    2009-07-13 14:08 . 2005-01-28 18:44 286720 ----a-w- c:\windows\system32\wmpdxm.dll

    2009-07-01 12:38 . 2007-08-15 22:17 73216 ----a-w- c:\windows\ST6UNST.EXE

    2009-06-29 16:12 . 2006-06-23 16:33 827392 ----a-w- c:\windows\system32\wininet.dll

    2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll

    2009-06-29 16:12 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll

    2009-06-24 15:29 . 2008-08-18 17:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    2009-06-24 15:29 . 2006-12-19 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

    2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

    2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

    2009-06-12 12:31 . 2002-08-29 08:41 80896 ----a-w- c:\windows\system32\tlntsess.exe

    2009-06-12 12:31 . 2002-08-29 08:41 76288 ----a-w- c:\windows\system32\telnet.exe

    2009-06-10 14:13 . 2002-08-29 08:40 84992 ----a-w- c:\windows\system32\avifil32.dll

    2009-06-10 13:19 . 2006-02-07 18:10 2066432 ----a-w- c:\windows\system32\mstscax.dll

    2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

    2009-06-03 19:09 . 2006-02-07 21:46 1291264 ----a-w- c:\windows\system32\quartz.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-18 1783808]

    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440]

    c:\documents and settings\LocalService\Start Menu\Programs\Startup\

    LivePerson.lnk - c:\program files\LivePerson\hc.exe [2008-6-20 5476352]

    c:\documents and settings\Ben Jones\Start Menu\Programs\Startup\

    LivePerson.lnk - c:\program files\LivePerson\hc.exe [2008-6-20 5476352]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

    UPS WorldShip Messaging Utility.lnk - c:\ups\WSTD\WSTDMessaging.exe [2007-12-13 65536]

    UPS WorldShip PLD Reminder Utility.lnk - c:\ups\WSTD\wstdPldReminder.exe [2007-12-12 31744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

    2009-06-24 15:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

    2007-05-25 19:22 63040 ----a-w- c:\windows\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk

    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk

    backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

    backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\LivePerson\\hc.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=

    "c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "1947:TCP"= 1947:TCP:HASP SRM

    "1947:UDP"= 1947:UDP:HASP SRM

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/18/2008 1:27 PM 335752]

    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/18/2008 1:27 PM 108552]

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/18/2008 1:04 PM 141312]

    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/5/2009 11:11 AM 907032]

    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 11:11 AM 298776]

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/14/2007 10:23 AM 46112]

    R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -sUPSWSDBSERVER [?]

    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [1/27/2009 1:54 PM 202280]

    R3 embflopy;Embroidery floppy Disk;c:\windows\system32\drivers\embflopy.sys [8/24/2001 3:16 PM 20027]

    R3 SydexFDD;Sydex Floppy Driver;c:\windows\system32\drivers\sydexfdd.sys [5/8/2009 4:08 PM 13359]

    S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]

    S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]

    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]

    S3 busbcrw;USB Card Reader Writer driver;c:\windows\system32\drivers\busbcrw.sys [8/12/2009 6:48 PM 18944]

    S3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [4/1/2009 10:40 AM 45136]

    S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER --> c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -i UPSWSDBSERVER [?]

    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C380283-0E9E-4144-A129-EC929C63AA80}]

    MSIEXEC /i {7C380283-0E9E-4144-A129-EC929C63AA80} REINSTALL="Advertised1" REINSTALLMODE=u SETDEFAULTS="1" /qn /quiet

    .

    Contents of the 'Scheduled Tasks' folder

    2009-01-20 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1100 series272A572217594EBCF1CEE215E352B92AD073FDE4224078009.job

    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 21:56]

    .

    - - - - ORPHANS REMOVED - - - -

    SafeBoot-AVG Anti-Spyware Driver

    SafeBoot-AVG Anti-Spyware Guard

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uInternet Settings,ProxyOverride = 127.0.0.1

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    LSP: PfftSP.dll

    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-08-19 10:21

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(672)

    c:\windows\system32\LMIinit.dll

    - - - - - - - > 'lsass.exe'(728)

    c:\windows\system32\PfftSP.dll

    - - - - - - - > 'explorer.exe'(2756)

    c:\windows\system32\WININET.dll

    c:\windows\system32\ieframe.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\AVG\AVG8\avgrsx.exe

    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    c:\progra~1\AVG\AVG8\avgnsx.exe

    c:\ups\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

    c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    c:\program files\Spyware Terminator\sp_rsser.exe

    c:\windows\system32\wdfmgr.exe

    c:\program files\AVG\AVG8\avgcsrvx.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2009-08-19 10:28 - machine was rebooted

    ComboFix-quarantined-files.txt 2009-08-19 14:28

    Pre-Run: 69,384,261,632 bytes free

    Post-Run: 69,414,363,136 bytes free

    216 --- E O F --- 2009-08-13 00:21

    Google Redirects - Infected

    in Resolved Malware Removal Logs

    Posted

    Everytime I go to google and do a search, and then click one of the links it delivers, I keep getting redirected to other sites that have nothing to do with what I was searching for....I did a MalwareBytes scan and it says there are no infections....

    Could someone please help, this is driving me bonkers.....

    Here is my Hijackthis lock and MalwareBytes log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:09:56 PM, on 8/18/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16876)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe

    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    C:\Program Files\Spyware Terminator\sp_rsser.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    C:\UPS\WSTD\WSTDMessaging.exe

    C:\Program Files\LivePerson\hc.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - S-1-5-19 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'LOCAL SERVICE')

    O4 - S-1-5-18 Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'SYSTEM')

    O4 - .DEFAULT Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe (User 'Default user')

    O4 - Startup: LivePerson.lnk = C:\Program Files\LivePerson\hc.exe

    O4 - Global Startup: hpoddt01.exe.lnk = ?

    O4 - Global Startup: UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe

    O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab

    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.fullcontrol.net/activex/AxisCamControl.cab

    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)

    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing)

    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

    O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

    O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

    --

    End of file - 6268 bytes

    Malwarebytes' Anti-Malware 1.40

    Database version: 2640

    Windows 5.1.2600 Service Pack 3

    8/18/2009 11:31:24 AM

    mbam-log-2009-08-18 (11-31-24).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 66396

    Time elapsed: 1 hour(s), 5 minute(s), 59 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.