Have a new Max++ Rootkit... Need help removing

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Have a new Max++ Rootkit... Need help removing

#1 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 02 October 2009 - 06:11 PM

Here is a link to the previous post about this problem http://www.bleepingcomputer.com/forums/topic257948.html

Here is my DDS.txt report

DDS (Ver_09-09-29.01) - NTFSx86
Run by Mike at 19:02:08.89 on Fri 10/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1203 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Dell 968 AIO Printer\memcard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Dell 968 AIO Printer\dldomon.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Saitek\SD6\Software\ProfilerU.exe
D:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
D:\Program Files\Webroot\Washer\wwDisp.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Windows Plus\Dancer\Dancer.exe
D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
svchost.exe
D:\WINDOWS\system32\dlcicoms.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
D:\WINDOWS\system32\dldocoms.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
D:\Program Files\Webroot\Washer\WasherSvc.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\gedit\bin\gedit.exe
D:\Program Files\gedit\libexec\gconfd-2.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\TuneUp Utilities 2009\OneClick.exe
D:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
D:\Documents and Settings\Mike\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
mWinlogon: UIHost=d:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - d:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\roboform.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - d:\program files\askbardis\bar\bin\askBar.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - d:\progra~1\textal~1\TAForIE.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Window Washer] "d:\program files\webroot\washer\wwDisp.exe"
uRun: [swg] d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "d:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Dancer] "d:\program files\windows plus\dancer\Dancer.exe"
uRun: [TuneUp MemOptimizer] "d:\program files\tuneup utilities 2009\MemOptimizer.exe" autostart
uRun: [RoboForm] "d:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SUPERAntiSpyware] "d:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [Turtle Beach Audio Advantage Roadie] "d:\program files\turtle beach\audioadvantageroadie\TBAA.exe"
mRun: [SynTPEnh] "d:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SigmatelSysTrayApp] "d:\program files\sigmatel\c-major audio\wdm\stsystra.exe"
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [MemoryCardManager] "d:\program files\dell 968 aio printer\memcard.exe"
mRun: [ISUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "d:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
mRun: [ehTray] "d:\windows\ehome\ehtray.exe"
mRun: [dldomon.exe] "d:\program files\dell 968 aio printer\dldomon.exe"
mRun: [Dell 968 AIO Printer Fax Server] "d:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [Broadcom Wireless Manager UI] "d:\windows\system32\WLTRAY.exe"
mRun: [EPSON Stylus CX5800F Series] "d:\windows\system32\spool\drivers\w32x86\3\E_FATIALA.EXE" /P27 "EPSON Stylus CX5800F Series" /O5 "LPT1:" /M "Stylus CX5800F"
mRun: [IgfxTray] "d:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "d:\windows\system32\hkcmd.exe"
mRun: [LogitechCommunicationsManager] "d:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "d:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [EPSON Stylus Photo R200 Series] "d:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [ProfilerU] "d:\program files\saitek\sd6\software\ProfilerU.exe"
mRun: [SaiMfd] "d:\program files\saitek\sd6\software\SaiMfd.exe"
mRun: [dellsupportcenter] "d:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [Corel Photo Downloader] d:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "d:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - d:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &AIM Toolbar Search - d:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Customize Menu - file://d:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: Fill Forms - file://d:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://d:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://d:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - d:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - d:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - d:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217432680738
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} - hxxps://secure.stamps.com/download/us/registration/4_1_0_164/SdcWebSecurity.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - d:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: WBSrv - d:\progra~1\stardock\object~1\window~1\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2009-9-9 28544]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-9-8 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2009-9-8 185089]
R2 ASKUpgrade;ASKUpgrade;d:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-2 234888]
R2 dlci_device;dlci_device;d:\windows\system32\dlcicoms.exe -service --> d:\windows\system32\dlcicoms.exe -service [?]
R2 dldo_device;dldo_device;d:\windows\system32\dldocoms.exe -service --> d:\windows\system32\dldocoms.exe -service [?]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2007-10-5 99568]
R2 LBeepKE;LBeepKE;d:\windows\system32\drivers\LBeepKE.sys [2009-9-10 10384]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 ubsbm;Unibrain 1394 SBM Driver;d:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;d:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 wwEngineSvc;Window Washer Engine;d:\program files\webroot\washer\WasherSvc.exe [2007-8-29 598856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;d:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;d:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 ubohci;Unibrain 1394 OHCI Driver;d:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
R4 avgntflt;avgntflt;d:\program files\avira\antivir desktop\avgntflt.sys [2009-9-8 55656]
S0 PCTCore;PCTools KDS;d:\windows\system32\drivers\pctcore.sys --> d:\windows\system32\drivers\PCTCore.sys [?]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"d:\program files\webroot\webrootsecurity\spysweeper.exe" --> d:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S3 SaiH0255;SaiH0255;d:\windows\system32\drivers\SaiH0255.sys [2007-5-1 132232]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2009-9-3 348752]
S3 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2009-9-3 1097096]
S4 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2009-9-8 11608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-10-01 03:24 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2009-10-01 03:04 56,320 a------- d:\windows\eventlog.dll
2009-10-01 02:26 <DIR> --d----- D:\Combo26894C
2009-09-30 21:59 <DIR> --d----- d:\program files\IDM Computer Solutions
2009-09-29 22:59 <DIR> --d----- D:\Combo31805C
2009-09-29 22:39 <DIR> --d----- D:\Combo
2009-09-29 21:52 <DIR> --d----- D:\ComboFix
2009-09-29 21:39 229,888 a------- d:\windows\PEV.exe
2009-09-29 21:39 161,792 a------- d:\windows\SWREG.exe
2009-09-29 21:39 98,816 a------- d:\windows\sed.exe
2009-09-20 22:25 <DIR> --d----- d:\program files\PowerISO
2009-09-20 12:47 <DIR> --d----- d:\program files\Rosetta Stone
2009-09-20 12:47 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Rosetta Stone
2009-09-20 01:31 5,787 a------- d:\windows\system32\EPPICResdb0001
2009-09-20 01:31 12,187 a------- d:\windows\system32\EPPICResdb0000
2009-09-20 01:31 214 a------- d:\windows\system32\EPPICResdb
2009-09-20 01:31 501,912 a------- d:\windows\system32\PICSDK2.dll
2009-09-20 01:31 108,704 a------- d:\windows\system32\PICEntry.dll
2009-09-20 01:31 31,053 a------- d:\windows\system32\EPPICPattern131.dat
2009-09-20 01:31 27,417 a------- d:\windows\system32\EPPICPattern121.dat
2009-09-19 17:52 <DIR> --d----- d:\program files\Microsoft Speech SDK 5.1
2009-09-19 17:44 <DIR> --d----- d:\program files\ATTNaturalVoices
2009-09-18 01:06 <DIR> --d----- d:\docume~1\mike\applic~1\gedit
2009-09-18 00:56 <DIR> --d----- d:\documents and settings\mike\.gconfd
2009-09-18 00:56 <DIR> --d----- d:\documents and settings\mike\.gconf
2009-09-18 00:55 <DIR> --d----- d:\program files\gedit
2009-09-17 22:54 741,376 a------- d:\windows\system32\sapi.dll
2009-09-17 22:54 36,864 a------- d:\windows\system32\sapisvr.exe
2009-09-16 22:34 491,520 a------- d:\windows\system32\NCTAudioFile.dll
2009-09-16 22:34 158,208 a------- d:\windows\system32\NCTTextToAudio.dll
2009-09-16 03:22 <DIR> --d----- d:\docume~1\mike\applic~1\LimeWire
2009-09-16 03:22 <DIR> --d----- d:\program files\LimeWire
2009-09-16 02:51 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Azureus
2009-09-16 02:51 <DIR> --d----- d:\docume~1\mike\applic~1\Azureus
2009-09-16 02:46 <DIR> --d----- d:\program files\Vuze
2009-09-11 11:20 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-09-10 23:21 <DIR> --d----- d:\windows\system32\CatRoot2
2009-09-10 23:16 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Geek Squad
2009-09-10 21:53 10,384 a------- d:\windows\system32\drivers\LBeepKE.sys
2009-09-10 21:53 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-10 21:53 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-10 21:53 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
2009-09-10 21:53 0 a---h--- d:\windows\system32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
2009-09-10 21:52 301,656 a------- d:\windows\system32\BtCoreIf.dll
2009-09-10 21:52 170,512 a------- d:\windows\system32\kemutb.dll
2009-09-10 21:52 145,936 a------- d:\windows\system32\KemUtil.dll
2009-09-10 21:52 117,264 a------- d:\windows\system32\KemWnd.dll
2009-09-10 21:52 84,496 a------- d:\windows\system32\KemXML.dll
2009-09-09 22:15 <DIR> --d----- d:\documents and settings\mike\.housecall6.6
2009-09-09 22:12 28,544 a------- d:\windows\system32\drivers\pavboot.sys
2009-09-09 22:11 <DIR> --d----- d:\program files\Panda Security
2009-09-09 21:57 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-09-09 03:51 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-09 03:51 <DIR> --d----- d:\program files\SUPERAntiSpyware
2009-09-09 03:51 <DIR> --d----- d:\docume~1\mike\applic~1\SUPERAntiSpyware.com
2009-09-09 01:46 407,040 a------- D:\netlogon.dll
2009-09-09 01:46 181,248 a------- D:\scecli.dll
2009-09-09 01:46 56,320 a------- D:\eventlog.dll
2009-09-09 01:46 4,224 a------- D:\beep.sys
2009-09-09 01:43 29,248 a------- D:\MGlogs.zip
2009-09-09 01:43 <DIR> --d----- D:\MGtools
2009-09-09 01:41 1,092,549 a------- D:\FixAVP.exe
2009-09-09 01:40 1,344,398 a------- D:\MGtools.exe
2009-09-09 00:48 <DIR> --d----- D:\found.000
2009-09-09 00:35 <DIR> --d----- d:\documents and settings\mike\DoctorWeb
2009-09-09 00:33 148,496 a------- d:\windows\system32\drivers\22296632.sys
2009-09-09 00:31 148,496 a------- d:\windows\system32\drivers\97243725.sys
2009-09-08 21:31 55,656 a------- d:\windows\system32\drivers\avgntflt.sys
2009-09-08 19:59 <DIR> --d----- d:\program files\Avira
2009-09-08 19:59 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avira
2009-09-08 10:25 <DIR> --d----- D:\bfa0f88d8de7d883cce8269d5b308caf
2009-09-08 10:21 <DIR> --d----- D:\5bdc13f36025e77a33cb5b44
2009-09-07 13:20 8,432 a------- d:\windows\system32\rgadta.sys
2009-09-07 08:52 <DIR> --d----- D:\6ddb02083f846cc8c2f3ce7b81c1
2009-09-06 18:32 <DIR> --d----- d:\program files\CCleaner
2009-09-06 15:15 <DIR> --d----- d:\windows\PIF
2009-09-06 10:48 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SITEguard
2009-09-06 10:45 <DIR> --d----- d:\program files\common files\iS3
2009-09-06 10:45 <DIR> --d----- d:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-05 22:34 161,816 a------- d:\windows\RegGenieOnUninstall.exe
2009-09-05 22:34 <DIR> --d----- d:\program files\RegGenie
2009-09-05 21:40 148,496 a------- d:\windows\system32\drivers\92005881.sys
2009-09-05 18:33 148,496 a------- d:\windows\system32\drivers\60148704.sys
2009-09-04 10:54 <DIR> --d----- D:\603d2c17113a011390
2009-09-04 01:19 51,355 a------- d:\windows\system32\muzika.xm
2009-09-03 19:59 159,600 a------- d:\windows\system32\drivers\pctgntdi.sys
2009-09-03 19:58 73,840 a------- d:\windows\system32\drivers\PCTAppEvent.sys
2009-09-03 19:58 64,392 a------- d:\windows\system32\drivers\pctplsg.sys
2009-09-03 19:58 <DIR> --d----- d:\program files\common files\PC Tools
2009-09-03 19:58 <DIR> --d----- d:\program files\Spyware Doctor
2009-09-03 19:58 <DIR> --d----- d:\docume~1\mike\applic~1\PC Tools
2009-09-03 19:58 <DIR> --d----- d:\docume~1\alluse~1\applic~1\PC Tools
2009-09-03 01:47 14,592 ac------ d:\windows\system32\dllcache\kbdhid.sys
2009-09-03 01:47 14,592 a------- d:\windows\system32\drivers\kbdhid.sys
2009-09-03 01:44 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Saitek
2009-09-03 01:44 <DIR> --d----- d:\program files\Saitek
2009-09-03 01:40 <DIR> --d----- d:\docume~1\mike\applic~1\Autodesk
2009-09-03 01:09 <DIR> --d----- d:\program files\Autodesk
2009-09-03 01:09 509,448 a------- d:\windows\system32\XAudio2_2.dll
2009-09-03 01:09 68,616 a------- d:\windows\system32\XAPOFX1_1.dll
2009-09-03 01:09 238,088 a------- d:\windows\system32\xactengine3_2.dll
2009-09-03 01:09 1,493,528 a------- d:\windows\system32\D3DCompiler_39.dll
2009-09-03 01:09 467,984 a------- d:\windows\system32\d3dx10_39.dll
2009-09-03 01:09 3,851,784 a------- d:\windows\system32\D3DX9_39.dll
2009-09-03 01:09 1,124,720 a------- d:\windows\system32\D3DCompiler_34.dll
2009-09-03 01:09 443,752 a------- d:\windows\system32\d3dx10_34.dll
2009-09-03 01:09 3,497,832 a------- d:\windows\system32\d3dx9_34.dll
2009-09-03 01:09 3,426,072 a------- d:\windows\system32\d3dx9_32.dll
2009-09-03 01:09 2,414,360 a------- d:\windows\system32\d3dx9_31.dll
2009-09-03 01:09 <DIR> --d----- d:\windows\Logs
2009-09-03 00:41 8,252 a----r-- d:\windows\system32\SaiD0255.pr0
2009-09-02 23:54 <DIR> --d----- d:\program files\Microsoft Games
2009-09-02 19:37 <DIR> --d----- d:\program files\AskBarDis

==================== Find3M ====================

2009-10-01 10:03 0 a------- d:\windows\system32\drivers\lvuvc.hs
2009-10-01 02:42 0 a------- d:\windows\system32\drivers\logiflt.iad
2009-08-05 05:01 204,800 a------- d:\windows\system32\mswebdvd.dll
2009-08-01 12:03 361,288 a------- d:\windows\system32\TuneUpDefragService.exe
2009-07-26 23:20 2,285,056 a------- d:\windows\system32\TUKernel.exe
2009-07-25 05:23 411,368 a------- d:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- d:\windows\system32\atl.dll
2009-07-15 05:48 29,000 a------- d:\windows\system32\uxtuneup.dll
2009-07-13 23:43 286,208 a------- d:\windows\system32\wmpdxm.dll
2008-03-05 20:41 1,377,872 ac------ d:\docume~1\alluse~1\applic~1\pswi_preloaded.exe
2007-10-29 15:10 60,968 ac------ d:\documents and settings\mike\GoToAssistDownloadHelper.exe
2007-10-28 19:11 251 ac------ d:\program files\wt3d.ini
2009-02-23 21:53 88 ---shr-- d:\windows\system32\9BC61C14AC.sys
2009-02-23 22:06 2,828 a--sh--- d:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:03:19.98 ===============

Here is my Rootrepeal Report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/01 03:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: D:\Combo26894C\catchme.sys
Address: 0xA8017000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7677000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7703000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: D:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79A5000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: D:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79CF000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5A08000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: D:\hiberfil.sys
Status: Locked to the Windows API!

Path: d:\documents and settings\mike\local settings\temp\etilqs_7tb9lyrikbgd0xr4nnln
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: d:\documents and settings\mike\local settings\temp\etilqs_7tehrag8lh3dshkhbdjx
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: d:\program files\microsoft sql server\mssql.1\mssql\log\log_229.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: d:\program files\microsoft sql server\mssql.1\mssql\log\log_231.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: d:\program files\microsoft sql server\mssql.1\mssql\log\log_232.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: d:\documents and settings\mike\local settings\application data\google\chrome\user data\default\current session
Status: Size mismatch (API: 49613, Raw: 47307)

Path: d:\documents and settings\mike\local settings\application data\google\chrome\user data\default\history index 2009-10
Status: Size mismatch (API: 1994752, Raw: 1990656)

Path: D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00069a
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7433514

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7422282

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7422474

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7433d00

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7433fb8

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf74323fa

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7434422

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74337d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7421f32

==EOF==

Thank you for all your help!!!

Attached File(s)

Attach.txt (11.85K)
Number of downloads: 4

#2 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 20 October 2009 - 03:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#3 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 23 October 2009 - 11:29 PM

DDS (Ver_09-10-23.01) - NTFSx86
Run by Mike at 0:25:32.57 on Sat 10/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.817 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Dell 968 AIO Printer\memcard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Dell 968 AIO Printer\dldomon.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Saitek\SD6\Software\ProfilerU.exe
D:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
D:\Program Files\Webroot\Washer\wwDisp.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Windows Plus\Dancer\Dancer.exe
D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
svchost.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\WINDOWS\system32\dlcicoms.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
D:\WINDOWS\system32\dldocoms.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
D:\Program Files\Webroot\Washer\WasherSvc.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
D:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\System32\TuneUpDefragService.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\Mike\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -
mWinlogon: UIHost=d:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - d:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - d:\program files\askbardis\bar\bin\askBar.dll
TB: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - d:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [Window Washer] "d:\program files\webroot\washer\wwDisp.exe"
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "d:\documents and settings\mike\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Dancer] "d:\program files\windows plus\dancer\Dancer.exe"
uRun: [TuneUp MemOptimizer] "d:\program files\tuneup utilities 2009\MemOptimizer.exe" autostart
uRun: [SUPERAntiSpyware] "d:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [Turtle Beach Audio Advantage Roadie] "d:\program files\turtle beach\audioadvantageroadie\TBAA.exe"
mRun: [SynTPEnh] "d:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [SigmatelSysTrayApp] "d:\program files\sigmatel\c-major audio\wdm\stsystra.exe"
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [MemoryCardManager] "d:\program files\dell 968 aio printer\memcard.exe"
mRun: [ISUSScheduler] "d:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "d:\progra~1\common~1\instal~1\update~1\isuspm.exe" -startup
mRun: [ehTray] "d:\windows\ehome\ehtray.exe"
mRun: [dldomon.exe] "d:\program files\dell 968 aio printer\dldomon.exe"
mRun: [Dell 968 AIO Printer Fax Server] "d:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [Broadcom Wireless Manager UI] "d:\windows\system32\WLTRAY.exe"
mRun: [EPSON Stylus CX5800F Series] "d:\windows\system32\spool\drivers\w32x86\3\E_FATIALA.EXE" /P27 "EPSON Stylus CX5800F Series" /O5 "LPT1:" /M "Stylus CX5800F"
mRun: [IgfxTray] "d:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "d:\windows\system32\hkcmd.exe"
mRun: [LogitechCommunicationsManager] "d:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "d:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [EPSON Stylus Photo R200 Series] "d:\windows\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [ProfilerU] "d:\program files\saitek\sd6\software\ProfilerU.exe"
mRun: [SaiMfd] "d:\program files\saitek\sd6\software\SaiMfd.exe"
mRun: [dellsupportcenter] "d:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [Corel Photo Downloader] d:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [RoboForm] "d:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - d:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &AIM Toolbar Search - d:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217432680738
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} - hxxps://secure.stamps.com/download/us/registration/4_1_0_164/SdcWebSecurity.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - d:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: WBSrv - d:\progra~1\stardock\object~1\window~1\wbsrv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [2009-9-9 28544]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-9-8 108289]
R2 ASKUpgrade;ASKUpgrade;d:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-2 234888]
R2 dlci_device;dlci_device;d:\windows\system32\dlcicoms.exe -service --> d:\windows\system32\dlcicoms.exe -service [?]
R2 dldo_device;dldo_device;d:\windows\system32\dldocoms.exe -service --> d:\windows\system32\dldocoms.exe -service [?]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2007-10-5 99568]
R2 LBeepKE;LBeepKE;d:\windows\system32\drivers\LBeepKE.sys [2009-9-10 10384]
R2 ubsbm;Unibrain 1394 SBM Driver;d:\windows\system32\drivers\UBSBM.sys [2005-7-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;d:\windows\system32\drivers\UBUMAPI.sys [2005-7-27 36352]
R2 wwEngineSvc;Window Washer Engine;d:\program files\webroot\washer\WasherSvc.exe [2007-8-29 598856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;d:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;d:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 ubohci;Unibrain 1394 OHCI Driver;d:\windows\system32\drivers\ubohci.sys [2005-7-27 77056]
S0 PCTCore;PCTools KDS;d:\windows\system32\drivers\pctcore.sys --> d:\windows\system32\drivers\PCTCore.sys [?]
S3 SaiH0255;SaiH0255;d:\windows\system32\drivers\SaiH0255.sys [2007-5-1 132232]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2009-9-3 348752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-10-19 02:48:06 8287 ----a-w- d:\documents and settings\mike\.recently-used.xbel
2009-10-19 02:18:40 224 ----a-w- d:\windows\system32\9B13A86D.plf
2009-10-19 02:15:37 0 d-----w- d:\program files\ParetoLogic
2009-10-19 02:15:37 0 d-----w- d:\program files\common files\ParetoLogic
2009-10-19 02:15:37 0 d-----w- d:\docume~1\alluse~1\applic~1\ParetoLogic
2009-10-19 02:15:01 0 d-----w- d:\docume~1\alluse~1\applic~1\Cached Installations
2009-10-19 02:07:07 0 d-----w- d:\program files\Disk Doctors Undelete (Demo)
2009-10-13 23:16:18 21456 ----a-w- d:\windows\system32\drivers\SilvrLnk.sys
2009-10-13 23:16:17 49536 ----a-w- d:\windows\system32\drivers\tiehdusb.sys
2009-10-13 23:14:22 0 d-----w- d:\program files\common files\TI Shared
2009-10-13 23:14:21 0 d-----w- d:\program files\TI Education
2009-10-01 07:24:49 0 d-----w- d:\program files\Spybot - Search & Destroy
2009-10-01 07:04:55 56320 ----a-w- d:\windows\eventlog.dll
2009-10-01 06:26:45 0 d-----w- D:\Combo26894C
2009-10-01 01:59:38 0 d-----w- d:\program files\IDM Computer Solutions
2009-09-30 02:59:46 0 d-----w- D:\Combo31805C
2009-09-30 02:39:26 0 d-----w- D:\Combo
2009-09-30 01:52:39 0 d-----w- D:\ComboFix
2009-09-30 01:39:21 98816 ----a-w- d:\windows\sed.exe
2009-09-30 01:39:21 229888 ----a-w- d:\windows\PEV.exe
2009-09-30 01:39:21 161792 ----a-w- d:\windows\SWREG.exe

==================== Find3M ====================

2009-10-01 14:03:58 0 ----a-w- d:\windows\system32\drivers\lvuvc.hs
2009-10-01 06:42:14 0 ----a-w- d:\windows\system32\drivers\logiflt.iad
2009-09-11 01:53:43 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-11 01:53:42 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-11 01:53:27 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
2009-09-11 01:53:24 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
2009-09-09 05:43:54 29248 ----a-w- D:\MGlogs.zip
2009-09-09 05:40:57 1092549 ----a-w- D:\FixAVP.exe
2009-09-09 05:40:48 1344398 ----a-w- D:\MGtools.exe
2009-09-09 01:29:35 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-09-07 17:20:22 8432 ----a-w- d:\windows\system32\rgadta.sys
2009-08-05 09:01:48 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-08-01 16:03:30 361288 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2009-07-27 03:20:52 2285056 ----a-w- d:\windows\system32\TUKernel.exe
2007-10-28 23:11:52 251 -c--a-w- d:\program files\wt3d.ini
2009-02-24 01:53:00 88 --sh--r- d:\windows\system32\9BC61C14AC.sys
2009-02-24 02:06:13 2828 --sha-w- d:\windows\system32\KGyGaAvL.sys

============= FINISH: 0:25:44.28 ===============

There it is guys, I understand the wait, but I also greatly appreciate the response.

Attached File(s)

Attach.zip (4.2K)
Number of downloads: 3

#4 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 24 October 2009 - 06:12 AM

Hello, TheDogFaceAce and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image

button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

Step 1

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

Step 2

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#5 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 25 October 2009 - 11:30 AM

ComboFix 09-10-24.06 - Mike 10/25/2009 11:59.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.855 [GMT -4:00]
Running from: d:\documents and settings\Mike\Desktop\Combo.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-19 02:15 . 2009-10-19 02:15 -------- d-----w- d:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-19 02:15 . 2009-10-19 02:15 -------- d-----w- d:\program files\Common Files\ParetoLogic
2009-10-19 02:15 . 2009-10-19 02:15 -------- d-----w- d:\documents and settings\All Users\Application Data\Cached Installations
2009-10-19 02:07 . 2009-10-19 02:07 -------- d-----w- d:\program files\Disk Doctors Undelete (Demo)
2009-10-13 23:16 . 2004-01-28 19:03 21456 ----a-w- d:\windows\system32\drivers\SilvrLnk.sys
2009-10-13 23:16 . 2004-02-04 14:27 49536 ----a-w- d:\windows\system32\drivers\tiehdusb.sys
2009-10-13 23:14 . 2009-10-13 23:14 -------- d-----w- d:\program files\Common Files\TI Shared
2009-10-13 23:14 . 2009-10-13 23:16 -------- d-----w- d:\program files\TI Education
2009-10-01 07:24 . 2009-10-01 07:26 -------- d-----w- d:\program files\Spybot - Search & Destroy
2009-10-01 07:04 . 2008-04-14 00:11 56320 ----a-w- d:\windows\eventlog.dll
2009-10-01 06:26 . 2009-10-01 06:50 -------- d-----w- D:\Combo26894C
2009-10-01 01:59 . 2009-10-01 01:59 -------- d-----w- d:\program files\IDM Computer Solutions
2009-10-01 01:59 . 2009-10-01 01:59 -------- d-----w- d:\documents and settings\Mike\Application Data\IDMComp
2009-09-30 02:59 . 2009-10-01 03:30 -------- d-----w- D:\Combo31805C
2009-09-30 02:39 . 2009-09-30 02:51 -------- d-----w- D:\Combo
2009-09-30 01:52 . 2009-09-30 02:51 -------- d-----w- D:\ComboFix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 16:14 . 2009-09-16 07:22 -------- d-----w- d:\documents and settings\Mike\Application Data\LimeWire
2009-10-24 17:37 . 2009-02-23 00:11 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater
2009-10-19 02:32 . 2009-09-18 04:56 -------- d-----w- d:\documents and settings\Mike\Application Data\gtk-2.0
2009-10-16 01:27 . 2009-09-18 05:06 -------- d-----w- d:\documents and settings\Mike\Application Data\gedit
2009-10-14 16:26 . 2007-05-14 03:21 81704 -c--a-w- d:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 23:12 . 2009-01-24 15:33 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2009-10-01 14:03 . 2009-02-03 23:29 0 ----a-w- d:\windows\system32\drivers\lvuvc.hs
2009-10-01 07:25 . 2008-11-25 09:05 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 06:42 . 2009-02-03 23:29 0 ----a-w- d:\windows\system32\drivers\logiflt.iad
2009-10-01 06:35 . 2009-09-09 07:51 -------- d-----w- d:\program files\SUPERAntiSpyware
2009-10-01 02:09 . 2009-09-11 15:20 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-10-01 02:04 . 2009-09-03 03:54 -------- d-----w- d:\program files\Microsoft Games
2009-10-01 02:04 . 2007-05-14 03:18 -------- d-----w- d:\program files\Trend Micro
2009-10-01 01:50 . 2009-03-02 18:41 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-09-30 02:51 . 2007-05-15 01:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Webroot
2009-09-30 02:51 . 2007-05-15 01:00 -------- d-----w- d:\documents and settings\Mike\Application Data\Webroot
2009-09-28 16:41 . 2007-05-18 00:50 -------- d-----w- d:\documents and settings\Mike\Application Data\U3
2009-09-21 03:34 . 2009-09-20 16:47 -------- d-----w- d:\documents and settings\All Users\Application Data\Rosetta Stone
2009-09-21 02:25 . 2009-09-16 06:51 -------- d-----w- d:\documents and settings\Mike\Application Data\Azureus
2009-09-21 02:25 . 2009-09-21 02:25 -------- d-----w- d:\program files\PowerISO
2009-09-21 01:06 . 2009-03-02 17:35 -------- d-----w- d:\documents and settings\All Users\Application Data\FLEXnet
2009-09-20 16:47 . 2009-09-20 16:47 -------- d-----w- d:\program files\Rosetta Stone
2009-09-20 05:29 . 2009-08-22 23:41 -------- d-----w- d:\program files\EPSON Software
2009-09-20 05:29 . 2007-05-14 02:37 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-09-20 05:22 . 2007-05-15 01:50 -------- d-----w- d:\program files\epson
2009-09-19 21:52 . 2009-09-19 21:52 -------- d-----w- d:\program files\Microsoft Speech SDK 5.1
2009-09-19 21:44 . 2009-09-19 21:44 -------- d-----w- d:\program files\ATTNaturalVoices
2009-09-18 04:55 . 2009-09-18 04:55 -------- d-----w- d:\program files\gedit
2009-09-16 07:22 . 2009-09-16 07:22 -------- d-----w- d:\program files\LimeWire
2009-09-16 06:51 . 2009-09-16 06:51 -------- d-----w- d:\documents and settings\All Users\Application Data\Azureus
2009-09-16 06:47 . 2009-09-16 06:46 -------- d-----w- d:\program files\Vuze
2009-09-11 15:26 . 2009-09-03 23:58 -------- d-----w- d:\program files\Spyware Doctor
2009-09-11 15:23 . 2009-08-27 00:12 164 ----a-w- d:\windows\install.dat
2009-09-11 14:49 . 2009-03-27 05:36 -------- d-----w- d:\program files\'Full Speed' Internet Booster + Performance Tests
2009-09-11 03:16 . 2009-09-11 03:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Geek Squad
2009-09-11 02:10 . 2009-05-15 19:28 -------- d-----w- d:\documents and settings\Mike\Application Data\ImgBurn
2009-09-11 01:56 . 2009-02-12 01:01 -------- d-----w- d:\documents and settings\All Users\Application Data\Logitech
2009-09-11 01:56 . 2009-09-11 01:56 -------- d-----w- d:\documents and settings\Mike\Application Data\Logitech
2009-09-11 01:56 . 2009-02-03 23:13 -------- d-----w- d:\program files\Common Files\LogiShrd
2009-09-11 01:55 . 2009-02-04 00:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Logishrd
2009-09-11 01:53 . 2009-09-11 01:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-09-11 01:53 . 2009-09-11 01:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-09-11 01:53 . 2009-09-11 01:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
2009-09-11 01:53 . 2009-09-11 01:53 0 ---ha-w- d:\windows\system32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
2009-09-11 01:51 . 2009-02-12 01:01 -------- d-----w- d:\program files\Logitech
2009-09-10 14:35 . 2008-07-22 02:36 -------- d-----w- d:\program files\Microsoft Silverlight
2009-09-10 02:18 . 2009-01-20 13:32 -------- d-----w- d:\documents and settings\Mike\Application Data\Free Download Manager
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- d:\program files\Panda Security
2009-09-10 01:57 . 2009-09-10 01:57 -------- d-----w- d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-09 08:07 . 2007-05-15 01:01 -------- d-----w- d:\program files\Webroot
2009-09-09 07:51 . 2009-09-09 07:51 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-09 07:51 . 2009-09-09 07:51 -------- d-----w- d:\documents and settings\Mike\Application Data\SUPERAntiSpyware.com
2009-09-09 07:50 . 2009-09-06 14:45 -------- d-----w- d:\documents and settings\All Users\Application Data\STOPzilla!
2009-09-09 06:26 . 2009-09-06 02:34 -------- d-----w- d:\program files\RegGenie
2009-09-09 06:09 . 2007-10-24 02:12 -------- d-----w- d:\program files\Java
2009-09-09 05:43 . 2009-09-09 05:43 29248 ----a-w- D:\MGlogs.zip
2009-09-09 05:40 . 2009-09-09 05:41 1092549 ----a-w- D:\FixAVP.exe
2009-09-09 05:40 . 2009-09-09 05:40 1344398 ----a-w- D:\MGtools.exe
2009-09-09 01:29 . 2009-09-09 01:31 55656 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-09-09 01:19 . 2007-05-14 01:52 -------- d-----w- d:\program files\DIGStream
2009-09-08 23:59 . 2009-09-08 23:59 -------- d-----w- d:\program files\Avira
2009-09-08 23:59 . 2009-09-08 23:59 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2009-09-07 17:20 . 2009-09-07 17:20 8432 ----a-w- d:\windows\system32\rgadta.sys
2009-09-06 22:32 . 2009-09-06 22:32 -------- d-----w- d:\program files\CCleaner
2009-09-06 22:31 . 2008-09-26 03:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint
2009-09-06 14:48 . 2009-09-06 14:48 -------- d-----w- d:\documents and settings\All Users\Application Data\SITEguard
2009-09-06 14:45 . 2009-09-06 14:45 -------- d-----w- d:\program files\Common Files\iS3
2009-09-03 23:59 . 2009-09-03 23:58 -------- d-----w- d:\program files\Common Files\PC Tools
2009-09-03 23:58 . 2009-09-03 23:58 -------- d-----w- d:\documents and settings\Mike\Application Data\PC Tools
2009-09-03 23:58 . 2009-09-03 23:58 -------- d-----w- d:\documents and settings\All Users\Application Data\PC Tools
2009-09-03 23:58 . 2008-12-16 03:35 -------- d-----w- d:\documents and settings\Mike\Application Data\GetRightToGo
2009-09-03 06:08 . 2009-09-03 05:09 -------- d-----w- d:\program files\Autodesk
2009-09-03 06:01 . 2009-09-03 05:27 -------- d-----w- d:\documents and settings\All Users\Application Data\Autodesk
2009-09-03 05:44 . 2009-09-03 05:44 -------- d-----w- d:\documents and settings\All Users\Application Data\Saitek
2009-09-03 05:44 . 2009-09-03 05:44 -------- d-----w- d:\program files\Saitek
2009-09-03 05:40 . 2009-09-03 05:40 -------- d-----w- d:\documents and settings\Mike\Application Data\Autodesk
2009-09-03 01:23 . 2007-10-16 22:12 -------- d-----w- d:\program files\Google
2009-09-03 01:19 . 2009-08-24 17:14 -------- d-----w- d:\documents and settings\Mike\Application Data\IM
2009-09-03 01:13 . 2009-01-24 15:33 -------- d-----w- d:\program files\AGEIA Technologies
2009-09-03 01:08 . 2009-08-24 17:41 -------- d-----w- d:\program files\Common Files\SolidWorks Shared
2009-09-03 01:08 . 2009-08-24 17:39 -------- d-----w- d:\documents and settings\All Users\Application Data\SolidWorks
2009-09-03 01:00 . 2008-07-22 02:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-02 23:38 . 2009-09-02 23:37 -------- d-----w- d:\program files\AskBarDis
2009-08-29 23:31 . 2009-08-24 18:42 -------- d-----w- d:\documents and settings\Mike\Application Data\SolidWorks
2009-08-27 14:25 . 2009-08-27 14:25 2272 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-06 20:45 . 2009-08-06 20:44 36 ----a-w- d:\windows\system32\f9t.dat
2009-08-05 09:01 . 2004-08-10 11:00 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-08-01 16:03 . 2009-07-25 13:30 361288 ----a-w- d:\windows\system32\TuneUpDefragService.exe
2007-10-28 23:11 . 2007-10-28 23:11 251 -c--a-w- d:\program files\wt3d.ini
2009-02-24 01:53 . 2009-02-24 01:52 88 --sh--r- d:\windows\system32\9BC61C14AC.sys
2009-02-24 02:06 . 2009-02-24 01:52 2828 --sha-w- d:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-01_06.44.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-25 16:17 . 2009-10-25 16:17 16384 d:\windows\Temp\Perflib_Perfdata_fb4.dat
- 2004-08-10 11:00 . 2009-08-17 13:17 96856 d:\windows\system32\perfc009.dat
+ 2004-08-10 11:00 . 2009-10-13 23:38 96856 d:\windows\system32\perfc009.dat
+ 2003-08-14 14:10 . 2003-08-14 14:10 33280 d:\windows\system\lfpcx12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 32256 d:\windows\system\lflmb12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 78336 d:\windows\system\lffax12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 37376 d:\windows\system\lfbmp12n.dll
+ 2009-10-19 02:15 . 2009-10-19 02:15 69632 d:\windows\Installer\{B1C2398C-6FAB-46D1-806C-5942F0829994}\NewShortcut2_6A249BC8FEDF4EED9868BB9A9AA2B211.exe
+ 2009-10-19 02:15 . 2009-10-19 02:15 69632 d:\windows\Installer\{B1C2398C-6FAB-46D1-806C-5942F0829994}\NewShortcut1_4FFBBDF2D7D249A085B5EAB3B63BD647.exe
+ 2009-10-19 02:15 . 2009-10-19 02:15 69632 d:\windows\Installer\{B1C2398C-6FAB-46D1-806C-5942F0829994}\ARPPRODUCTICON.exe
- 2004-08-10 11:00 . 2009-08-17 13:17 506230 d:\windows\system32\perfh009.dat
+ 2004-08-10 11:00 . 2009-10-13 23:38 506230 d:\windows\system32\perfh009.dat
+ 2007-05-13 18:15 . 2009-10-15 03:43 302032 d:\windows\system32\FNTCACHE.DAT
+ 2003-08-14 14:11 . 2003-08-14 14:11 855040 d:\windows\system\Ltwvc12n.dll
+ 2003-08-14 14:11 . 2003-08-14 14:11 406016 d:\windows\system\ltkrn12n.dll
+ 2003-08-14 14:11 . 2003-08-14 14:11 146944 d:\windows\system\ltfil12n.DLL
+ 2003-08-14 14:11 . 2003-08-14 14:11 278528 d:\windows\system\LTDIS12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 190464 d:\windows\system\lftif12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 109568 d:\windows\system\lfjbg12n.dll
+ 2003-08-14 14:10 . 2003-08-14 14:10 313856 d:\windows\system\LFCMP12n.DLL
+ 2008-08-26 20:58 . 2008-08-26 20:58 579112 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_tgctlsr.dll
+ 2008-08-26 20:58 . 2008-08-26 20:58 284032 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_tgctlcm2.dll
+ 2008-08-26 20:58 . 2008-08-26 20:58 370216 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_sdcnetcheck.dll
+ 2009-10-19 02:15 . 2009-10-19 02:15 1030144 d:\windows\Installer\f74fab4.msi
+ 2009-06-03 21:53 . 2009-06-03 21:53 3484672 d:\windows\Installer\22eb0b00.msp
+ 2009-10-13 23:15 . 2009-10-13 23:15 5338624 d:\windows\Installer\1f42210e.msi
+ 2008-08-26 20:58 . 2008-08-26 20:58 1099040 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_tgctlsi.dll
+ 2008-08-26 20:58 . 2008-08-26 20:58 1017648 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_dsc.exe
+ 2008-08-26 20:58 . 2008-08-26 20:58 1017648 d:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.2.8100\file_bcont.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- d:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "d:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="d:\program files\Webroot\Washer\wwDisp.exe" [2007-10-03 1206600]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-21 68856]
"Google Update"="d:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"Dancer"="d:\program files\Windows Plus\Dancer\Dancer.exe" [2004-08-10 188416]
"TuneUp MemOptimizer"="d:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-07-16 163144]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-09-04 1994480]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AdobeUpdater6"="d:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe" [2009-03-27 2521464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Turtle Beach Audio Advantage Roadie"="d:\program files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe" [2005-10-28 1572864]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="d:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"MemoryCardManager"="d:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"ISUSScheduler"="d:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="d:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ehTray"="d:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"dldomon.exe"="d:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"Dell 968 AIO Printer Fax Server"="d:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"EPSON Stylus CX5800F Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"LogitechCommunicationsManager"="d:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="d:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"EPSON Stylus Photo R200 Series"="d:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" [2003-07-08 99840]
"ProfilerU"="d:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="d:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"dellsupportcenter"="d:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2009-07-27 180224]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Corel Photo Downloader"="d:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - d:\windows\KHALMNPR.Exe [2009-06-17 55824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="d:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-10 813584]
Service Manager.lnk - d:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ------w- d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-10-16 21:16 10792 ----a-w- d:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-05-26 21:47 72208 ----a-w- d:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-26 18:51 176128 ----a-w- d:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dellsupportcenter"="d:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\system32\\dlcicoms.exe"=
"d:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"d:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"d:\\Program Files\\Dell 968 AIO Printer\\DLDOFax.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"d:\\Program Files\\Dell 968 AIO Printer\\Wireless\\dldowpss.exe"=
"d:\\WINDOWS\\system32\\dldocoms.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\WINDOWS\\system32\\dldocfg.exe"=
"d:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldowbgw.exe"=
"d:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"d:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\StarNet\\X-Win32 8.2\\xwin32.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\AdventNet\\ME\\VQManager\\mysql\\bin\\mysqld-nt.exe"=
"d:\\Program Files\\Sierra\\Empire Earth Gold\\The Art of Conquest\\EE-AOC.exe"=
"d:\\Program Files\\Adobe\\Photoshop Elements 7.0\\AdobePhotoshopElementsMediaServer.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"d:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=

R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [9/9/2009 10:12 PM 28544]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [9/8/2009 7:59 PM 108289]
R2 ASKUpgrade;ASKUpgrade;d:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [9/2/2009 7:38 PM 234888]
R2 dlci_device;dlci_device;d:\windows\system32\dlcicoms.exe -service --> d:\windows\system32\dlcicoms.exe -service [?]
R2 dldo_device;dldo_device;d:\windows\system32\dldocoms.exe -service --> d:\windows\system32\dldocoms.exe -service [?]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService;d:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [10/5/2007 9:30 AM 99568]
R2 LBeepKE;LBeepKE;d:\windows\system32\drivers\LBeepKE.sys [9/10/2009 9:53 PM 10384]
R2 ubsbm;Unibrain 1394 SBM Driver;d:\windows\system32\drivers\UBSBM.sys [7/27/2005 6:25 PM 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver;d:\windows\system32\drivers\UBUMAPI.sys [7/27/2005 6:25 PM 36352]
R2 wwEngineSvc;Window Washer Engine;d:\program files\Webroot\Washer\WasherSvc.exe [8/29/2007 3:40 AM 598856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;d:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 12:55 PM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;d:\windows\system32\drivers\LHidEqd.sys [6/17/2009 12:55 PM 10384]
R3 ubohci;Unibrain 1394 OHCI Driver;d:\windows\system32\drivers\ubohci.sys [7/27/2005 6:25 PM 77056]
S0 PCTCore;PCTools KDS;d:\windows\system32\drivers\PCTCore.sys --> d:\windows\system32\drivers\PCTCore.sys [?]
S3 SaiH0255;SaiH0255;d:\windows\system32\drivers\SaiH0255.sys [5/1/2007 4:11 PM 132232]
S3 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [9/3/2009 7:58 PM 348752]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-10-25 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-16 01:22]

2009-10-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003Core.job
- d:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 23:34]

2009-10-25 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003UA.job
- d:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 23:34]

2009-10-24 d:\windows\Tasks\ParetoLogic Registration.job
- d:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]

2009-10-24 d:\windows\Tasks\ParetoLogic Update Version2.job
- d:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

2009-10-25 d:\windows\Tasks\User_Feed_Synchronization-{2E6939AF-E8C5-48D3-A28F-C17439F5232F}.job
- d:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: &AIM Toolbar Search - d:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} - hxxps://secure.stamps.com/download/us/registration/4_1_0_164/SdcWebSecurity.cab
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-RoboForm - d:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 12:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,20,e8,aa,60,50,11,4d,a0,01,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cd,20,e8,aa,60,50,11,4d,a0,01,b4,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1744)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\windows\system32\WININET.dll
d:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
d:\program files\common files\logishrd\bluetooth\LBTServ.dll
d:\windows\System32\BCMLogon.dll
d:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(4608)
d:\windows\system32\WININET.dll
d:\program files\Logitech\SetPoint\GameHook.dll
d:\program files\Logitech\SetPoint\lgscroll.dll
d:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\windows\system32\btmmhook.dll
d:\program files\Windows Media Player\wmpband.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
d:\windows\system32\btncopy.dll
d:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
d:\program files\SUPERAntiSpyware\SASSEH.DLL
d:\progra~1\SPYBOT~1\SDHelper.dll
d:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
d:\program files\Microsoft Office\OFFICE11\msohev.dll
d:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\windows\system32\dlcicoms.exe
d:\windows\system32\dldocoms.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
d:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
d:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\windows\system32\PSIService.exe
d:\program files\Dell Support Center\bin\sprtsvc.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
d:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
d:\windows\ehome\mcrdsvc.exe
d:\combo13422c\CF30218.exe
d:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
d:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\combo13422c\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-25 12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-25 16:26
ComboFix2.txt 2009-10-01 06:50

Pre-Run: 16,203,866,112 bytes free
Post-Run: 16,469,913,600 bytes free

- - End Of File - - 350E137984BD9E0652E057595DC67316

#6 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 25 October 2009 - 11:49 AM

Download Win32kDiag from any of the following locations and save it to your Desktop.
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Step 2

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and [b]info.txt (<<will be minimized)

[b]Please post back with:
Win32kDiag-Logfile
Both RSIT-Logfiles

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#7 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 25 October 2009 - 02:32 PM

The order is Log.txt, info.txt, and then win32diag.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2009-10-25 15:08:49
Microsoft Windows XP Professional Service Pack 3
System drive D: has 16 GB (19%) free of 81 GB
Total RAM: 2038 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:09 PM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Dell 968 AIO Printer\memcard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Dell 968 AIO Printer\dldomon.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Saitek\SD6\Software\ProfilerU.exe
D:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\Dell Support Center\bin\sprtcmd.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
D:\Program Files\Webroot\Washer\wwDisp.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Windows Plus\Dancer\Dancer.exe
D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINDOWS\system32\dlcicoms.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
D:\WINDOWS\system32\dldocoms.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Webroot\Washer\WasherSvc.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\My Documents\Downloads\Win32kDiag (2).exe
D:\Documents and Settings\Mike\My Documents\Downloads\RSIT.exe
D:\Program Files\trend micro\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [SynTPEnh] "D:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "D:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] "D:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [dldomon.exe] "D:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "D:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "D:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" /P27 "EPSON Stylus CX5800F Series" /O5 "LPT1:" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [IgfxTray] "D:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "D:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ProfilerU] "D:\Program Files\Saitek\SD6\Software\ProfilerU.exe"
O4 - HKLM\..\Run: [SaiMfd] "D:\Program Files\Saitek\SD6\Software\SaiMfd.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "D:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [Window Washer] "D:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dancer] "D:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Service Manager.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - D:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217432680738
O16 - DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} (SdcWebSecurityCtrl Class) - https://secure.stamps.com/download/us/regis...WebSecurity.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - D:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlci_device - - D:\WINDOWS\system32\dlcicoms.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - D:\WINDOWS\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - D:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - D:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - D:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 16458 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003UA.job
D:\WINDOWS\tasks\ParetoLogic Registration.job
D:\WINDOWS\tasks\ParetoLogic Update Version2.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{2E6939AF-E8C5-48D3-A28F-C17439F5232F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-03 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - D:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - []
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Turtle Beach Audio Advantage Roadie"=D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe [2005-10-28 1572864]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"RemoteControl"=D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"MemoryCardManager"=D:\Program Files\Dell 968 AIO Printer\memcard.exe [2007-10-05 410864]
"ISUSScheduler"=D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ISUSPM Startup"=D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ehTray"=D:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"dldomon.exe"=D:\Program Files\Dell 968 AIO Printer\dldomon.exe [2007-10-05 455920]
"Dell 968 AIO Printer Fax Server"=D:\Program Files\Dell 968 AIO Printer\fm3032.exe [2007-10-05 312560]
"Broadcom Wireless Manager UI"=D:\WINDOWS\system32\WLTRAY.exe [2008-06-02 2220032]
"EPSON Stylus CX5800F Series"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"LogitechCommunicationsManager"=D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=D:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"EPSON Stylus Photo R200 Series"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
"ProfilerU"=D:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=D:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
"dellsupportcenter"=D:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"=D:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"PWRISOVM.EXE"=D:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"Corel Photo Downloader"=D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"=D:\Program Files\Webroot\Washer\wwDisp.exe [2007-10-03 1206600]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-21 68856]
"Google Update"=D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]
"Dancer"=D:\Program Files\Windows Plus\Dancer\Dancer.exe [2004-08-10 188416]
"TuneUp MemOptimizer"=D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe [2009-07-16 163144]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
D:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2
"Viewpoint Manager Service"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe
Service Manager.lnk - D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
D:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2007-10-16 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-05-26 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-03-26 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=D:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\WINDOWS\system32\dlcicoms.exe"="D:\WINDOWS\system32\dlcicoms.exe:*:Enabled:Dell 946 Server"
"D:\Program Files\Dell 968 AIO Printer\dldomon.exe"="D:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface"
"D:\Program Files\Dell 968 AIO Printer\dldoaiox.exe"="D:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe"
"D:\Program Files\Dell 968 AIO Printer\DLDOFax.exe"="D:\Program Files\Dell 968 AIO Printer\DLDOFax.exe:*:Enabled:Fax Solutions Software"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable"
"D:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe"="D:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe:*:Enabled: "
"D:\WINDOWS\system32\dldocoms.exe"="D:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\WINDOWS\system32\dldocfg.exe"="D:\WINDOWS\system32\dldocfg.exe:*:Enabled:Printer Communication System"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe:*:Enabled:Dell Web Gateway"
"D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"="D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr.exe"
"D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"="D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\StarNet\X-Win32 8.2\xwin32.exe"="D:\Program Files\StarNet\X-Win32 8.2\xwin32.exe:*:Enabled:X-Win32 PC X Server"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\Free Download Manager\fdm.exe"="D:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\AdventNet\ME\VQManager\mysql\bin\mysqld-nt.exe"="C:\AdventNet\ME\VQManager\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\Program Files\Sierra\Empire Earth Gold\The Art of Conquest\EE-AOC.exe"="D:\Program Files\Sierra\Empire Earth Gold\The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"D:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe"="D:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

======List of files/folders created in the last 1 months======

2009-10-25 15:08:49 ----D---- D:\rsit
2009-10-25 12:27:07 ----A---- D:\ComboFix.txt
2009-10-18 22:15:37 ----D---- D:\Program Files\Common Files\ParetoLogic
2009-10-18 22:15:37 ----D---- D:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-10-18 22:15:01 ----D---- D:\Documents and Settings\All Users\Application Data\Cached Installations
2009-10-18 22:07:07 ----D---- D:\Program Files\Disk Doctors Undelete (Demo)
2009-10-13 19:14:22 ----D---- D:\Program Files\Common Files\TI Shared
2009-10-13 19:14:21 ----D---- D:\Program Files\TI Education
2009-10-01 03:24:49 ----D---- D:\Program Files\Spybot - Search & Destroy
2009-10-01 03:24:04 ----A---- D:\RootRepeal report 10-01-09 (03-24-04).txt
2009-10-01 03:04:55 ----A---- D:\WINDOWS\eventlog.dll
2009-10-01 03:04:55 ----A---- D:\avplog.txt
2009-10-01 02:52:58 ----D---- D:\RECYCLER
2009-10-01 02:26:45 ----D---- D:\Combo26894C
2009-09-30 21:59:38 ----D---- D:\Program Files\IDM Computer Solutions
2009-09-30 21:59:38 ----D---- D:\Documents and Settings\Mike\Application Data\IDMComp
2009-09-29 22:59:46 ----D---- D:\Combo31805C
2009-09-29 22:39:26 ----D---- D:\Combo
2009-09-29 21:52:39 ----D---- D:\ComboFix
2009-09-29 21:39:22 ----A---- D:\WINDOWS\NIRCMD.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\zip.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWXCACLS.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWSC.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWREG.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\sed.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\PEV.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\grep.exe
2009-09-29 21:38:06 ----D---- D:\WINDOWS\ERDNT
2009-09-29 21:34:09 ----AD---- D:\Qoobox

======List of files/folders modified in the last 1 months======

2009-10-25 15:09:09 ----D---- D:\Program Files\Trend Micro
2009-10-25 15:00:01 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-10-25 14:58:42 ----SD---- D:\WINDOWS\Tasks
2009-10-25 12:27:14 ----D---- D:\WINDOWS\system32\drivers
2009-10-25 12:27:12 ----D---- D:\WINDOWS\Temp
2009-10-25 12:18:49 ----D---- D:\WINDOWS
2009-10-25 12:18:49 ----A---- D:\WINDOWS\system.ini
2009-10-25 12:18:47 ----D---- D:\WINDOWS\system32\CatRoot2
2009-10-25 12:18:00 ----D---- D:\WINDOWS\system32
2009-10-25 12:14:53 ----D---- D:\Documents and Settings\Mike\Application Data\LimeWire
2009-10-25 12:07:16 ----D---- D:\WINDOWS\AppPatch
2009-10-25 12:06:51 ----D---- D:\Program Files\Common Files
2009-10-25 11:54:34 ----D---- D:\WINDOWS\Prefetch
2009-10-24 13:37:29 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2009-10-24 00:33:46 ----D---- D:\Program Files
2009-10-18 22:32:14 ----D---- D:\Documents and Settings\Mike\Application Data\gtk-2.0
2009-10-18 22:15:42 ----SHD---- D:\WINDOWS\Installer
2009-10-18 22:15:41 ----D---- D:\Config.Msi
2009-10-15 21:27:46 ----D---- D:\Documents and Settings\Mike\Application Data\gedit
2009-10-13 19:38:13 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-10-13 19:35:45 ----D---- D:\WINDOWS\inf
2009-10-13 19:14:38 ----RSD---- D:\WINDOWS\Fonts
2009-10-13 19:14:26 ----D---- D:\WINDOWS\twain_32
2009-10-13 19:14:24 ----D---- D:\WINDOWS\system
2009-10-13 19:12:33 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2009-10-01 03:25:36 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 02:40:07 ----D---- D:\WINDOWS\system32\config
2009-10-01 02:35:46 ----D---- D:\Program Files\SUPERAntiSpyware
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\xircom
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\wins
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\ShellExt
2009-10-01 02:30:06 ----D---- D:\WINDOWS\system32\export
2009-10-01 02:30:06 ----D---- D:\WINDOWS\system32\dhcp
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\3com_dmi
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\3076
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\2052
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1054
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1042
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1041
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1037
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1031
2009-10-01 02:30:04 ----D---- D:\WINDOWS\system32\1028
2009-10-01 02:30:04 ----D---- D:\WINDOWS\system32\1025
2009-10-01 02:30:04 ----D---- D:\WINDOWS\SxsCaPendDel
2009-10-01 02:30:03 ----D---- D:\WINDOWS\SolidWorks
2009-10-01 02:30:02 ----D---- D:\WINDOWS\PIF
2009-10-01 02:30:02 ----D---- D:\WINDOWS\msdownld.tmp
2009-10-01 02:30:02 ----D---- D:\WINDOWS\Minidump
2009-10-01 02:30:01 ----D---- D:\WINDOWS\Connection Wizard
2009-10-01 02:30:01 ----D---- D:\WINDOWS\Config
2009-10-01 02:29:59 ----D---- D:\WINDOWS\addins
2009-09-30 22:10:50 ----D---- D:\MGtools
2009-09-30 22:09:33 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-09-30 22:04:53 ----D---- D:\Program Files\Microsoft Games
2009-09-30 21:50:00 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-09-29 22:59:53 ----A---- D:\WINDOWS\ntbtlog.txt
2009-09-29 22:51:13 ----D---- D:\Documents and Settings\Mike\Application Data\Webroot
2009-09-29 22:51:13 ----D---- D:\Documents and Settings\All Users\Application Data\Webroot
2009-09-29 22:31:28 ----A---- D:\avenger.txt
2009-09-28 12:41:06 ----D---- D:\Documents and Settings\Mike\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; D:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-20 279712]
R2 LBeepKE;LBeepKE; D:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-20 25888]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-12-09 12544]
R2 rimmptsk;rimmptsk; D:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; D:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 ubsbm;Unibrain 1394 SBM Driver; D:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver; D:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 BCM43XX;Dell Wireless WLAN Card Driver; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-01-30 45568]
R3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys [2007-08-29 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys [2007-08-29 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-08-29 876384]
R3 catchme;catchme; \??\D:\Combo13422C\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; D:\WINDOWS\System32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; D:\WINDOWS\System32\Drivers\LHidEqd.Sys [2009-06-17 10384]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LVPr2Mon;LVPr2Mon Driver; D:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SaiMini;SaiMini; D:\WINDOWS\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; D:\WINDOWS\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 ubohci;Unibrain 1394 OHCI Driver; D:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R4 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir Desktop\avgntflt.sys []
S3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Request Block Driver; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; D:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-08-29 149123]
S3 btwhid;btwhid; D:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-08-29 55352]
S3 btwmodem;Bluetooth Modem; D:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-08-30 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2007-08-30 67960]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmudau;Audio Advantage Roadie Interface; D:\WINDOWS\system32\drivers\cmudau.sys [2005-10-03 1334272]
S3 dot4;MS IEEE-1284.4 Driver; D:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; D:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FilterService;UVC Filter Service; D:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2007-11-20 47249]
S3 lvpopflt;Logitech POP Suppression Filter; D:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVRS;Logitech RightSound Filter Driver; D:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 lvselsus;Logitech Selective Suspend Filter; D:\WINDOWS\system32\DRIVERS\lvselsus.sys [2008-07-26 66456]
S3 LVUSBSta;Logitech USB Monitor Filter; D:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); D:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 MHNDRV;MHN driver; D:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SaiH0255;SaiH0255; D:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2007-05-01 132232]
S3 sffdisk;SFF Storage Class Driver; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\D:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; D:\WINDOWS\System32\Drivers\sskbfd.sys [2007-10-01 23864]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; D:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TVICHW32;TVICHW32; \??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; D:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; D:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 ASKUpgrade;ASKUpgrade; D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 dlci_device;dlci_device; D:\WINDOWS\system32\dlcicoms.exe [2006-11-03 537480]
R2 dldo_device;dldo_device; D:\WINDOWS\system32\dldocoms.exe [2007-10-05 595184]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService; D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LVCOMSer;LVCOMSer; D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 McrdSvc;Media Center Extender Service; D:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 ProtexisLicensing;ProtexisLicensing; D:\WINDOWS\system32\PSIService.exe [2006-11-03 174656]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); D:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-26 201968]
R2 SQLBrowser;SQL Server Browser; d:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 wwEngineSvc;Window Washer Engine; D:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 598856]
S2 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S2 LVPrcSrv;Process Monitor; D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe []
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; D:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2007-10-16 16936]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; D:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2009-05-26 121360]
S3 MHN;MHN; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; d:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-08-24 79360]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-04 323584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-01 361288]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-25 15:09:11

======Uninstall list======

-->D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
53415-->MsiExec.exe /X{D7B26783-56EF-4749-B35E-DE62CE295040}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->d:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11-->D:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced Audio FX Engine-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
AIM 6-->D:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AT&T Labs' Natural Voices - Audrey 16k 1.4 (Desktop)-->MsiExec.exe /I{2A503316-B931-47B0-8540-E2CBC7E48404}
AT&T Labs' Natural Voices - Desktop 1.4-->MsiExec.exe /I{A1E90043-B96B-4032-AA1C-EC2C000395E5}
Audacity 1.3.7 (Unicode)-->"D:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlueXpand 6.0-->"D:\Program Files\BlueXpand\unins000.exe"
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->D:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Creative System Information-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell 968 AIO Printer-->D:\Program Files\Dell 968 AIO Printer\Install\x86\Uninst.exe
Dell ResourceCD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card Utility-->"D:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="D:\Program Files\Dell\Dell Wireless WLAN Card"
Disk Doctors Undelete Version 1.0.0-->"D:\Program Files\Disk Doctors Undelete (Demo)\unins000.exe"
Download Updater (AOL LLC)-->D:\Program Files\Common Files\Software Update Utility\uninstall.exe
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Empire Earth Gold-->D:\PROGRA~1\Sierra\EMPIRE~1\UNWISE.EXE D:\PROGRA~1\Sierra\EMPIRE~1\INSTALL.LOG
EPSON CX5800F Guide-->D:\Program Files\epson\guide\cx5800f_e\uninstall.exe
Epson Print CD-->D:\Program Files\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\setup.exe -runfromtemp -l0x0009 -removeonly
EPSON Printer Software-->D:\Program Files\EPSON\PrinterDriverTemp\SPR200\EPUPDATE.EXE /R
EPSON Scan-->D:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
ESPNMotion-->D:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u D:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Film Factory-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\EPSON Software\Film Factory\Uninst.isu"
Free Download Manager 3.0-->"D:\Program Files\Free Download Manager\unins000.exe"
FTDI USB Serial Converter Drivers-->D:\WINDOWS\system32\ftdiunin.exe D:\WINDOWS\system32\ftdiun2k.ini
'Full Speed' Internet Booster + Performance Tests-->"D:\WINDOWS\'Full Speed' Internet Booster + Performance Tests\uninstall.exe" "/U:D:\Program Files\'Full Speed' Internet Booster + Performance Tests\Uninstall\uninstall.xml"
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->D:\WINDOWS\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089)-->D:\WINDOWS\SQLTools9_KB960089_ENU\Hotfix.exe /Uninstall
gedit 2.27.6-->"D:\Program Files\gedit\unins000.exe"
GemMaster Mystic-->"D:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "d:\program files\google\googletoolbar1.dll"
Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.480-->D:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
Guild Wars-->"D:\Program Files\Guild Wars Run\Gw.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->D:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA\HXFSETUP.EXE -U -IGENHDA5.inf
High Definition Audio Driver Package - KB835221-->D:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"D:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"D:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"D:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"D:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"D:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImgBurn-->"D:\Program Files\ImgBurn\uninstall.exe"
Instant Housecall - Specialist Sign-in-->D:\Documents and Settings\Mike\Application Data\Instant Housecall\Free Edition\Specialist\UninstallSignIn.exe
Intel® Graphics Media Accelerator Driver-->D:\WINDOWS\system32\igxpun.exe -uninstall
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Codec Pack 3.5.0 Basic-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 5.2.13-->"D:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam Driver Package-->"D:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"D:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech SetPoint-->"D:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l1033 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"D:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Easy Assist v2-->MsiExec.exe /I{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"D:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"d:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Visual Studio 2005 Tools for Applications - ENU-->MsiExec.exe /X{D481EA96-2313-4A7C-98EE-710D1AF884AC}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MyFreeCodec-->D:\Program Files\MyFree Codec\09c beta\uninstall.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto-->"D:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan 2.0-->D:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
ParetoLogic Data Recovery-->MsiExec.exe /I{B1C2398C-6FAB-46D1-806C-5942F0829994}
PowerDVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"D:\Program Files\PowerISO\uninstall.exe"
PrimoPDF-->"D:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:D:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Putty-->MsiExec.exe /I{8A4589F3-E0F2-41E2-906A-ECB7A4B76291}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rosetta Stone Version 3-->MsiExec.exe /X{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}
Saitek SD6 Programming Software 6.6.6.9-->MsiExec.exe /X{49480197-4A67-4EAB-AD44-001862FCEEB7}
SAMSUNG Mobile Modem Driver Set-->D:\Program Files\SAMSUNG\SAMSUNG Mobile Modem\SSCDUninstall.exe
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Security Update for Windows Internet Explorer 7 (KB931768)-->"D:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"D:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"D:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"D:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"D:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"D:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"D:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"D:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"D:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"D:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"D:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"D:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"D:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"D:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"D:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"D:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"D:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"D:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"D:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"D:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"D:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"D:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"D:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"D:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"D:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"D:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"D:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Software Informer 1.0 BETA-->"D:\Program Files\Software Informer\unins000.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.1-->D:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TTS-->MsiExec.exe /X{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
ubCore-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}
UltraEdit 15.10-->MsiExec.exe /I{DDF17E28-E4C4-41CF-9DB9-8FA5F19B918C}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB972636)-->"D:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"D:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"D:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"D:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"D:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->D:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe" -l0x9
Vuze Toolbar-->"D:\Program Files\AskBarDis\unins000.exe"
Vuze-->D:\Program Files\Vuze\uninstall.exe
VZAccess Manager-->D:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE D:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Window Washer-->D:\WINDOWS\Unwash6.exe
WindowBlinds-->D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->D:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us D:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"D:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live OneCare safety scanner-->RunDll32.exe "D:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766-->"D:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"D:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
WinSCP-->MsiExec.exe /I{F7A4A915-F322-477E-AE76-55F17B3CED7F}
X-Win32 8.2-->MsiExec.exe /I{291024B2-6A70-4622-A422-67DEDADA9072}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: MICHAEL-17CFE38
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 10
Source Name: Service Control Manager
Time Written: 20091001023955.000000-240
Event Type: error
User:

Computer Name: MICHAEL-17CFE38
Event Code: 11
Message: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Record Number: 9
Source Name: PlugPlayManager
Time Written: 20091001023933.000000-240
Event Type: error
User:

Computer Name: MICHAEL-17CFE38
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 8
Source Name: Service Control Manager
Time Written: 20091001023933.000000-240
Event Type: error
User:

Computer Name: MICHAEL-17CFE38
Event Code: 11050
Message: The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Record Number: 4
Source Name: dnscache
Time Written: 20091001023029.000000-240
Event Type: warning
User:

Computer Name: MICHAEL-17CFE38
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'KB904706' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.

Record Number: 1
Source Name: sr
Time Written: 20091001022958.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: MICHAEL-17CFE38
Event Code: 3
Message: The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.

Record Number: 4654
Source Name: SQLBrowser
Time Written: 20090911110032.000000-240
Event Type: warning
User:

Computer Name: MICHAEL-17CFE38
Event Code: 19011
Message:
Record Number: 4623
Source Name: MSSQL$MICROSOFTSMLBIZ
Time Written: 20090911105951.000000-240
Event Type: warning
User:

Computer Name: MICHAEL-17CFE38
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 4620
Source Name: Adobe Active File Monitor 7.0
Time Written: 20090911105912.000000-240
Event Type:
User:

Computer Name: MICHAEL-17CFE38
Event Code: 4113
Message: AntiVir has detected 'ADSPY/Look2Me.R'
in the file
E:\Malware\Utilities\Merijn Tools\Kill2Me\Kill2Me.exe

Record Number: 4616
Source Name: Avira AntiVir
Time Written: 20090910231752.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MICHAEL-17CFE38
Event Code: 4113
Message: AntiVir has detected 'ADSPY/Look2Me.R'
in the file
E:\Malware\Utilities\Merijn Tools\Kill2Me\Kill2Me.exe

Record Number: 4615
Source Name: Avira AntiVir
Time Written: 20090910231720.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;D:\Program Files\Microsoft SQL Server\80\Tools\Binn;d:\Program Files\Microsoft SQL Server\90\Tools\binn;D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727;D:\Program Files\QuickTime\QTSystem;D:\Program Files\Common Files\Autodesk Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Running from: D:\Documents and Settings\Mike\My Documents\Downloads\Win32kDiag (2).exe

Log file at : D:\Documents and Settings\Mike\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'D:\WINDOWS'...

Cannot access: D:\WINDOWS\system32\dumprep.exe

[1] 2004-08-10 07:00:00 10752 D:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 D:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:18 10752 D:\WINDOWS\system32\dumprep.exe ()

Cannot access: D:\WINDOWS\system32\MRT.exe

[1] 2009-08-28 17:38:20 24689600 D:\WINDOWS\system32\MRT.exe ()

Cannot access: D:\WINDOWS\system32\rundll32.exe

[1] 2004-08-10 07:00:00 33280 D:\WINDOWS\$NtServicePackUninstall$\rundll32.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:33 33280 D:\WINDOWS\ServicePackFiles\i386\rundll32.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:33 33280 D:\WINDOWS\system32\rundll32.exe ()

Finished!

#8 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 25 October 2009 - 03:46 PM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step 1

Ask Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know as stated in the following Articles:

http://www.benedelman.org/spyware/ask-toolbars/
http://vil.nai.com/vil/content/v_185490.htm

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Vuze Toolbar.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Step 3

We need to scan the system with this special tool:

* Please download and save:

Junction.zip

* Unzip it and place Junction.exe in the Windows directory (C:\Windows).
* Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Please post back with:
Malwarebytes-Logfile
Junction-Logfile
Fresh RSIT-Logfile

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#9 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 25 October 2009 - 04:29 PM

First things first when trying to delete Ask toolbar, the command prompt comes up. Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access them.

This is what always happens, I cannot go through Add/remove software to remove programs because this is what comes up.

I did manage to find Vuze, and deleted that.

Here is the log file for the Junction software, not a computer wiz, but looks like it didn't work

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com

Failed to open \\?\c:\\System Volume Information: Access is denied.

...

...No reparse points found.

Here is The MBAM log

Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 3

10/25/2009 5:23:12 PM
mbam-log-2009-10-25 (17-23-12).txt

Scan type: Quick Scan
Objects scanned: 120237
Time elapsed: 8 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\Mike\My Documents\downloads\unconfirmed 23886.download (Adware.Casino) -> Quarantined and deleted successfully.
D:\Documents and Settings\Mike\My Documents\downloads\unconfirmed 47434.download (Adware.Casino) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rgadta.sys (Trojan.Goldun) -> Quarantined and deleted successfully.

And here is the RSIT log, The info.txt did not come up, I tried 2 times.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2009-10-25 17:28:44
Microsoft Windows XP Professional Service Pack 3
System drive D: has 18 GB (22%) free of 81 GB
Total RAM: 2038 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:45 PM, on 10/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Dell 968 AIO Printer\memcard.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\WINDOWS\ehome\ehtray.exe
D:\Program Files\Dell 968 AIO Printer\dldomon.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Logitech\QuickCam\Quickcam.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
D:\Program Files\Saitek\SD6\Software\ProfilerU.exe
D:\Program Files\Saitek\SD6\Software\SaiMfd.exe
D:\Program Files\Dell Support Center\bin\sprtcmd.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
D:\Program Files\Webroot\Washer\wwDisp.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Windows Plus\Dancer\Dancer.exe
D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\WINDOWS\system32\dlcicoms.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe
D:\WINDOWS\system32\dldocoms.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\PSIService.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Program Files\Webroot\Washer\WasherSvc.exe
D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Mike\My Documents\Downloads\RSIT.exe
D:\Program Files\trend micro\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Roadie] "D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe"
O4 - HKLM\..\Run: [SynTPEnh] "D:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "D:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ehTray] "D:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [dldomon.exe] "D:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "D:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "D:\WINDOWS\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" /P27 "EPSON Stylus CX5800F Series" /O5 "LPT1:" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [IgfxTray] "D:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "D:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "D:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] "D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE" /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ProfilerU] "D:\Program Files\Saitek\SD6\Software\ProfilerU.exe"
O4 - HKLM\..\Run: [SaiMfd] "D:\Program Files\Saitek\SD6\Software\SaiMfd.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "D:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Photo Downloader] D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Window Washer] "D:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Dancer] "D:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Service Manager.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - D:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - D:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217432680738
O16 - DPF: {D4C15E81-E2F6-4013-B81D-6F796D2C78C5} (SdcWebSecurityCtrl Class) - https://secure.stamps.com/download/us/regis...WebSecurity.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - D:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlci_device - - D:\WINDOWS\system32\dlcicoms.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - D:\WINDOWS\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - D:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - D:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - D:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 16951 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-764733703-839522115-1003UA.job
D:\WINDOWS\tasks\ParetoLogic Registration.job
D:\WINDOWS\tasks\ParetoLogic Update Version2.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{2E6939AF-E8C5-48D3-A28F-C17439F5232F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-03 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - D:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-03 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - D:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - []
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Turtle Beach Audio Advantage Roadie"=D:\Program Files\Turtle Beach\AudioAdvantageRoadie\TBAA.exe [2005-10-28 1572864]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"SigmatelSysTrayApp"=D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"RemoteControl"=D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"MemoryCardManager"=D:\Program Files\Dell 968 AIO Printer\memcard.exe [2007-10-05 410864]
"ISUSScheduler"=D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ISUSPM Startup"=D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ehTray"=D:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"dldomon.exe"=D:\Program Files\Dell 968 AIO Printer\dldomon.exe [2007-10-05 455920]
"Dell 968 AIO Printer Fax Server"=D:\Program Files\Dell 968 AIO Printer\fm3032.exe [2007-10-05 312560]
"Broadcom Wireless Manager UI"=D:\WINDOWS\system32\WLTRAY.exe [2008-06-02 2220032]
"EPSON Stylus CX5800F Series"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE [2005-05-10 98304]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2007-03-30 138008]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2007-03-30 162584]
"LogitechCommunicationsManager"=D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=D:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"EPSON Stylus Photo R200 Series"=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE [2003-07-08 99840]
"ProfilerU"=D:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=D:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
"dellsupportcenter"=D:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Kernel and Hardware Abstraction Layer"=D:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"PWRISOVM.EXE"=D:\Program Files\PowerISO\PWRISOVM.EXE [2009-07-26 180224]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"Corel Photo Downloader"=D:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"=D:\Program Files\Webroot\Washer\wwDisp.exe [2007-10-03 1206600]
"swg"=D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-21 68856]
"Google Update"=D:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 133104]
"Dancer"=D:\Program Files\Windows Plus\Dancer\Dancer.exe [2004-08-10 188416]
"TuneUp MemOptimizer"=D:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe [2009-07-16 163144]
"SUPERAntiSpyware"=D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480]
"SpybotSD TeaTimer"=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
D:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2
"Viewpoint Manager Service"=2

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe
Service Manager.lnk - D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
D:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2007-10-16 10792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2007-03-30 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-05-26 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-03-26 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rootrepeal.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=D:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\WINDOWS\system32\dlcicoms.exe"="D:\WINDOWS\system32\dlcicoms.exe:*:Enabled:Dell 946 Server"
"D:\Program Files\Dell 968 AIO Printer\dldomon.exe"="D:\Program Files\Dell 968 AIO Printer\dldomon.exe:*:Enabled:Printer Device Monitor"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldopswx.exe:*:Enabled:Printer Status Window Interface"
"D:\Program Files\Dell 968 AIO Printer\dldoaiox.exe"="D:\Program Files\Dell 968 AIO Printer\dldoaiox.exe:*:Enabled:AIOC exe"
"D:\Program Files\Dell 968 AIO Printer\DLDOFax.exe"="D:\Program Files\Dell 968 AIO Printer\DLDOFax.exe:*:Enabled:Fax Solutions Software"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldojswx.exe:*:Enabled:Job Status Window Interface"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldotime.exe:*:Enabled:Time Executable"
"D:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe"="D:\Program Files\Dell 968 AIO Printer\Wireless\dldowpss.exe:*:Enabled: "
"D:\WINDOWS\system32\dldocoms.exe"="D:\WINDOWS\system32\dldocoms.exe:*:Enabled:Dell Communications System"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\WINDOWS\system32\dldocfg.exe"="D:\WINDOWS\system32\dldocfg.exe:*:Enabled:Printer Communication System"
"D:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe"="D:\WINDOWS\system32\spool\drivers\w32x86\3\dldowbgw.exe:*:Enabled:Dell Web Gateway"
"D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe"="D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe:*:Enabled:sqlservr.exe"
"D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"="D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe:*:Enabled:sqlbrowser.exe"
"D:\Program Files\Common Files\AOL\Loader\aolload.exe"="D:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\StarNet\X-Win32 8.2\xwin32.exe"="D:\Program Files\StarNet\X-Win32 8.2\xwin32.exe:*:Enabled:X-Win32 PC X Server"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\Program Files\Free Download Manager\fdm.exe"="D:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\AdventNet\ME\VQManager\mysql\bin\mysqld-nt.exe"="C:\AdventNet\ME\VQManager\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"D:\Program Files\Sierra\Empire Earth Gold\The Art of Conquest\EE-AOC.exe"="D:\Program Files\Sierra\Empire Earth Gold\The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"D:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe"="D:\Program Files\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\AIM6\aim6.exe"="D:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="D:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

======List of files/folders created in the last 1 months======

2009-10-25 17:05:44 ----A---- D:\WINDOWS\Eula.txt
2009-10-25 17:05:43 ----A---- D:\WINDOWS\junction.exe
2009-10-25 15:08:49 ----D---- D:\rsit
2009-10-25 12:27:07 ----A---- D:\ComboFix.txt
2009-10-18 22:15:37 ----D---- D:\Program Files\Common Files\ParetoLogic
2009-10-18 22:15:37 ----D---- D:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-10-18 22:15:01 ----D---- D:\Documents and Settings\All Users\Application Data\Cached Installations
2009-10-18 22:07:07 ----D---- D:\Program Files\Disk Doctors Undelete (Demo)
2009-10-13 19:14:22 ----D---- D:\Program Files\Common Files\TI Shared
2009-10-13 19:14:21 ----D---- D:\Program Files\TI Education
2009-10-01 03:24:49 ----D---- D:\Program Files\Spybot - Search & Destroy
2009-10-01 03:24:04 ----A---- D:\RootRepeal report 10-01-09 (03-24-04).txt
2009-10-01 03:04:55 ----A---- D:\WINDOWS\eventlog.dll
2009-10-01 03:04:55 ----A---- D:\avplog.txt
2009-10-01 02:52:58 ----SHD---- D:\RECYCLER
2009-10-01 02:26:45 ----D---- D:\Combo26894C
2009-09-30 21:59:38 ----D---- D:\Program Files\IDM Computer Solutions
2009-09-30 21:59:38 ----D---- D:\Documents and Settings\Mike\Application Data\IDMComp
2009-09-29 22:59:46 ----D---- D:\Combo31805C
2009-09-29 22:39:26 ----D---- D:\Combo
2009-09-29 21:52:39 ----D---- D:\ComboFix
2009-09-29 21:39:22 ----A---- D:\WINDOWS\NIRCMD.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\zip.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWXCACLS.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWSC.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\SWREG.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\sed.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\PEV.exe
2009-09-29 21:39:21 ----A---- D:\WINDOWS\grep.exe
2009-09-29 21:38:06 ----D---- D:\WINDOWS\ERDNT
2009-09-29 21:34:09 ----AD---- D:\Qoobox

======List of files/folders modified in the last 1 months======

2009-10-25 17:28:45 ----D---- D:\Program Files\Trend Micro
2009-10-25 17:23:12 ----D---- D:\WINDOWS\system32
2009-10-25 17:05:44 ----D---- D:\WINDOWS
2009-10-25 17:02:50 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-10-25 17:02:46 ----D---- D:\WINDOWS\system32\drivers
2009-10-25 17:00:37 ----D---- D:\Program Files
2009-10-25 15:00:01 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-10-25 14:58:42 ----SD---- D:\WINDOWS\Tasks
2009-10-25 14:58:32 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2009-10-25 12:27:12 ----D---- D:\WINDOWS\Temp
2009-10-25 12:18:49 ----A---- D:\WINDOWS\system.ini
2009-10-25 12:18:47 ----D---- D:\WINDOWS\system32\CatRoot2
2009-10-25 12:14:53 ----D---- D:\Documents and Settings\Mike\Application Data\LimeWire
2009-10-25 12:07:16 ----D---- D:\WINDOWS\AppPatch
2009-10-25 12:06:51 ----D---- D:\Program Files\Common Files
2009-10-25 11:54:34 ----D---- D:\WINDOWS\Prefetch
2009-10-18 22:32:14 ----D---- D:\Documents and Settings\Mike\Application Data\gtk-2.0
2009-10-18 22:15:42 ----SHD---- D:\WINDOWS\Installer
2009-10-18 22:15:41 ----D---- D:\Config.Msi
2009-10-15 21:27:46 ----D---- D:\Documents and Settings\Mike\Application Data\gedit
2009-10-13 19:38:13 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-10-13 19:35:45 ----D---- D:\WINDOWS\inf
2009-10-13 19:14:38 ----RSD---- D:\WINDOWS\Fonts
2009-10-13 19:14:26 ----D---- D:\WINDOWS\twain_32
2009-10-13 19:14:24 ----D---- D:\WINDOWS\system
2009-10-13 19:12:33 ----D---- D:\Program Files\Common Files\Wise Installation Wizard
2009-10-01 03:25:36 ----D---- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 02:40:07 ----D---- D:\WINDOWS\system32\config
2009-10-01 02:35:46 ----D---- D:\Program Files\SUPERAntiSpyware
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\xircom
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\wins
2009-10-01 02:30:07 ----D---- D:\WINDOWS\system32\ShellExt
2009-10-01 02:30:06 ----D---- D:\WINDOWS\system32\export
2009-10-01 02:30:06 ----D---- D:\WINDOWS\system32\dhcp
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\3com_dmi
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\3076
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\2052
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1054
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1042
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1041
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1037
2009-10-01 02:30:05 ----D---- D:\WINDOWS\system32\1031
2009-10-01 02:30:04 ----D---- D:\WINDOWS\system32\1028
2009-10-01 02:30:04 ----D---- D:\WINDOWS\system32\1025
2009-10-01 02:30:04 ----D---- D:\WINDOWS\SxsCaPendDel
2009-10-01 02:30:03 ----D---- D:\WINDOWS\SolidWorks
2009-10-01 02:30:02 ----D---- D:\WINDOWS\PIF
2009-10-01 02:30:02 ----D---- D:\WINDOWS\msdownld.tmp
2009-10-01 02:30:02 ----D---- D:\WINDOWS\Minidump
2009-10-01 02:30:01 ----D---- D:\WINDOWS\Connection Wizard
2009-10-01 02:30:01 ----D---- D:\WINDOWS\Config
2009-10-01 02:29:59 ----D---- D:\WINDOWS\addins
2009-09-30 22:10:50 ----D---- D:\MGtools
2009-09-30 22:04:53 ----D---- D:\Program Files\Microsoft Games
2009-09-30 21:50:00 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-09-29 22:59:53 ----A---- D:\WINDOWS\ntbtlog.txt
2009-09-29 22:51:13 ----D---- D:\Documents and Settings\Mike\Application Data\Webroot
2009-09-29 22:51:13 ----D---- D:\Documents and Settings\All Users\Application Data\Webroot
2009-09-29 22:31:28 ----A---- D:\avenger.txt
2009-09-28 12:41:06 ----D---- D:\Documents and Settings\Mike\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OMCI;OMCI; D:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SCDEmu;SCDEmu; D:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-20 279712]
R2 LBeepKE;LBeepKE; D:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-20 25888]
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-12-09 12544]
R2 rimmptsk;rimmptsk; D:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256]
R2 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; D:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R2 ubsbm;Unibrain 1394 SBM Driver; D:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 14080]
R2 ubumapi;Unibrain 1394 FireAPI Driver; D:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 36352]
R3 BCM43XX;Dell Wireless WLAN Card Driver; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-02 1287552]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; D:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-01-30 45568]
R3 btaudio;Bluetooth Audio Device; D:\WINDOWS\system32\drivers\btaudio.sys [2007-08-29 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys [2007-08-29 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; D:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-08-29 876384]
R3 catchme;catchme; \??\D:\Combo13422C\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; D:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; D:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-03-30 5704672]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter; D:\WINDOWS\System32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter; D:\WINDOWS\System32\Drivers\LHidEqd.Sys [2009-06-17 10384]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; D:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; D:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LVPr2Mon;LVPr2Mon Driver; D:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SaiMini;SaiMini; D:\WINDOWS\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; D:\WINDOWS\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; D:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 ubohci;Unibrain 1394 OHCI Driver; D:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 77056]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R4 avgntflt;avgntflt; \??\D:\Program Files\Avira\AntiVir Desktop\avgntflt.sys []
S3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BthEnum;Bluetooth Request Block Driver; D:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; D:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); D:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; D:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; D:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-08-29 149123]
S3 btwhid;btwhid; D:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-08-29 55352]
S3 btwmodem;Bluetooth Modem; D:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-08-30 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; D:\WINDOWS\System32\Drivers\btwusb.sys [2007-08-30 67960]
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmudau;Audio Advantage Roadie Interface; D:\WINDOWS\system32\drivers\cmudau.sys [2005-10-03 1334272]
S3 dot4;MS IEEE-1284.4 Driver; D:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; D:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; D:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 FilterService;UVC Filter Service; D:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 FTDIBUS;USB Serial Converter Driver; D:\WINDOWS\system32\drivers\ftdibus.sys [2007-11-20 47249]
S3 lvpopflt;Logitech POP Suppression Filter; D:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVRS;Logitech RightSound Filter Driver; D:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 lvselsus;Logitech Selective Suspend Filter; D:\WINDOWS\system32\DRIVERS\lvselsus.sys [2008-07-26 66456]
S3 LVUSBSta;Logitech USB Monitor Filter; D:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); D:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 MHNDRV;MHN driver; D:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SaiH0255;SaiH0255; D:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2007-05-01 132232]
S3 sffdisk;SFF Storage Class Driver; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\D:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; D:\WINDOWS\System32\Drivers\sskbfd.sys [2007-10-01 23864]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; D:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TVICHW32;TVICHW32; \??\D:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; D:\WINDOWS\system32\DRIVERS\usbcm.sys [2002-04-11 13335]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; D:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 ASKUpgrade;ASKUpgrade; D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 BthServ;Bluetooth Support Service; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 dlci_device;dlci_device; D:\WINDOWS\system32\dlcicoms.exe [2006-11-03 537480]
R2 dldo_device;dldo_device; D:\WINDOWS\system32\dldocoms.exe [2007-10-05 595184]
R2 dldoCATSCustConnectService;dldoCATSCustConnectService; D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LVCOMSer;LVCOMSer; D:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 McrdSvc;Media Center Extender Service; D:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); d:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
R2 ProtexisLicensing;ProtexisLicensing; D:\WINDOWS\system32\PSIService.exe [2006-11-03 174656]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); D:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-26 201968]
R2 SQLBrowser;SQL Server Browser; d:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; d:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 wwEngineSvc;Window Washer Engine; D:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 598856]
S2 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S2 LVPrcSrv;Process Monitor; D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe []
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; D:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2007-10-16 16936]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; D:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2009-05-26 121360]
S3 MHN;MHN; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; d:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; D:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; D:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; D:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-08-24 79360]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; D:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-04 323584]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-01 361288]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Viewpoint Manager Service;Viewpoint Manager Service; D:\Program Files\Viewpoint\Common\ViewpointService.exe []

-----------------EOF-----------------

I'm now gonna restart for MalwareBytes.

#10 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 26 October 2009 - 12:37 PM

Hi,

We need to reset the permissions altered by the malware on some files.

* Download this tool and save it to your Desktop: <-- Important

Inherit.exe

* Go to Start => Run => Copy and paste the first line of the following lines in the run box and click OK:

"%userprofile%\desktop\inherit" "D:\windows\system32\appwiz.cpl"

* If you get a security warning select Run.
* You will get a "Finish" popup. Click OK.

Please try again to work with add/remove programs and let me know if it works. Then please post back with a fresh RSIT-Logfile

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#11 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 26 October 2009 - 10:36 PM

Ran Inherit like you said, but it just disappears, and never comes back.

#12 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 27 October 2009 - 01:52 PM

Hi,

Did add/remove programs work right now?

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#13 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 27 October 2009 - 02:24 PM

Negative, Inherit would not run correctly, and add/remove do not work

#14 schrauber

Mr.Mechanic

Group: Malware Response Team
Posts: 21,111
Joined: 03-May 08
Gender:Male
Location:Saarland,Germany

Posted 27 October 2009 - 02:45 PM

Hi,

Please follow the instructions in the link below to run dial-a-fix, post back with the content of the logfile

http://www.bleepingcomputer.com/forums/topic160132.html

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#15 TheDogFaceAce

New Member

Group: Members
Posts: 13
Joined: 14-September 09

Posted 27 October 2009 - 03:01 PM

here is the log

3:51:48 PM | Dial-a-fix was unable to determine your version of Internet Explorer
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 8.0.6001.18702
MPC: 76487-OEM
CPU: Intel® Core™2 CPU T5600 @ 1.83GHz (~1833MHz)
CPU: CPU is 64-bit or has 64-bit extensions
CPU: 2 CPU cores present
BIOS: 7/29/2006
Memory (approx): 2038MB
Uptime: 15 hour(s)
Current directory: D:\DOCUME~1\Mike\LOCALS~1\Temp\Rar$EX02.547\Dial-a-fix-v0.60.0.24
---

10/27/2009 3:51:48 PM -- Dial-a-fix : [v0.60.0.24] -- started
3:51:48 PM | Policy scan started
3:51:48 PM | Policy scan ended - no restrictive policies were found
--- MSI ---
3:52:20 PM | Registered: D:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
3:52:27 PM | Unregistered: D:\WINDOWS\system32\msxml.dll
3:52:27 PM | Registered: D:\WINDOWS\system32\msxml.dll
3:52:27 PM | Unregistered: D:\WINDOWS\system32\msxml2.dll
3:52:27 PM | Registered: D:\WINDOWS\system32\msxml2.dll
3:52:35 PM | Unregistered: D:\WINDOWS\system32\msxml3.dll
3:52:36 PM | Registered: D:\WINDOWS\system32\msxml3.dll
3:52:36 PM | Unregistered: D:\WINDOWS\system32\msxml4.dll
3:52:36 PM | Registered: D:\WINDOWS\system32\msxml4.dll
3:52:37 PM | Unregistered: D:\WINDOWS\system32\qmgr.dll
3:52:37 PM | Registered: D:\WINDOWS\system32\qmgr.dll
3:52:37 PM | Unregistered: D:\WINDOWS\system32\qmgrprxy.dll
3:52:37 PM | Registered: D:\WINDOWS\system32\qmgrprxy.dll
3:52:37 PM | Unregistered: D:\WINDOWS\system32\muweb.dll
3:52:37 PM | Registered: D:\WINDOWS\system32\muweb.dll
3:52:37 PM | Unregistered: D:\WINDOWS\system32\winhttp.dll
3:52:37 PM | Registered: D:\WINDOWS\system32\winhttp.dll
3:52:37 PM | Registered: D:\WINDOWS\system32\wuapi.dll
3:52:38 PM | Unregistered: D:\WINDOWS\system32\wuaueng.dll
3:52:39 PM | Registered: D:\WINDOWS\system32\wuaueng.dll
3:52:40 PM | Unregistered: D:\WINDOWS\system32\wuaueng1.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\wuaueng1.dll
3:52:40 PM | Unregistered: D:\WINDOWS\system32\wucltui.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\wucltui.dll
3:52:40 PM | Unregistered: D:\WINDOWS\system32\wups.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\wups.dll
3:52:40 PM | Unregistered: D:\WINDOWS\system32\wups2.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\wups2.dll
3:52:40 PM | Unregistered: D:\WINDOWS\system32\wuweb.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\wuweb.dll
3:52:40 PM | Registered: D:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
3:52:50 PM | Executed 'cmd.exe /c rmdir /q /s D:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
3:52:54 PM | Unregistered: D:\WINDOWS\system32\cryptdlg.dll
3:52:54 PM | Registered: D:\WINDOWS\system32\cryptdlg.dll
3:52:54 PM | Unregistered: D:\WINDOWS\system32\cryptui.dll
3:52:54 PM | Registered: D:\WINDOWS\system32\cryptui.dll
3:52:55 PM | Unregistered: D:\WINDOWS\system32\cryptext.dll
3:52:55 PM | Registered: D:\WINDOWS\system32\cryptext.dll
3:52:55 PM | Unregistered: D:\WINDOWS\system32\dssenh.dll
3:52:55 PM | Registered: D:\WINDOWS\system32\dssenh.dll
3:52:55 PM | Unregistered: D:\WINDOWS\system32\gpkcsp.dll
3:52:55 PM | Registered: D:\WINDOWS\system32\gpkcsp.dll
3:52:55 PM | Unregistered: D:\WINDOWS\system32\initpki.dll
3:53:58 PM | Registered: D:\WINDOWS\system32\initpki.dll
3:53:59 PM | Unregistered: D:\WINDOWS\system32\licdll.dll
3:53:59 PM | Registered: D:\WINDOWS\system32\licdll.dll
3:53:59 PM | Unregistered: D:\WINDOWS\system32\mssign32.dll
3:53:59 PM | Registered: D:\WINDOWS\system32\mssign32.dll
3:53:59 PM | Unregistered: D:\WINDOWS\system32\mssip32.dll
3:53:59 PM | Registered: D:\WINDOWS\system32\mssip32.dll
3:53:59 PM | Unregistered: D:\WINDOWS\system32\scardssp.dll
3:54:00 PM | Registered: D:\WINDOWS\system32\scardssp.dll
3:54:00 PM | Unregistered: D:\WINDOWS\system32\sccbase.dll
3:54:00 PM | Registered: D:\WINDOWS\system32\sccbase.dll
3:54:00 PM | Unregistered: D:\WINDOWS\system32\scecli.dll
3:54:00 PM | Registered: D:\WINDOWS\system32\scecli.dll
3:54:01 PM | Unregistered: D:\WINDOWS\system32\softpub.dll
3:54:01 PM | Registered: D:\WINDOWS\system32\softpub.dll
3:54:02 PM | Unregistered: D:\WINDOWS\system32\slbcsp.dll
3:54:02 PM | Registered: D:\WINDOWS\system32\slbcsp.dll
3:54:03 PM | Unregistered: D:\WINDOWS\system32\regwizc.dll
3:54:03 PM | Registered: D:\WINDOWS\system32\regwizc.dll
3:54:03 PM | Unregistered: D:\WINDOWS\system32\rsaenh.dll
3:54:03 PM | Registered: D:\WINDOWS\system32\rsaenh.dll
3:54:03 PM | Unregistered: D:\WINDOWS\system32\winhttp.dll
3:54:03 PM | Registered: D:\WINDOWS\system32\winhttp.dll
3:54:03 PM | Unregistered: D:\WINDOWS\system32\wintrust.dll
3:54:03 PM | Registered: D:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
3:54:03 PM | Registered: D:\WINDOWS\system32\acelpdec.ax
3:54:03 PM | Registered: D:\WINDOWS\system32\actxprxy.dll
3:54:03 PM | Registered: D:\WINDOWS\system32\asctrls.ocx
3:54:04 PM | Registered: D:\WINDOWS\system32\daxctle.ocx
3:54:04 PM | Registered: D:\WINDOWS\system32\hhctrl.ocx
3:54:04 PM | Registered: D:\WINDOWS\system32\l3codecx.ax
3:54:04 PM | Registered: D:\WINDOWS\system32\licmgr10.dll
3:54:04 PM | Registered: D:\WINDOWS\system32\mpg4ds32.ax
3:54:07 PM | Registered: D:\WINDOWS\system32\msdxm.ocx
3:54:08 PM | Registered: D:\WINDOWS\system32\proctexe.ocx
3:54:08 PM | Registered: D:\WINDOWS\system32\tdc.ocx
3:54:08 PM | Registered: D:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
3:54:08 PM | DllInstalled: D:\WINDOWS\system32\inetcpl.cpl
3:54:08 PM | DllInstalled: D:\WINDOWS\system32\appwiz.cpl
3:54:08 PM | Registered: D:\WINDOWS\system32\appwiz.cpl
3:54:08 PM | DllInstalled: D:\WINDOWS\system32\nusrmgr.cpl
3:54:08 PM | Registered: D:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
3:54:09 PM | Registered: D:\WINDOWS\system32\quartz.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\danim.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\dmscript.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\dmstyle.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\dxmasf.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\dxtmsft.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\dxtrans.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
3:54:10 PM | Registered: D:\WINDOWS\system32\atl.dll
3:54:10 PM | Registered: D:\WINDOWS\system32\corpol.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\jscript.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\dispex.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\scrrun.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\scrobj.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\vbscript.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
3:54:11 PM | Registered: D:\WINDOWS\system32\activeds.dll
3:54:11 PM | Registered: D:\WINDOWS\system32\audiodev.dll
3:54:12 PM | DllInstalled: D:\WINDOWS\system32\browseui.dll
3:54:12 PM | Registered: D:\WINDOWS\system32\browseui.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\browsewm.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\cabview.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\cdfview.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\clbcatex.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\clbcatq.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\comcat.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\cscui.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\credui.dll
3:54:13 PM | Registered: D:\WINDOWS\system32\datime.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\devmgr.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dfsshlex.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dmdlgs.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dmdskmgr.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dmloader.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dmocx.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dmview.ocx
3:54:14 PM | DllInstalled: D:\WINDOWS\system32\dsuiext.dll
3:54:14 PM | Registered: D:\WINDOWS\system32\dsuiext.dll
3:54:15 PM | DllInstalled: D:\WINDOWS\system32\dsquery.dll
3:54:15 PM | Registered: D:\WINDOWS\system32\dsquery.dll
3:54:15 PM | Registered: D:\WINDOWS\system32\dskquoui.dll
3:54:15 PM | Registered: D:\WINDOWS\system32\els.dll
3:54:16 PM | Registered: D:\WINDOWS\system32\es.dll
3:54:16 PM | Registered: D:\WINDOWS\system32\fontext.dll
3:54:16 PM | Registered: D:\WINDOWS\system32\hlink.dll
3:54:16 PM | Registered: D:\WINDOWS\system32\hnetcfg.dll
3:54:16 PM | Registered: D:\WINDOWS\system32\iedkcs32.dll
3:54:17 PM | Registered: D:\WINDOWS\system32\iepeers.dll
3:54:17 PM | Error 127: D:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:58:09 PM | Error 127: D:\WINDOWS\system32\iesetup.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
3:58:12 PM | Registered: D:\WINDOWS\system32\ils.dll
3:58:12 PM | Error 127: D:\WINDOWS\system32\imgutil.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:58:14 PM | Registered: D:\WINDOWS\system32\inetcfg.dll
3:58:14 PM | Registered: D:\WINDOWS\system32\inetcomm.dll
3:58:14 PM | Error 127: D:\WINDOWS\system32\inseng.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:58:15 PM | Error 127: D:\WINDOWS\system32\inseng.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
3:58:16 PM | Registered: D:\WINDOWS\system32\laprxy.dll
3:58:16 PM | Registered: D:\WINDOWS\system32\lmrt.dll
3:58:17 PM | Registered: D:\WINDOWS\system32\mlang.dll
3:58:17 PM | Registered: D:\WINDOWS\system32\mmcndmgr.dll
3:58:17 PM | Registered: D:\WINDOWS\system32\mmcshext.dll
3:58:18 PM | Registered: D:\WINDOWS\system32\mscoree.dll
3:58:18 PM | Error 127: D:\WINDOWS\system32\mshtml.dll is not registerable or the file is corrupted. Version: 8.00.6001.18812
3:58:18 PM | Error 127: D:\WINDOWS\system32\mshtml.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18812
3:58:19 PM | Registered: D:\WINDOWS\system32\mshtmled.dll
3:58:19 PM | Registered: D:\WINDOWS\system32\msieftp.dll
3:58:19 PM | Registered: D:\WINDOWS\system32\msoeacct.dll
3:58:19 PM | Registered: D:\WINDOWS\system32\msr2c.dll
3:58:19 PM | Error 127: D:\WINDOWS\system32\msrating.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:58:20 PM | DllInstalled: D:\WINDOWS\system32\mydocs.dll
3:58:20 PM | Registered: D:\WINDOWS\system32\mydocs.dll
3:58:20 PM | Registered: D:\WINDOWS\system32\mstime.dll
3:58:20 PM | Registered: D:\WINDOWS\system32\netcfgx.dll
3:58:20 PM | DllInstalled: D:\WINDOWS\system32\netplwiz.dll
3:58:20 PM | Registered: D:\WINDOWS\system32\netplwiz.dll
3:58:21 PM | Registered: D:\WINDOWS\system32\netman.dll
3:58:21 PM | Registered: D:\WINDOWS\system32\netshell.dll
3:58:21 PM | Registered: D:\WINDOWS\system32\ntmsevt.dll
3:58:21 PM | Registered: D:\WINDOWS\system32\ntmsmgr.dll
3:58:21 PM | DllInstalled: D:\WINDOWS\system32\ntmssvc.dll
3:58:21 PM | Registered: D:\WINDOWS\system32\ntmssvc.dll
3:58:21 PM | Error 127: D:\WINDOWS\system32\occache.dll is not registerable or the file is corrupted. Version: 8.00.6001.18806
3:58:22 PM | Error 127: D:\WINDOWS\system32\occache.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18806
3:58:22 PM | Registered: D:\WINDOWS\system32\ole32.dll
3:58:23 PM | Registered: D:\WINDOWS\system32\oleaut32.dll
3:58:23 PM | Registered: D:\WINDOWS\system32\oleacc.dll
3:58:23 PM | Registered: D:\WINDOWS\system32\olepro32.dll
3:58:23 PM | DllInstalled: D:\WINDOWS\system32\photowiz.dll
3:58:23 PM | Registered: D:\WINDOWS\system32\photowiz.dll
3:58:23 PM | Error 127: D:\WINDOWS\system32\pngfilt.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:58:24 PM | Registered: D:\WINDOWS\system32\remotepg.dll
3:58:24 PM | Registered: D:\WINDOWS\system32\rpcrt4.dll
3:58:24 PM | Registered: D:\WINDOWS\system32\rshx32.dll
3:58:24 PM | Registered: D:\WINDOWS\system32\sendmail.dll
3:58:24 PM | Registered: D:\WINDOWS\system32\slayerxp.dll
3:58:26 PM | DllInstalled: D:\WINDOWS\system32\shdocvw.dll
3:58:26 PM | Registered: D:\WINDOWS\system32\shdocvw.dll
3:58:26 PM | Registered: D:\WINDOWS\system32\shell32.dll
3:58:33 PM | DllInstalled: D:\WINDOWS\system32\shell32.dll
3:58:33 PM | Registered: D:\WINDOWS\system32\shmedia.dll
3:58:33 PM | DllInstalled: D:\WINDOWS\system32\shimgvw.dll
3:58:33 PM | Registered: D:\WINDOWS\system32\shimgvw.dll
3:58:33 PM | DllInstalled: D:\WINDOWS\system32\shsvcs.dll
3:58:34 PM | Registered: D:\WINDOWS\system32\shsvcs.dll
3:58:34 PM | Registered: D:\WINDOWS\system32\srclient.dll
3:58:34 PM | Unregistered: D:\WINDOWS\system32\stobject.dll
3:58:34 PM | Registered: D:\WINDOWS\system32\stobject.dll
3:58:34 PM | DllInstalled: D:\WINDOWS\system32\themeui.dll
3:58:34 PM | Registered: D:\WINDOWS\system32\themeui.dll
3:58:35 PM | Registered: D:\WINDOWS\system32\twext.dll
3:58:36 PM | DllInstalled: D:\WINDOWS\system32\urlmon.dll
3:58:36 PM | Registered: D:\WINDOWS\system32\urlmon.dll
3:58:36 PM | Registered: D:\WINDOWS\system32\userenv.dll
3:58:36 PM | Error 127: D:\WINDOWS\system32\webcheck.dll is not registerable or the file is corrupted. Version: 8.00.6001.18702
3:59:33 PM | Error 127: D:\WINDOWS\system32\webcheck.dll is not DLLInstall-able or the file is corrupted. Version: 8.00.6001.18702
3:59:34 PM | Registered: D:\WINDOWS\system32\webvw.dll
3:59:34 PM | Registered: D:\WINDOWS\system32\winhttp.dll
3:59:34 PM | DllInstalled: D:\WINDOWS\system32\wininet.dll
3:59:34 PM | Registered: D:\WINDOWS\system32\zipfldr.dll
3:59:34 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdadc.dll
3:59:34 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaenum.dll
3:59:34 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaer.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaipp.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaora.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaosp.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaps.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasc.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdasql.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdatt.dll
3:59:35 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdaurl.dll
3:59:36 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmeng.dll
3:59:36 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msdmine.dll
3:59:36 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdcb80.dll
3:59:37 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msmdgd80.dll
3:59:37 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolap80.dll
3:59:37 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msolui80.dll
3:59:37 PM | Registered: D:\Program Files\Common Files\system\Ole DB\msxactps.dll
3:59:37 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32.dll
3:59:38 PM | Registered: D:\Program Files\Common Files\system\Ole DB\oledb32r.dll
3:59:38 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqloledb.dll
3:59:38 PM | Registered: D:\Program Files\Common Files\system\Ole DB\sqlxmlx.dll