 IE Search Hijack/ Website redirect, Hijack Log attached |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 14 2008, 08:05 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 5 Joined: 14-November 08 Member No.: 256,426  |
Help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:18 AM, on 11/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, O2 - BHO: (no name) - MRI_DISABLED - (no file) O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [P17Helper] "C:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203148390125 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 10262 bytes |
 |
 
|
|
Nov 14 2008, 09:12 AM
Post
#2
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Hello!
 My name is Sam and I will be helping you. I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process. Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, O2 - BHO: (no name) - MRI_DISABLED - (no file) Reboot your computer. Please download random's system information tool (RSIT) and save it to your desktop.
--------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 14 2008, 11:52 AM
Post
#3
|
|
|
New Member Group: Members Posts: 5 Joined: 14-November 08 Member No.: 256,426 |
I clicked the "Fix Checked" on the items you listed. So far, no good. Google search is still being redirected.
Here are the logs you asked for: ----------------------log.tx-------------------------------- Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-11-14 10:45:44 Microsoft Windows XP Professional Service Pack 3 System drive C: has 39 GB (21%) free of 186 GB Total RAM: 1534 MB (61% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:56 AM, on 11/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PQ488VR0\RSIT[1].exe C:\Documents and Settings\Owner\Desktop\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [P17Helper] "C:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203148390125 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 9939 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Disk Cleanup.job C:\WINDOWS\tasks\ISP signup reminder 1.job C:\WINDOWS\tasks\wrSpySweeperFullSweep.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024] "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-07-17 1687824] "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-07-17 2094352] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe [2003-09-15 270336] "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344] "P17Helper"=C:\WINDOWS\system32\P17.dll [2006-03-17 81408] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "CTXFIREG"=CTxfiReg.exe [] "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 6272888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "CreativeTaskScheduler"=C:\Program Files\Creative\Shared Files\CTSched.exe [2006-11-17 53341] "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] C:\WINDOWS\zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe -HideWindow [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] C:\WINDOWS\ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2004-04-12 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote] C:\Program Files\InterVideo\WinDVR3\WinRemote.exe [2004-04-12 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup MRI_DISABLED [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableTaskMgr"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer" "C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Enabled:vietcong" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP" "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\Program Files\Vietcong2\vietcong2.exe"="C:\Program Files\Vietcong2\vietcong2.exe:*:Enabled:vietcong2" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat:*:Enabled:patchgrabber" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\lotrbfme.exe"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\lotrbfme.exe:*:Disabled:The Battle for Middle-earth ™" "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam" "C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell" "C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7de95e-c188-11dc-91e5-00038a000015}] shell\AutoRun\command - K:\WD_Windows_Tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7c51804-e80b-11da-90fc-00038a000015}] shell\AutoRun\command - K:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2146397-8a3a-11dc-91d4-00038a000015}] shell\AutoRun\command - K:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2008-11-14 10:45:44 ----D---- C:\rsit 2008-11-12 21:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\27F 2008-11-12 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-10-24 15:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\F98 2008-10-24 13:47:16 ----D---- C:\Documents and Settings\All Users\Application Data\101C1 2008-10-23 20:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-20 23:22:24 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-10-20 23:09:11 ----D---- C:\Program Files\EndItAll 2008-10-20 13:37:43 ----D---- C:\Program Files\InetGet2 2008-10-20 13:17:42 ----D---- C:\Documents and Settings\Owner\Application Data\Gool 2008-10-19 13:14:02 ----A---- C:\U.exe 2008-10-19 13:01:19 ----D---- C:\Documents and Settings\Owner\Application Data\Facegame 2008-10-19 13:01:07 ----D---- C:\Documents and Settings\Owner\Application Data\GetModule 2008-10-19 13:01:06 ----D---- C:\Program Files\iCheck 2008-10-19 13:01:06 ----D---- C:\Program Files\GetModule 2008-10-15 23:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 23:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 23:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 23:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 23:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ ======List of files/folders modified in the last 1 months====== 2008-11-14 10:45:48 ----D---- C:\WINDOWS\Temp 2008-11-14 10:45:42 ----D---- C:\WINDOWS\Prefetch 2008-11-14 10:40:36 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-14 10:40:29 ----D---- C:\WINDOWS\Registration 2008-11-14 10:39:57 ----D---- C:\WINDOWS 2008-11-14 10:38:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-14 10:38:10 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt 2008-11-14 09:42:30 ----D---- C:\WINDOWS\system32\config 2008-11-14 07:09:27 ----D---- C:\WINDOWS\system32 2008-11-13 23:28:42 ----D---- C:\Program Files\Mozilla Firefox 2008-11-13 21:38:30 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-11-13 08:38:50 ----D---- C:\Program Files\Lx_cats 2008-11-12 21:07:38 ----D---- C:\Documents and Settings\Owner\Application Data\BearShare 2008-11-12 07:19:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-12 03:18:02 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-12 03:13:13 ----D---- C:\Config.Msi 2008-11-12 03:04:49 ----SHD---- C:\WINDOWS\Installer 2008-11-12 03:04:39 ----HD---- C:\WINDOWS\inf 2008-11-12 03:04:37 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-12 03:04:36 ----D---- C:\WINDOWS\system32\drivers 2008-11-12 03:04:27 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 03:03:37 ----A---- C:\WINDOWS\imsins.BAK 2008-11-12 03:01:43 ----D---- C:\WINDOWS\WinSxS 2008-11-10 07:32:13 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-29 08:59:33 ----D---- C:\Program Files\SystemRequirementsLab 2008-10-29 08:50:45 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-22 16:21:32 ----A---- C:\WINDOWS\win.ini 2008-10-21 17:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot 2008-10-20 23:09:11 ----RD---- C:\Program Files 2008-10-20 23:00:43 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-16 02:06:23 ----D---- C:\Program Files\Internet Explorer 2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 $sys$crater;$sys$crater; \??\C:\WINDOWS\system32\$sys$filesystem\crater.sys [] R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-05 8552] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys [] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys [] R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368] R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328] R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688] R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2006-03-17 1163264] R3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320] R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S2 713xTVCard;SAA7134 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504] S2 Cap7134;TV Capture Card WDM Video Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-09-10 449888] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] S3 jnv4_mib;jnv4_mib; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jnv4_mib.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PhTVTune;TV Capture Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-09-10 19616] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 $sys$DRMServer;Plug and Play Device Manager; C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe [2004-12-14 307200] R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 CD_Proxy;XCP CD Proxy; C:\WINDOWS\CDProxyServ.exe [2004-10-07 167936] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-09-29 66872] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-05 172032] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888] R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-10-02 3667304] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Here is the info log info.txt logfile of random's system information tool 1.04 2008-11-14 10:46:05 ======Uninstall list====== -->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009 -->"C:\Program Files\Creative\SBAudigy\Program\SETUP.EXE" /S /U /W -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint Plus-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000} AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} AIM 6-->C:\Program Files\AIM6\uninst.exe AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3} ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe" ATI MCE Transcode-->MsiExec.exe /I{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF} ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F} ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8} Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" Battlefield 2™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly Battlefield Vietnam™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9 BearShare-->C:\Program Files\BearShare Applications\BearShare\UninstallSurvey.exe C:\Program Files\BearShare Applications\BearShare\UnwiseLauncher.exe /A C:\PROGRA~1\BEARSH~1\BEARSH~1\INSTALL.LOG BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409 Clean Access Agent-->MsiExec.exe /X{F1E29B0E-94A4-4304-B993-4829FC2ED56C} Comcast High-Speed Internet Install Wizard-->C:\Program Files\Support.com\uninstall\chsi_uninstaller.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Creative EAX Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37} Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} FileZilla Client 3.0.7-->C:\Program Files\FileZilla FTP Client\uninstall.exe GameShadow-->MsiExec.exe /I{79E147E8-2113-4BE0-9AB4-360B85CC3051} Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe InterVideo WinDVR 3-->"C:\Program Files\InstallShield Installation Information\{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}\setup.exe" REMOVEALL iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138} J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe LG USB Drivers-->C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG Logitech GamePanel Software 2.00-->MsiExec.exe /X{948BE614-F37B-4A73-AD43-0245F23C110D} Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Picture It! Premium 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9 MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1} Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly Oblivion - The Fighter's Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0A20753-92DF-4631-82B4-9CACE2FCED6A}\setup.exe" -l0x9 -removeonly Oblivion - The Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly Oblivion - The Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly Oblivion - The Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Protected Music Converter 1.0.0.10-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe" PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9 Pure Networks Port Magic-->C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe -Uninstall -ShowUI QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067} RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Recovery Software Suite eMachines-->MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782} Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe The Battle for Middle-earth ™ II-->C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe The Battle for Middle-earth ™-->C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe The Lord of the Rings, The Rise of the Witch-king-->C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\EAUninstall.exe The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe Thief - Deadly Shadows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC123EEA-330A-4685-911C-95B8F5E9DE68}\Setup.exe" -l0x9 Trend Micro AntiVirus-->C:\Program Files\Trend Micro\Internet Security\remove.exe Trend Micro AntiVirus-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E} Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html" WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WordPerfect Office X3-->"C:\Program Files\WordPerfect Office X3\Cabs\MSILauncher.exe" "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" WordPerfect Office X3-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} =====HijackThis Backups===== O2 - BHO: (no name) - MRI_DISABLED - (no file) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, R3 - Default URLSearchHook is missing ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 new #ad 127.0.0.1 new #ad 127.0.0.1 new #ad ======Security center information====== AV: Trend Micro AntiVirus ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=2c00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip -----------------EOF----------------- Thanks for your help! I hope I don't have to nuke my system  |
|
|
|
|
Nov 14 2008, 12:11 PM
Post
#4
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
I don't think any nuking should be necessary.
Please download the OTMoveIt3 by OldTimer.
================ Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Also post a new log from RSIT. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 15 2008, 12:19 AM
Post
#5
|
|
|
New Member Group: Members Posts: 5 Joined: 14-November 08 Member No.: 256,426 |
Here is the OTMoveit3 log you requested
still no luck, will post MBAM and updated RSIT logs next ========== FILES ========== File/Folder C:\WINDOWS\system32\uesiuqcr.exe not found. C:\Program Files\InetGet2 moved successfully. C:\Documents and Settings\Owner\Application Data\Gool moved successfully. C:\U.exe moved successfully. C:\Documents and Settings\Owner\Application Data\Facegame moved successfully. C:\Documents and Settings\Owner\Application Data\GetModule moved successfully. C:\Program Files\iCheck moved successfully. C:\Program Files\GetModule moved successfully. File/Folder C:\WINDOWS\system32\msansspc.dll not found. File/Folder C:\WINDOWS\system32\msansspc.txt not found. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully. HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll /E : value set successfully! ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS07009733-E132-4EE2-A952-CA2219AE7D37.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS098DD58A-A807-4F2A-93C6-FD79D1F44761.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0CB05907-8D09-45DA-A4BC-B020FA1896A7.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0E75A9A4-E01D-4D2D-B405-3FA3554169D7.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS102F0B36-2D6E-47FB-B496-39F4BF6EA7D2.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1101E693-9553-4607-9CAE-713EF0F3F8BA.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1C74B5C0-FF67-4576-96A6-3EF46257D8BB.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1DAA8BE7-FA12-47F8-B629-F1565E280057.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2034AA52-ACD9-4BBA-B152-29BEEC0EEDAA.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS222C3EA1-4189-4451-9DD7-9BFA54749813.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS22E75293-6180-418A-A3F0-AB7D06D0E2C1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2D56E166-F4B1-445D-9001-56E379BD9D42.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2FA03EC2-9803-4605-88ED-9B7FAC03CF3A.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS305B01F1-F7C6-4D48-AF4C-C0C8FB3B308D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS30A9CA08-0A5E-475F-9F4B-E5DAE9B736AD.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3284DAE8-9C2B-4FCD-86BA-20E5939F3FE6.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3316F0D9-6584-46EA-8BB5-20C8E1A8F999.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS331813DB-ACE1-44D5-A406-63B1151F7962.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS359654E7-46E0-4C50-A0E4-B0667F20F7DA.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS37A86D37-3C08-4CF3-9780-A542C1B5711D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS41BDABAC-1A02-4D6D-AD40-3149433E3992.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS43AA66A4-92F0-492E-B551-FD5AB9333F84.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS445D8BB3-B096-4D84-A44F-A557B471A096.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS45FE700C-A4B4-415C-AFF2-0BCF2DA076EC.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS46FC1818-555D-44CF-AEAA-B0319F362D43.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4E88D3B4-2990-42FE-B28F-936E3655796C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4F7C652F-42E8-4AB0-BED7-D93BE770E934.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS522308D5-E329-4701-B421-8491AC024CFC.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS54185A0D-A6B3-4983-AB0F-36A3552D2EB4.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5431A222-7C25-41D0-B199-95F3C5D2C204.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS57BA896B-A14A-4A58-BFBF-2182EBCDAC89.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS580A80F4-2028-419A-8E15-0019E2FD58E3.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5D6AF270-480E-4183-B336-CF92E35747F8.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6030395B-DDED-4356-8C49-1DFA90389100.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS639AD876-79F2-4C78-9BC0-6F6F739A2BB0.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64469D21-0E13-467A-98C8-695B374FB14C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64D2FE71-E23C-4EA6-A393-8A199E8F6931.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS65242467-1A93-44B2-B413-B42EEE31E2A5.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6A43B0E2-731F-4BAC-BD10-EB67F902AD1D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6CDD7917-6FDE-4113-8DBE-A013DB2F7B04.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6D0E92DD-5417-4356-B2ED-74FDCC6A08EA.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS70B102CA-72B0-44AE-9455-2DEE417A9D8C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7184C43A-E2A0-4768-9437-2BD84A5D175F.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS74ECA5DC-E253-4143-B9EF-5EAB66C0337B.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS75DD7C41-0882-49A5-ADCA-EA3310DE4C2D.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7F7652AF-E1E4-4716-A8B7-7689BBFCEDB6.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS82694793-3AF4-47A3-BBB4-2D7BEFD28824.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS82F66D2E-1F66-4A90-B7E6-24A4EDBCD10B.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8441923D-B858-43D0-AB1B-8EB3B3B84226.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS893D2512-D5CB-4F4E-8F1D-20948BD949C0.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS89EF6BD1-4D3A-4F8C-9EC4-DFC639FE332B.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8CA77276-2E86-4FCC-A245-DBDBE897BAA1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8E634282-4CE8-472B-B2DF-1CB21A7E6DBE.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8F24CA57-7953-4604-BDF2-1665FEAD6B96.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8FDC4E41-9099-4120-8B89-EF5516DE0D34.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS92255412-6CBE-4211-AFD4-E6F12103DFAF.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9233E136-4AF1-44B5-B706-95561D37C2D1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9694E90F-996F-41D2-99F4-4CFC8499284A.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS98376F34-70DB-4BF1-BBCB-29470A719467.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9BA3F2C8-40ED-495A-9610-DF36E26EBCD5.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9FBBDCC9-BA4F-45A8-9B73-C4172F4D24B8.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA05C486F-F9CC-4B77-8E29-B0B6B2219080.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA161F80C-D7D7-4B55-A26D-5EE26EF0CF18.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA23A981C-F60D-4213-843D-5EB07E24B185.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA29A968B-1C69-4A87-87C6-9A68C7356A9E.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA3BB4C3E-7B94-4FF7-AE76-DF21FC8C0CA0.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA6C8D526-54BF-41B3-88D5-F8E0FB298319.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA745BEAC-399D-4BFF-91A2-6221A26BC866.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA928FABB-6229-4EE0-94CB-583A30F5A186.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAAAF5AAF-45BF-4C16-AA50-DBDEC93D6AD1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAB45ABFC-85E2-4C38-AA79-4AC1CF000D7F.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAD1B6DD3-3702-4F92-B594-5DE2EEBB40A9.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB0FD31AA-368F-4E4B-AABA-CD7989AC7D46.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB3B25E29-4FD2-4C2E-8FAB-5E67F9C797AD.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB4A41D32-AF49-477B-93CE-812D8F41A966.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB55DA5E1-EC9D-4EBA-BDE3-DFAABC8C1995.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB64C3D1F-3F9C-4670-98AC-2AA2F41A7BCF.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB7C22B1E-5EBD-4100-A79B-4DA1524F3F45.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBCB032F5-6A4C-4553-9265-6DF302EA3A9B.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBF0CA0A5-A998-4053-A69D-6E3E096B951C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC6E62939-46B4-4A60-A55C-9CEE6CC94847.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC8418E6F-6E57-4E95-94F2-D1D5670C5A13.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC846763F-E2AB-4F73-BC2C-52B3D3005884.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCC4CAF4C-2B50-4635-A71E-B6DFC14096EC.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCE12DEB1-501D-43B2-B99A-CBCFCAE8E5C4.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD6121953-146F-450F-9CBB-52C284182783.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD67B5261-4999-440E-86F7-BFC7DC589CF9.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD7ED45BF-4276-413E-A627-42869AF61C21.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD8985C0F-8CF0-4C06-B7E7-A823E683502C.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDA5BBF5E-1970-4527-A001-A15E969D5469.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDBD0D501-5D53-4106-A49F-2FD2B38442D1.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDD936D03-F3ED-4219-B0DF-C1FE2F7A0164.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDD9B24F9-2C8F-452A-8A81-73A92AA68DE5.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDD9FF356-83B2-485A-9F21-F779C2D6ED42.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE0060009-A33A-44FD-8E7C-9786EC1F9909.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE1689B67-78A4-4BFE-8E6D-B246C0AEDDEE.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE8AF93A3-53A1-4943-B576-510EF597326A.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEA90A11E-B791-45E9-B338-BA8754105222.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEB8967BB-ADAF-4C49-A38E-2CC910CF377A.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEDE94427-DA9D-4D2F-AB92-EB741C39F7D4.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEF1FBF2B-5FFA-4870-9865-A37D9B1D53CC.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF056A0F4-F196-4ED1-BB9D-2F6DC13F3538.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF4D233AB-D444-4D9B-85BA-E73A704D46D4.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFB5B9DB9-EFDC-4FCF-B3F8-A978D064F0FB.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_230203 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. File C:\WINDOWS\temp\wrstemp\SSMS07009733-E132-4EE2-A952-CA2219AE7D37.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS098DD58A-A807-4F2A-93C6-FD79D1F44761.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS0CB05907-8D09-45DA-A4BC-B020FA1896A7.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS0E75A9A4-E01D-4D2D-B405-3FA3554169D7.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS102F0B36-2D6E-47FB-B496-39F4BF6EA7D2.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS1101E693-9553-4607-9CAE-713EF0F3F8BA.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS1C74B5C0-FF67-4576-96A6-3EF46257D8BB.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS1DAA8BE7-FA12-47F8-B629-F1565E280057.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS2034AA52-ACD9-4BBA-B152-29BEEC0EEDAA.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS222C3EA1-4189-4451-9DD7-9BFA54749813.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS22E75293-6180-418A-A3F0-AB7D06D0E2C1.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS2D56E166-F4B1-445D-9001-56E379BD9D42.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS2FA03EC2-9803-4605-88ED-9B7FAC03CF3A.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS305B01F1-F7C6-4D48-AF4C-C0C8FB3B308D.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS30A9CA08-0A5E-475F-9F4B-E5DAE9B736AD.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS3284DAE8-9C2B-4FCD-86BA-20E5939F3FE6.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS3316F0D9-6584-46EA-8BB5-20C8E1A8F999.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS331813DB-ACE1-44D5-A406-63B1151F7962.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS359654E7-46E0-4C50-A0E4-B0667F20F7DA.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS37A86D37-3C08-4CF3-9780-A542C1B5711D.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS41BDABAC-1A02-4D6D-AD40-3149433E3992.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS43AA66A4-92F0-492E-B551-FD5AB9333F84.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS445D8BB3-B096-4D84-A44F-A557B471A096.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS45FE700C-A4B4-415C-AFF2-0BCF2DA076EC.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS46FC1818-555D-44CF-AEAA-B0319F362D43.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS4E88D3B4-2990-42FE-B28F-936E3655796C.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS4F7C652F-42E8-4AB0-BED7-D93BE770E934.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS522308D5-E329-4701-B421-8491AC024CFC.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS54185A0D-A6B3-4983-AB0F-36A3552D2EB4.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS5431A222-7C25-41D0-B199-95F3C5D2C204.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS57BA896B-A14A-4A58-BFBF-2182EBCDAC89.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS580A80F4-2028-419A-8E15-0019E2FD58E3.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS5D6AF270-480E-4183-B336-CF92E35747F8.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS6030395B-DDED-4356-8C49-1DFA90389100.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS639AD876-79F2-4C78-9BC0-6F6F739A2BB0.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS64469D21-0E13-467A-98C8-695B374FB14C.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS64D2FE71-E23C-4EA6-A393-8A199E8F6931.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS65242467-1A93-44B2-B413-B42EEE31E2A5.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS6A43B0E2-731F-4BAC-BD10-EB67F902AD1D.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS6CDD7917-6FDE-4113-8DBE-A013DB2F7B04.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS6D0E92DD-5417-4356-B2ED-74FDCC6A08EA.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS70B102CA-72B0-44AE-9455-2DEE417A9D8C.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS7184C43A-E2A0-4768-9437-2BD84A5D175F.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS74ECA5DC-E253-4143-B9EF-5EAB66C0337B.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS75DD7C41-0882-49A5-ADCA-EA3310DE4C2D.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS7F7652AF-E1E4-4716-A8B7-7689BBFCEDB6.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS82694793-3AF4-47A3-BBB4-2D7BEFD28824.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS82F66D2E-1F66-4A90-B7E6-24A4EDBCD10B.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS8441923D-B858-43D0-AB1B-8EB3B3B84226.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS893D2512-D5CB-4F4E-8F1D-20948BD949C0.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS89EF6BD1-4D3A-4F8C-9EC4-DFC639FE332B.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS8CA77276-2E86-4FCC-A245-DBDBE897BAA1.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS8E634282-4CE8-472B-B2DF-1CB21A7E6DBE.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS8F24CA57-7953-4604-BDF2-1665FEAD6B96.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS8FDC4E41-9099-4120-8B89-EF5516DE0D34.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS92255412-6CBE-4211-AFD4-E6F12103DFAF.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS9233E136-4AF1-44B5-B706-95561D37C2D1.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS9694E90F-996F-41D2-99F4-4CFC8499284A.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS98376F34-70DB-4BF1-BBCB-29470A719467.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS9BA3F2C8-40ED-495A-9610-DF36E26EBCD5.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMS9FBBDCC9-BA4F-45A8-9B73-C4172F4D24B8.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA05C486F-F9CC-4B77-8E29-B0B6B2219080.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA161F80C-D7D7-4B55-A26D-5EE26EF0CF18.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA23A981C-F60D-4213-843D-5EB07E24B185.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA29A968B-1C69-4A87-87C6-9A68C7356A9E.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA3BB4C3E-7B94-4FF7-AE76-DF21FC8C0CA0.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA6C8D526-54BF-41B3-88D5-F8E0FB298319.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA745BEAC-399D-4BFF-91A2-6221A26BC866.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSA928FABB-6229-4EE0-94CB-583A30F5A186.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSAAAF5AAF-45BF-4C16-AA50-DBDEC93D6AD1.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSAB45ABFC-85E2-4C38-AA79-4AC1CF000D7F.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSAD1B6DD3-3702-4F92-B594-5DE2EEBB40A9.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB0FD31AA-368F-4E4B-AABA-CD7989AC7D46.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB3B25E29-4FD2-4C2E-8FAB-5E67F9C797AD.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB4A41D32-AF49-477B-93CE-812D8F41A966.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB55DA5E1-EC9D-4EBA-BDE3-DFAABC8C1995.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB64C3D1F-3F9C-4670-98AC-2AA2F41A7BCF.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSB7C22B1E-5EBD-4100-A79B-4DA1524F3F45.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSBCB032F5-6A4C-4553-9265-6DF302EA3A9B.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSBF0CA0A5-A998-4053-A69D-6E3E096B951C.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSC6E62939-46B4-4A60-A55C-9CEE6CC94847.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSC8418E6F-6E57-4E95-94F2-D1D5670C5A13.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSC846763F-E2AB-4F73-BC2C-52B3D3005884.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSCC4CAF4C-2B50-4635-A71E-B6DFC14096EC.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSCE12DEB1-501D-43B2-B99A-CBCFCAE8E5C4.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSD6121953-146F-450F-9CBB-52C284182783.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSD67B5261-4999-440E-86F7-BFC7DC589CF9.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSD7ED45BF-4276-413E-A627-42869AF61C21.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSD8985C0F-8CF0-4C06-B7E7-A823E683502C.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSDA5BBF5E-1970-4527-A001-A15E969D5469.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSDBD0D501-5D53-4106-A49F-2FD2B38442D1.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSDD936D03-F3ED-4219-B0DF-C1FE2F7A0164.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSDD9B24F9-2C8F-452A-8A81-73A92AA68DE5.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSDD9FF356-83B2-485A-9F21-F779C2D6ED42.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSE0060009-A33A-44FD-8E7C-9786EC1F9909.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSE1689B67-78A4-4BFE-8E6D-B246C0AEDDEE.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSE8AF93A3-53A1-4943-B576-510EF597326A.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSEA90A11E-B791-45E9-B338-BA8754105222.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSEB8967BB-ADAF-4C49-A38E-2CC910CF377A.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSEDE94427-DA9D-4D2F-AB92-EB741C39F7D4.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSEF1FBF2B-5FFA-4870-9865-A37D9B1D53CC.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSF056A0F4-F196-4ED1-BB9D-2F6DC13F3538.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSF4D233AB-D444-4D9B-85BA-E73A704D46D4.tmp not found! File C:\WINDOWS\temp\wrstemp\SSMSFB5B9DB9-EFDC-4FCF-B3F8-A978D064F0FB.tmp not found! |
|
|
|
|
Nov 15 2008, 01:24 AM
Post
#6
|
|
|
New Member Group: Members Posts: 5 Joined: 14-November 08 Member No.: 256,426 |
Here are the latest MBAM and the RSIT logs
Malwarebytes' Anti-Malware 1.30 Database version: 1399 Windows 5.1.2600 Service Pack 3 11/15/2008 12:13:26 AM mbam-log-2008-11-15 (00-13-26).txt Scan type: Quick Scan Objects scanned: 122153 Time elapsed: 44 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KBEZ99WW\103[1].net (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysaudio.sys (Rootkit.Agent) -> Quarantined and deleted successfully. -----------------------------RSIT-------------------------------------------- Logfile of random's system information tool 1.04 (written by random/random) Run by Owner at 2008-11-15 00:23:04 Microsoft Windows XP Professional Service Pack 3 System drive C: has 39 GB (21%) free of 186 GB Total RAM: 1534 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:09 AM, on 11/15/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\Shared Files\CTSched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N970938N\RSIT[1].exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Owner\Desktop\Owner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtsu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r O4 - HKLM\..\Run: [P17Helper] "C:\WINDOWS\system32\rundll32.exe" P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE" O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: MRI_DISABLED O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203148390125 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- End of file - 10355 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Disk Cleanup.job C:\WINDOWS\tasks\ISP signup reminder 1.job C:\WINDOWS\tasks\wrSpySweeperFullSweep.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-07-29 1398024] "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-07-17 1687824] "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-07-17 2094352] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe [2003-09-15 270336] "CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344] "P17Helper"=C:\WINDOWS\system32\P17.dll [2006-03-17 81408] "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] "CTXFIREG"=CTxfiReg.exe [] "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264] "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-10-12 6272888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "CreativeTaskScheduler"=C:\Program Files\Creative\Shared Files\CTSched.exe [2006-11-17 53341] "Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] C:\WINDOWS\zHotkey.exe [2004-05-17 543232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe [2005-02-21 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe -HideWindow [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd] C:\WINDOWS\ShowWnd.exe [2003-09-19 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2004-04-12 151552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRemote] C:\Program Files\InterVideo\WinDVR3\WinRemote.exe [2004-04-12 167936] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] C:\PROGRA~1\BigFix\BigFix.exe [2002-07-31 1742384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup MRI_DISABLED [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer" "C:\Program Files\Vietcong\vietcong.exe"="C:\Program Files\Vietcong\vietcong.exe:*:Enabled:vietcong" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe"="C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP" "C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\Program Files\Vietcong2\vietcong2.exe"="C:\Program Files\Vietcong2\vietcong2.exe:*:Enabled:vietcong2" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat:*:Enabled:patchgrabber" "C:\Program Files\EA GAMES\The Battle for Middle-earth ™\lotrbfme.exe"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\lotrbfme.exe:*:Disabled:The Battle for Middle-earth ™" "C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam" "C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II" "C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell" "C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool" "C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2" "C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2" "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7de95e-c188-11dc-91e5-00038a000015}] shell\AutoRun\command - K:\WD_Windows_Tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7c51804-e80b-11da-90fc-00038a000015}] shell\AutoRun\command - K:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2146397-8a3a-11dc-91d4-00038a000015}] shell\AutoRun\command - K:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2008-11-14 23:20:35 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-11-14 23:20:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-14 23:20:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-14 23:02:03 ----D---- C:\_OTMoveIt 2008-11-14 22:46:57 ----D---- C:\Program Files\Spyware Doctor 2008-11-14 22:46:57 ----D---- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-11-14 10:45:44 ----D---- C:\rsit 2008-11-12 21:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\27F 2008-11-12 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-12 03:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-12 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-10-24 15:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\F98 2008-10-24 13:47:16 ----D---- C:\Documents and Settings\All Users\Application Data\101C1 2008-10-23 20:26:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-20 23:22:24 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-10-20 23:09:11 ----D---- C:\Program Files\EndItAll ======List of files/folders modified in the last 1 months====== 2008-11-15 00:18:52 ----D---- C:\WINDOWS\Temp 2008-11-15 00:17:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-11-15 00:17:41 ----D---- C:\WINDOWS\Registration 2008-11-15 00:17:28 ----D---- C:\WINDOWS\system32\drivers 2008-11-15 00:16:52 ----D---- C:\WINDOWS\Prefetch 2008-11-15 00:16:16 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-15 00:15:35 ----D---- C:\WINDOWS 2008-11-15 00:14:38 ----D---- C:\WINDOWS\system32 2008-11-15 00:13:55 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-15 00:13:54 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt 2008-11-14 23:20:30 ----RD---- C:\Program Files 2008-11-14 22:48:31 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-14 18:03:44 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-14 15:02:22 ----D---- C:\Program Files\Mozilla Firefox 2008-11-14 09:42:30 ----D---- C:\WINDOWS\system32\config 2008-11-13 21:38:30 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla 2008-11-13 08:38:50 ----D---- C:\Program Files\Lx_cats 2008-11-12 21:07:38 ----D---- C:\Documents and Settings\Owner\Application Data\BearShare 2008-11-12 07:19:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-12 03:13:13 ----D---- C:\Config.Msi 2008-11-12 03:04:49 ----SHD---- C:\WINDOWS\Installer 2008-11-12 03:04:39 ----HD---- C:\WINDOWS\inf 2008-11-12 03:04:27 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-12 03:03:37 ----A---- C:\WINDOWS\imsins.BAK 2008-11-12 03:01:43 ----D---- C:\WINDOWS\WinSxS 2008-11-10 07:32:13 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-03 18:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-29 08:59:33 ----D---- C:\Program Files\SystemRequirementsLab 2008-10-29 08:50:45 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-22 16:21:32 ----A---- C:\WINDOWS\win.ini 2008-10-21 17:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot 2008-10-20 23:00:43 ----A---- C:\WINDOWS\ntbtlog.txt 2008-10-16 02:06:23 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 $sys$crater;$sys$crater; \??\C:\WINDOWS\system32\$sys$filesystem\crater.sys [] R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832] R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567] R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952] R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-02-15 65936] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-05 8552] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368] R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328] R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-08-16 1195448] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-12-08 142336] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-12-08 114688] R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2006-03-17 1163264] R3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320] R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S2 713xTVCard;SAA7134 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504] S2 Cap7134;TV Capture Card WDM Video Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-09-10 449888] S2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys [] S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] S2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] S3 jnv4_mib;jnv4_mib; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jnv4_mib.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PhTVTune;TV Capture Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-09-10 19616] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 $sys$DRMServer;Plug and Play Device Manager; C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe [2004-12-14 307200] R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 CD_Proxy;XCP CD Proxy; C:\WINDOWS\CDProxyServ.exe [2004-10-07 167936] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-09-29 66872] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-08-05 172032] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-10-02 3667304] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2008-10-12 1066360] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920] S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 698888] S2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2007-12-24 333064] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-26 648456] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- |
|
|
|
|
Nov 15 2008, 02:17 PM
Post
#7
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Looks good to me.
How is your computer behaving? Any problems? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 16 2008, 10:01 AM
Post
#8
|
|
|
New Member Group: Members Posts: 5 Joined: 14-November 08 Member No.: 256,426 |
Search results back to normal and it looks to be ok. There were a couple of weird things, like I tried to defrag and it said I needed to "chkdsk f" and I though it was the virus. But I rebooted and ran it. Some sort of registry things were missing. Probably from the removal process, but all is well.
Thank you so much for your help! What do you recomend to prevent this in the future? Should I get rid of Webroot Spysweeper and Trend Micro? |
|
|
|
|
Nov 16 2008, 12:40 PM
Post
#9
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
You need to have an antivirus, so I'd keep Trendmicro. Unless you have a different one in mind to replace it with. Just make sure you have on.
You do need to uninstall these programs: Viewpoint Manager Viewpoint Media Player Viewpoint Toolbar And lets get your java updated. You are running an older version of Java. This can be a security risk so let's get you the latest version. Upgrading Java:
Otherwise, you should be good to go. Here are some final steps for you. It's time to clean up.
================ Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
 -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Dec 3 2008, 04:57 PM
Post
#10
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 01:48 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.