Trojan.Win32.Agent.avcy help needed

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Trojan.Win32.Agent.avcy help needed, Do not know how to remove it

Options

mikeandcath View Member Profile	Dec 20 2008, 12:39 PM Post #1
New Member Group: Members Posts: 2 Joined: 20-December 08 Member No.: 271,876	I recently started seeing popups periodically appear (in an IE window no matter whether I was actually using FF or IE). I run ZA Security Suite. I have updated definitions and have run 3 complete scans over 2 days with 0 hits. When I boot, I get a ZA alert concerning Mouse Daemon trying to possibly monitor keystrokes, etc. I am not sure if this is relevant, but I first noticed the behavior yesterday after one of the grand-kids finished her AIM session, myspace, etc. I have just run Kaspersky Online Scanner, which found 1 Trojan.Win32 and 4 Trojan-Spy instances. I do not know what to do next to fix these. Here is the Kaspersky report: (the 3 bits of info for each item are File name; Threat name; Threats count) C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{8F63A60C-5501-4302-B38E-371253A3A1CA}\Microsoft\Outlook Express\Old Mail.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 4 C:\Documents and Settings\Mike\Local Settings\Application Data\Identities\{8F63A60C-5501-4302-B38E-371253A3A1CA}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Documents and Settings\Mike\My Documents\My Received Files\zaSUITE_Setup_en.exe Infected: Trojan.Win32.Agent.avcy 1 C:\RECYCLER\S-1-5-21-1166941190-1173935575-2542994526-1006\Dc222.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 4 C:\RECYCLER\S-1-5-21-1166941190-1173935575-2542994526-1006\Dc224.bak Suspicious: Trojan-Spy.HTML.Fraud.gen 2 here is the RSIT log.txt" Logfile of random's system information tool 1.05 (written by random/random) Run by Mike at 2008-12-20 12:18:01 Microsoft Windows XP Professional Service Pack 3 System drive C: has 24 GB (33%) free of 72 GB Total RAM: 2046 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:18:18 PM, on 12/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\SKDAEMON.EXE C:\WINDOWS\SM1BG.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Ideazon\ZEngine\Zboard.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Documents and Settings\Mike\Desktop\RSIT.exe C:\Program Files\trend micro\Mike.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: (no name) - {a08b4562-9cb4-4141-a777-d03512ac4ffc} - C:\WINDOWS\system32\denufudu.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] "C:\WINDOWS\system32\ICO.EXE" O4 - HKLM\..\Run: [Hot Key Kbd Daemon] "C:\WINDOWS\system32\SKDAEMON.EXE" O4 - HKLM\..\Run: [SM1BG] "C:\WINDOWS\SM1BG.EXE" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SKDaemon.exe] "C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Zboard] "C:\Program Files\Ideazon\ZEngine\Zboard.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" O4 - HKLM\..\Run: [IBMPRC] "C:\IBMTOOLS\UTILS\ibmprc.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ruwomujawu] Rundll32.exe "C:\WINDOWS\system32\wireyobo.dll",s O4 - HKLM\..\Run: [c8170866] rundll32.exe "C:\WINDOWS\system32\suhireje.dll",b O4 - HKLM\..\Run: [CPMcb243bfa] Rundll32.exe "c:\windows\system32\sapayuse.dll",a O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mike\NewVersion\setup-8876480.exe -ReportOnly O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [ruwomujawu] Rundll32.exe "C:\WINDOWS\system32\wireyobo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ruwomujawu] Rundll32.exe "C:\WINDOWS\system32\wireyobo.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.jetsetpoker.com/setup.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/aslib...nt/IbmEgath.cab O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\hofalobu.dll c:\windows\system32\sapayuse.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12580 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\EasyShare Registration Task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2006-11-29 968240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a08b4562-9cb4-4141-a777-d03512ac4ffc}] C:\WINDOWS\system32\denufudu.dll [2008-09-19 60416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2006-11-29 968240] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2004-07-14 57344] "Hot Key Kbd Daemon"=C:\WINDOWS\system32\SKDAEMON.EXE [2005-07-06 258048] "SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600] "SKDaemon.exe"=C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [2005-11-15 258048] "OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] ""= [] "Zboard"=C:\Program Files\Ideazon\ZEngine\Zboard.exe [2007-09-24 57344] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-11-19 487424] "IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2004-03-19 90112] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904] "ruwomujawu"=C:\WINDOWS\system32\wireyobo.dll [2008-09-19 60416] "c8170866"=C:\WINDOWS\system32\suhireje.dll [2008-12-20 83205] "CPMcb243bfa"=c:\windows\system32\sapayuse.dll [2008-12-20 96831] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 67128] "Road Runner PhotoShow Media Manager"=C:\PROGRA~1\ROADRU~1\PHOTOS~1\data\xtras\mssysmgr.exe [2007-06-22 357616] "Logitech Desktop Messenger"=C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Mike\NewVersion\setup-8876480.exe -ReportOnly [] ""= [] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480] "Aim6"= [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\hofalobu.dll c:\windows\system32\sapayuse.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll [2008-12-20 96831] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sapayuse.dll [2008-12-20 96831] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli pwdmon C:\WINDOWS\system32\hofalobu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%ProgramFiles%\IBM\Updater\ucsmb.exe"="%ProgramFiles%\IBM\Updater\ucsmb.exe::enabled:IBM Update Connector" "%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe::enabled:IBM Update Connector" "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe::enabled:IBM Update Connector" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare" "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Enabled:Kodak Software Updater" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe::Enabled:Explorer" "C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe::Enabled:logonui" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe::Enabled:winlogon" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%ProgramFiles%\IBM\Updater\ucsmb.exe"="%ProgramFiles%\IBM\Updater\ucsmb.exe::enabled:IBM Update Connector" "%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe::enabled:IBM Update Connector" "%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe::enabled:IBM Update Connector" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0c53da8-a9cc-11d9-9105-0020408037a7}] shell\AutoRun\command - F:\launch.bat ======List of files/folders created in the last 1 months====== 2008-12-20 12:18:03 ----D---- C:\Program Files\trend micro 2008-12-20 12:18:01 ----D---- C:\rsit 2008-12-20 08:53:19 ----A---- C:\WINDOWS\system32\~.exe 2008-12-20 08:28:06 ----SH---- C:\WINDOWS\system32\ejerihus.ini 2008-12-19 20:06:30 ----SH---- C:\WINDOWS\system32\agajisuv.ini 2008-12-19 10:18:39 ----SHD---- C:\Config.Msi 2008-12-19 10:03:37 ----A---- C:\WINDOWS\isRS-000.tmp 2008-12-19 10:02:03 ----D---- C:\Program Files\Webroot 2008-12-19 10:02:03 ----A---- C:\WINDOWS\WRSetup.dll 2008-12-19 08:06:03 ----SH---- C:\WINDOWS\system32\ezalodot.ini 2008-12-09 22:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-09 22:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-09 22:20:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-09 22:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-11-23 07:15:47 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-23 07:15:46 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-23 07:15:46 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-23 07:15:44 ----A---- C:\WINDOWS\system32\java.exe ======List of files/folders modified in the last 1 months====== 2008-12-20 12:18:03 ----RD---- C:\Program Files 2008-12-20 12:16:16 ----D---- C:\WINDOWS\Internet Logs 2008-12-20 12:13:41 ----D---- C:\WINDOWS\Temp 2008-12-20 09:59:44 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-20 09:31:23 ----D---- C:\Program Files\Mozilla Firefox 2008-12-20 08:53:44 ----AD---- C:\WINDOWS\system32 2008-12-20 08:32:34 ----A---- C:\rollback.ini 2008-12-20 08:28:01 ----ASH---- C:\WINDOWS\system32\sapayuse.dll 2008-12-20 08:27:59 ----ASH---- C:\WINDOWS\system32\suhireje.dll 2008-12-19 20:50:20 ----D---- C:\WINDOWS\Minidump 2008-12-19 20:50:20 ----AD---- C:\WINDOWS 2008-12-19 20:34:54 ----D---- C:\Program Files\Advanced System Optimizer 2008-12-19 20:06:28 ----N---- C:\WINDOWS\system32\vusijaga.dll 2008-12-19 20:06:27 ----ASH---- C:\WINDOWS\system32\fidebage.dll 2008-12-19 10:19:15 ----D---- C:\Documents and Settings 2008-12-19 10:18:46 ----SHD---- C:\WINDOWS\Installer 2008-12-19 10:18:44 ----D---- C:\WINDOWS\system32\drivers 2008-12-19 10:03:37 ----A---- C:\WINDOWS\win.ini 2008-12-19 10:02:22 ----HD---- C:\WINDOWS\inf 2008-12-19 08:55:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-19 08:41:41 ----D---- C:\WINDOWS\system32\ZoneLabs 2008-12-19 08:06:00 ----ASH---- C:\WINDOWS\system32\vewalimu.dll 2008-12-19 08:05:59 ----N---- C:\WINDOWS\system32\todolaze.dll 2008-12-18 07:01:18 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-12-18 07:01:15 ----D---- C:\WINDOWS\ie7updates 2008-12-18 07:00:05 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-16 15:04:27 ----D---- C:\Program Files\World of Warcraft 2008-12-15 07:47:09 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-09 22:22:03 ----A---- C:\WINDOWS\imsins.BAK 2008-12-09 22:21:32 ----D---- C:\Program Files\Internet Explorer 2008-11-23 07:15:00 ----D---- C:\Program Files\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840] R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464] R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-02 30296] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2008-09-18 148496] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032] R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-03-10 35800] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-03-10 33112] R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-03-10 9368] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-03-10 108696] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-03-10 27416] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-03-10 16568] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-03-10 98648] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-03-10 94296] R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-01-27 52168] R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS [] R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys [] R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-02-16 171508] R3 Alpham1;Ideazon Fang USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 42624] R3 Alpham2;Ideazon Fang MM USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-02-02 1975296] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2006-01-27 150528] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-05-20 13056] R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-05-20 54528] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 portio;TPM Service; C:\WINDOWS\System32\DRIVERS\NscTpmDD.sys [2004-04-27 14695] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS [] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [] S3 Alpham;Ideazon Fang Composite Keyboard Driver; C:\WINDOWS\system32\DRIVERS\Alpham.sys [2005-12-04 34944] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [] S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048] S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384] S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504] S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-04-02 57592] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464] R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-03-19 339968] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-01-07 19456] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-05-09 1122304] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-02-02 520192] S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe [2007-04-02 359160] S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-09 310008] S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-09 166648] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [] S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337] S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe [2003-09-30 96824] S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-02 88824] S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-09 1010424] S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-23 73728] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- here is the RSIT info.txt: info.txt logfile of random's system information tool 1.05 2008-12-20 12:18:25 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Advanced System Optimizer 2-->"C:\Program Files\Advanced System Optimizer\unins000.exe" AIM 6-->C:\Program Files\AIM6\uninst.exe AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL Toolbar 4.0-->"C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe" Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini Canon MP500-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{BA4DF4C3-196E-4128-969A-00996B5A46F8}\DelDrv.exe" /U:{BA4DF4C3-196E-4128-969A-00996B5A46F8} /L0x0009 Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6} CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0} Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5 HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" IBM 32-bit Runtime Environment for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033 IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{6A6DC4BA-CF81-468A-B125-D844809C3653} IBM ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java 2 Runtime Environment, SE v1.4.2_09-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142090} Java 2 SDK, SE v1.4.2_09-->MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142090} Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_320002_c022e3\Setup.exe /APR-REMOVE Logitech Desktop Messenger-->C:\WINDOWS\BWUnin-8.1.1.50-8876480SL.exe -AppId 8876480 Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly Lotus NotesSQL 3.01 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{113EECD6-9A04-11D4-811D-00805F923B86}\Setup.exe" -uninst Lotus SmartSuite - English-->MsiExec.exe /I{536D6172-7453-7569-7465-392E38300409} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mouse Suite-->Pmuninst.exe MouseSuite98 Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u OpenMG Secure Module 4.4.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE" QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Road Runner PhotoShow 5-->"C:\Program Files\Road Runner\PhotoShow 5\data\Xtras\Uninstall.exe" Rome Total War - patch 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9 Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} Roxio Creator 9 Home-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668} Roxio DVD Info Pro-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF} Roxio Easy Media Creator 9 Suite-->MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240} Roxio EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Roxio RecordNow Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82} Roxio RecordNow Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048} Roxio RecordNow Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87} Roxio RecordNow Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF} Roxio SightSpeed-->MsiExec.exe /I{F5467B7C-C929-4C1A-B4E9-E7C376E2DF08} Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Roxio XingTones-->MsiExec.exe /I{79922D4F-BF47-42A2-902E-EF81B7A3750D} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0} SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} System Requirements Lab-->C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} ThinkCentre Wallpaper-->MsiExec.exe /I{80380166-A872-4B78-B98A-33447A032BDF} tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" USB Enhanced Performance Keyboard Software-->MsiExec.exe /X{2C7A0299-5A88-41D2-B687-512DA6892058} USB Enhanced Performance Keyboard-->SKUninst.exe LTON_HISUSBKeyboardProductivity USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6} Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe Z Engine-->MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4} ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Security center information====== AV: ZoneAlarm Security Suite Antivirus FW: ZoneAlarm Security Suite Firewall System event log Computer Name: IBM-36608F78BF6 Event Code: 7036 Message: The Roxio Hard Drive Watcher 9 service entered the stopped state. Record Number: 53843 Source Name: Service Control Manager Time Written: 20081003065746.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 7036 Message: The Remote Access Connection Manager service entered the running state. Record Number: 53842 Source Name: Service Control Manager Time Written: 20081003065740.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 7036 Message: The Application Layer Gateway Service service entered the running state. Record Number: 53841 Source Name: Service Control Manager Time Written: 20081003065740.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 7035 Message: The Application Layer Gateway Service service was successfully sent a start control. Record Number: 53840 Source Name: Service Control Manager Time Written: 20081003065740.000000-240 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: IBM-36608F78BF6 Event Code: 7036 Message: The Network Location Awareness (NLA) service entered the running state. Record Number: 53839 Source Name: Service Control Manager Time Written: 20081003065739.000000-240 Event Type: information User: Application event log Computer Name: IBM-36608F78BF6 Event Code: 0 Message: Record Number: 14574 Source Name: IBM Rapid Restore Ultra Service Time Written: 20080921095335.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 105 Message: The service was started. Record Number: 14573 Source Name: ATI Smart Time Written: 20080921095333.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 0 Message: Record Number: 14572 Source Name: RoxSniffer9 Time Written: 20080920081013.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 0 Message: Service started successfully. Record Number: 14571 Source Name: SUService Time Written: 20080920081005.000000-240 Event Type: information User: Computer Name: IBM-36608F78BF6 Event Code: 1800 Message: The Windows Security Center Service has started. Record Number: 14570 Source Name: SecurityCenter Time Written: 20080920081001.000000-240 Event Type: information User: ======Environment variables====== "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "IBMSHARE"=%SystemDrive%\IBMSHARE "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Downloaded Program Files;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Lenovo;%SystemDrive%\IBMTOOLS\Python22;C:\Program Files\QuickTime\QTSystem\;C:\BORLAND\BCC55\BIN "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=0401 "PYTHONCASEOK"=1 "PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\ "TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4 "TEMP"=%SystemRoot%\TEMP "TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4 "TMP"=%SystemRoot%\TEMP "TVT"=C:\Program Files\Lenovo "windir"=%SystemRoot% "tvdumpflags"=8 -----------------EOF-----------------

mikeandcath View Member Profile	Dec 21 2008, 08:10 AM Post #2
New Member Group: Members Posts: 2 Joined: 20-December 08 Member No.: 271,876	UPDATE: 1. ZA Forums indicate that the hit on zaSUITE_Setup_en.exe is a false positive. 2. After more browsing of this site, I decided to try Malwarebyte's Anti Malware. It removed 36 files (4 or 5 of which needed to wait until re-boot). Since then, the problem of popups seems to have disappeared.

Orange Blossom View Member Profile	Dec 28 2008, 03:15 PM Post #3
OBleepin Investigator Group: Moderator Posts: 19,717 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results, click no to the Optional_Scan Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Orange Blossom -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Orange Blossom View Member Profile	Jan 3 2009, 09:00 PM Post #4
OBleepin Investigator Group: Moderator Posts: 19,717 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150	Due to the lack of feedback, this Topic is now closed. In case you still have problems, please start a new topic. -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th February 2010 - 12:04 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides