Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Satellite Tv For Pc: Trojan-psw.win32.firefox.k


  • This topic is locked This topic is locked
14 replies to this topic

#1 aky

aky

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 11 June 2008 - 09:54 PM

Hi everyone, i installed a program (that was suppose to be from a trusted site) called Satellite TV for PC Elite. When the setup began, it asked for a password, i entered it as it directed in the directions.

After installing, the program never worked. I read on the site i d/l this from that this was a virus, i uninstalled and now each time i restart my computer the installer starts up again, on it's own asking for the password.

ive also attached a screen shot of the setup opening up upon start up


here's my scan


Deckard's System Scanner v20071014.68
Run by aaa on 2008-06-11 17:05:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-12 00:05:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-11 17:08:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSATKKBService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
D:Program FilesNeroNero8Nero BackItUpNBService.exe
D:Program FilesNOD32nod32krn.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32IoctlSvc.exe
C:WINDOWSsystem32PnkBstrA.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSexplorer.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesAnalog DevicesSoundMAXSMax4.exe
C:Program FilesCanonMyPrinterBJMYPRT.EXE
C:WINDOWSsystem32spooldriversw32x863WrtMon.exe
C:WINDOWSsystem32spooldriversw32x863WrtProc.exe
D:Program FilesLogitechMouseWaresystemEM_EXEC.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.EXE
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
D:Program FilesNOD32nod32kui.exe
D:Program FilesGenie-SoftGBMPro8GBMAgent.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:WINDOWSsystem32ctfmon.exe
D:Program FilesHallmarkHallmark Card Studio 2007 DeluxePlannerPLNRnote.exe
D:Program FilesLogitechSetPointSetPoint.exe
D:Program FilesallSnapallSnap.exe
C:Program FilesCommon FilesLogitechKHALKHALMNPR.EXE
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Documents and SettingsaaaDesktopdss(2).exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://start.icq.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.1.615.5858swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogleToolbar1.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] "C:Program FilesAnalog DevicesSoundMAXSmax4.exe" /tray
O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [WrtMon.exe] C:WINDOWSsystem32spooldriversw32x863WrtMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [IJNetworkScanUtility] C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.EXE
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [nod32kui] "d:Program FilesNOD32nod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "D:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [GBMPro8Agent] d:Program FilesGenie-SoftGBMPro8GBMAgent.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [GBMPro8Agent] d:Program FilesGenie-SoftGBMPro8GBMAgent.exe
O4 - HKCU..Run: [21684] C:WINDOWS/21684.exe
O4 - Startup: allSnap.lnk = D:Program FilesallSnapallSnap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Event Planner Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - d:Program FilesStreamingStarHiDownloadHDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - d:Program FilesStreamingStarHiDownloadHDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:WINDOWSbdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:Program FilesBitComettoolsBitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSnetwork diagnosticxpnetdiag.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184799061406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O17 - HKLMSYSTEMCCSServicesTcpip..{8FF73499-FE8E-44BB-B796-0AA21FAE39CB}: NameServer = 64.59.144.16,64.59.144.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:WINDOWSATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:Program FilesNeroNero8Nero
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:Program FilesNOD32nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:Program FilesPostgreSQL8.3binpg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:WINDOWSsystem32IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe


--
End of file - 10973 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "D:Program FilesAdobeAdobe Dreamweaver CS3Dreamweaver.exe",7
.js - jsfile - shellopencommand - "D:Program FilesAdobeAdobe Dreamweaver CS3Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:windowssystem32driversatkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - c:windowssystem32driversscdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - c:windowssystem32driverseio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>

S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:windowssystem32nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 RimUsb (BlackBerry Device) - c:windowssystem32driversrimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:program filescommon filesapplemobile device supportbinapplemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ATKKeyboardService (ATK Keyboard Service) - c:windowsatkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:program filesbonjourmdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - d:program filesneronero8nero backitupnbservice.exe
R2 pgsql-8.3 (PostgreSQL Database Server 8.3) - "c:program filespostgresql8.3binpg_ctl.exe" runservice -w -n "pgsql-8.3" -d "c:program filespostgresql8.3data" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
R2 PLFlash DeviceIoControl Service - c:windowssystem32ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 FLEXnet Licensing Service - "c:program filescommon filesmacrovision sharedflexnet publisherfnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX700 ser Network
Device ID: ROOTCANON_IJ_NETWORK0000
Manufacturer: Canon
Name: Canon MX700 ser Network
PNP Device ID: ROOTCANON_IJ_NETWORK0000
Service: StillCam


-- Scheduled Tasks -------------------------------------------------------------

2008-06-11 02:01:31 412 --a------ C:WINDOWSTasksGBM - Incremental-Full.job
2008-06-05 05:47:52 416 --a------ C:WINDOWSTasksGBM - Full Pictures-Full.job


-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-04 05:48:36 0 d-------- C:Documents and Settingsaaa.housecall6.6
2008-06-03 19:51:53 0 d-------- C:WINDOWSBDOSCAN8
2008-06-02 18:02:59 0 d-------- C:WINDOWSuninstall <UNINST~1>
2008-06-02 17:03:05 12702750 --a------ C:WINDOWS21684.exe
2008-05-27 09:21:55 0 d-------- C:Documents and SettingsAchlaApplication DataGenie-soft
2008-05-27 09:21:50 0 d-------- C:Documents and SettingsAchlaApplication DataNero
2008-05-23 22:37:40 0 d-------- C:Documents and SettingsAll UsersApplication DataGenie-Soft
2008-05-23 22:26:39 0 d-------- C:Documents and SettingsaaaApplication DataGenie-soft
2008-05-20 15:54:06 0 dr-h----- C:Documents and SettingsaaaRecent
2008-05-18 13:17:44 0 d-------- C:WINDOWSDownloaded Installations
2008-05-18 00:02:02 0 d-------- C:Program FilesNeroInstall.bak
2008-05-18 00:01:32 0 d-------- C:Documents and SettingsaaaApplication DataNero
2008-05-17 23:59:25 0 d-------- C:Program FilesCommon FilesNero
2008-05-17 23:59:25 0 d-------- C:Documents and SettingsAll UsersApplication DataNero
2008-05-17 23:55:14 237568 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-05-17 23:55:14 1216512 --a------ C:WINDOWSsystem32xvidcore.dll
2008-05-17 23:55:14 921600 --a------ C:WINDOWSsystem32vorbisenc.dll
2008-05-17 23:55:14 188416 --a------ C:WINDOWSsystem32vorbis.dll
2008-05-17 23:55:14 237568 --a------ C:WINDOWSsystem32OggDS.dll <Not Verified; ; Ogg DirectShow™ Filter Collection>
2008-05-17 23:55:14 45056 --a------ C:WINDOWSsystem32ogg.dll
2008-05-17 23:52:36 0 d-------- C:TempDVD
2008-05-16 22:12:52 0 d-------- C:Program FilesLoader
2008-05-13 18:55:52 0 d-------- C:Documents and SettingsaaaApplication DataSymantec
2008-05-13 14:24:09 0 d-------- C:Documents and SettingsaaaApplication DataURSoft
2008-05-13 00:14:02 0 d-------- C:Program FilesSymantec
2008-05-13 00:12:42 0 d-------- C:Documents and SettingsAll UsersApplication DataSymantec
2008-05-12 22:03:44 0 d-------- C:Documents and SettingsaaaApplication DataVideoReDo-TVSuite


-- Find3M Report ---------------------------------------------------------------

2008-06-03 21:40:48 1324 --a------ C:WINDOWSsystem32d3d9caps.dat
2008-05-24 22:42:36 0 d--h----- C:Program FilesInstallShield Installation Information
2008-05-23 22:11:18 0 d-------- C:Program FilesCommon Files
2008-05-21 20:16:33 0 d-------- C:Program FilesFull Tilt Poker
2008-05-17 22:14:19 0 d-------- C:Program FilesCommon FilesAhead
2008-05-09 18:05:05 298104 --a------ C:WINDOWSsystem32imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-09 17:59:20 0 d-------- C:Program FilesMicrosoft Works
2008-05-09 17:59:06 0 d-------- C:Program FilesMSBuild
2008-05-09 17:58:34 0 d-------- C:Program FilesMicrosoft.NET
2008-05-09 17:57:08 0 d-------- C:Program FilesMicrosoft Visual Studio 8
2008-05-02 22:05:43 2560 --a------ C:WINDOWSsystem32bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-27 15:46:42 0 d-------- C:Documents and SettingsaaaApplication DataAdobe
2008-04-19 14:23:38 0 d-------- C:Program FilesCommon FilesAnvsoft
2008-04-19 13:53:12 0 d-------- C:Program FilesDVD Photo Slideshow Professional
2008-04-16 22:11:31 0 d-------- C:Program FilesSystemRequirementsLab
2008-04-16 22:11:20 0 d-------- C:Documents and SettingsaaaApplication DataSystemRequirementsLab
2008-04-15 16:15:03 0 d-------- C:Program FilesCommon FilesAdobe
2008-04-13 21:04:01 5 --a------ C:WINDOWSsystem32SySCut.dat
2008-04-13 20:43:51 0 d-------- C:Documents and SettingsaaaApplication DataLimeWire
2008-04-12 19:28:40 0 d-------- C:Program FilesPostgreSQL
2008-04-11 12:06:39 0 d-------- C:Program FilesPicasa2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [12/05/2007 01:41 AM]
"SoundMAXPnP"="C:Program FilesAnalog DevicesCoresmax4pnp.exe" [12/18/2006 06:34 AM]
"SoundMAX"="C:Program FilesAnalog DevicesSoundMAXSmax4.exe" [07/13/2006 07:12 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:WINDOWSLOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [12/10/2004 01:45 PM C:WINDOWSKHALMNPR.Exe]
"CanonMyPrinter"="C:Program FilesCanonMyPrinterBJMyPrt.exe" [04/03/2007 09:50 AM]
"WrtMon.exe"="C:WINDOWSsystem32spooldriversw32x863WrtMon.exe" [09/20/2006 09:35 AM]
"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [01/31/2008 11:13 PM]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [01/11/2008 10:16 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [12/05/2007 01:41 AM]
"IJNetworkScanUtility"="C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.EXE" [05/20/2007 04:37 PM]
"GrooveMonitor"="C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe" [10/27/2006 12:47 AM]
"nod32kui"="d:Program FilesNOD32nod32kui.exe" [05/09/2008 06:05 PM]
"NeroFilterCheck"="C:Program FilesCommon FilesNeroLibNeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="D:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe" [02/18/2008 04:29 PM]
"GBMPro8Agent"="d:Program FilesGenie-SoftGBMPro8GBMAgent.exe" [04/16/2008 08:55 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MsnMsgr"="C:Program FilesWindows LiveMessengerMsnMsgr.exe" [03/19/2008 11:01 AM]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 05:00 AM]
"GBMPro8Agent"="d:Program FilesGenie-SoftGBMPro8GBMAgent.exe" [04/16/2008 08:55 AM]
"21684"="C:WINDOWS/21684.exe" [07/04/2006 03:28 PM]

C:Documents and SettingsaaaStart MenuProgramsStartup
allSnap.lnk - D:Program FilesallSnapallSnap.exe [4/8/2008 12:04:38 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Event Planner Reminder.lnk - C:WINDOWSInstaller{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [12/21/2007 9:56:56 PM]
Logitech SetPoint.lnk - D:Program FilesLogitechSetPointSetPoint.exe [12/28/2007 8:55:07 PM]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^aaa^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:Documents and SettingsaaaStart MenuProgramsStartupPicture Motion Browser Media Check Tool.lnk
backup=C:WINDOWSpssPicture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupDesktop Manager.lnk
backup=C:WINDOWSpssDesktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupGoogle Updater.lnk
backup=C:WINDOWSpssGoogle Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartuphp psc 2000 Series.lnk
backup=C:WINDOWSpsshp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartuphpoddt01.exe.lnk
backup=C:WINDOWSpsshpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupKodak EasyShare software.lnk
backup=C:WINDOWSpssKodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:Documents and SettingsAll UsersStart MenuProgramsStartupMicrosoft Office.lnk
backup=C:WINDOWSpssMicrosoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
"C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBCWipeTM Startup]
"d:Program FilesJeticoBCWipeBCWipeTM.exe" startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
"D:Program FilesiTunesiTunesHelper.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMonAppli]
C:Windowssystem32isys32.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
C:Program FilesCommon FilesAheadLibNeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]
RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]
RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNWEReboot]


[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregOpwareSE4]
"D:Program FilesScanSoftOmniPageSE4OpwareSE4.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregPWRISOVM.EXE]
d:Program FilesPowerISOPWRISOVM.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
"C:Program FilesQuickTimeQTTask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSkype]
"C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSSBkgdUpdate]
"C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
"C:Program FilesJavajre1.6.0_03binjusched.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTomTomHOME.exe]
"d:Program FilesTomTom HOME 2HOMERunner.exe" -s

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]
d:Program FilesWinampwinampa.exe


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2I]
AutoRuncommand- I:AutoRunCD.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2J]
AutoRuncommand- J:empty.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2K]
AutoRuncommand- K:empty.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2L]
AutoRuncommand- L:empty.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
AutoRuncommand- H:InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-06-11 19:50:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
CPU 1: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2047.11 MiB / 1546.33 MiB
Pagefile Memory (total/avail): 3939.59 MiB / 3597.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40 GiB total, 18.16 GiB free.
D: is Fixed (NTFS) - 150 GiB total, 7.64 GiB free.
E: is Fixed (NTFS) - 84.47 GiB total, 20.04 GiB free.
F: is Fixed (NTFS) - 5 GiB total, 2.97 GiB free.
G: is CDROM (CDFS)
H: is Removable (No Media)

.PHYSICALDRIVE0 - Maxtor 6L300S0 - 279.47 GiB - 4 partitions
PARTITION0 (bootable) - Installable File System - 40 GiB - C:
PARTITION1 - Installable File System - 150 GiB - D:
PARTITION2 - Installable File System - 84.47 GiB - E:
PARTITION3 - Installable File System - 5 GiB - F:

.PHYSICALDRIVE1 - Canon MX700 series USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:Program FilesLimeWireLimeWire.exe"="D:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesBonjourmDNSResponder.exe"="C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour"
"D:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe"="D:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe:*:Enabled:EasyShare"
"C:Program FilesSkypePhoneSkype.exe"="C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:Program FilesBitCometBitComet.exe"="E:Program FilesBitCometBitComet.exe:*:Enabled:BitComet"
"C:WINDOWSsystem32PnkBstrA.exe"="C:WINDOWSsystem32PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:WINDOWSsystem32PnkBstrB.exe"="C:WINDOWSsystem32PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"="D:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"D:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe"="D:Program FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe:*:Enabled:Kaspersky Anti-Virus"
"D:Program FilesCrysisBin32Crysis.exe"="D:Program FilesCrysisBin32Crysis.exe:*:Enabled:Crysis_32"
"D:Program FilesCrysisBin32CrysisDedicatedServer.exe"="D:Program FilesCrysisBin32CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"D:Program FilesiTunesiTunes.exe"="D:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesWindows LiveMessengermsnmsgr.exe"="C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:Program FilesWindows LiveMessengerlivecall.exe"="C:Program FilesWindows LiveMessengerlivecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE"="C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE"="C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE"="C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:Documents and SettingsAll Users
APPDATA=C:Documents and SettingsaaaApplication Data
CLASSPATH=.;C:Program FilesJavajre1.6.0_03libextQTJava.zip
CommonProgramFiles=C:Program FilesCommon Files
COMPUTERNAME=DESKTOP
ComSpec=C:WINDOWSsystem32cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=Documents and Settingsaaa
LOGONSERVER=DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=d:Program FilesFirefox;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesQuickTimeQTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:Program Files
PROMPT=$P$G
QTJAVA=C:Program FilesJavajre1.6.0_03libextQTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:WINDOWS
TEMP=C:DOCUME~1aaaA~1LOCALS~1Temp
TMP=C:DOCUME~1aaaA~1LOCALS~1Temp
USERDOMAIN=DESKTOP
USERNAME=aaa
USERPROFILE=C:Documents and Settingsaaa
windir=C:WINDOWS


-- User Profiles ---------------------------------------------------------------

aaa (admin)
Achla
postgres
postgres.DESKTOP
postgres.DESKTOP.000
test account (new local, admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
--> C:WINDOWSUNNeroMediaHome.exe /UNINSTALL
--> C:WINDOWSUNNeroShowTime.exe /UNINSTALL
--> C:WINDOWSUNNeroVision.exe /UNINSTALL
--> C:WINDOWSUNRecode.exe /UNINSTALL
--> D:Program FilesNeroNero8nerouninstallUNNERO.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{02FB2C63-5763-4CDD-99E6-566C57189742}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{28B97CAB-828F-49D8-A30A-675476F9BA92}setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{3881DD58-780F-4FCF-8A16-6E6800C2FEE0}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{4E7DC12A-3597-4A94-9429-F6C6987361B1}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{6813C983-427E-4511-8456-E98FCAA1A125}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{7DADB304-AF20-48C3-A780-4B4133A08817}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9225EABF-4457-403B-A82B-91614C9DDDF7}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{ACE66099-E18E-4037-83C8-9D182E5B9FA8}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{B34B6E67-FCDD-4E03-8742-B5701427FAFB}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{E9CCEA28-3608-4078-8A07-997646E1A357}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}setup.exe" -l0x9 -removeonly
--> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{FD7FF74D-0AB5-48D6-929C-7E93A5162521}setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:Program FilesCommon FilesAdobeInstallers435a6af7459cb02a9c1138113a26e93Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:Program FilesCommon FilesAdobeInstallersa04a925a57548091300ada368235fc6Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:Program FilesCommon FilesAdobeInstallers719d6f144d0c086a0dfa7ff76bb9ac1Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Allok Video Joiner 2.2.0 --> "d:Program FilesAllok Video Joinerunins000.exe"
allSnap version 1.33.2 --> "d:Program FilesallSnapunins000.exe"
AoA MP4 Converter --> "d:Program FilesAoA MP4 Converterunins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS Enhanced Display Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
AVI/MPEG/RM/WMV Joiner 4.81 --> "d:Program FilesAVI MPEG RM WMV Joinerunins000.exe"
AviSynth 2.5 --> "C:Program FilesAviSynth 2.5Uninstall.exe"
BCWipe 3.0 --> "C:WINDOWSBCUnInstall.exe" d:Program FilesJeticoBCWipeUnInstall.log
BitComet 1.00 --> e:Program FilesBitCometuninst.exe
Call of Duty® 4 - Modern Warfare™ --> C:Program FilesInstallShield Installation Information{E48469CC-635E-4FD5-A122-1497C286D217}setup.exe -runfromtemp -l0x0409
Canon IJ Network Scan Utility --> C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSU.EXE
Canon IJ Network Tool --> C:Program FilesCanonCanon IJ Network ToolCNMNUU.exe
Canon MP Navigator EX 1.0 --> "C:Program FilesCanonMP Navigator EX 1.0Maint.exe" /UninstallRemove C:Program FilesCanonMP Navigator EX 1.0uninst.ini
Canon MX700 series --> "C:WINDOWSsystem32CanonIJ Uninstaller Information{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_seriesDelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009
Canon My Printer --> C:Program FilesCanonMyPrinteruninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> d:Program FilesCanonEasy-PhotoPrint EXuninst.exe uninst.ini
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec --> d:Program FilesDivXDivXCodecUninstall.exe /CODEC
DVD Photo Slideshow Pro 7.92 --> C:Program FilesDVD Photo Slideshow Professionaluninst.exe
dvdSanta 4.50 --> "d:Program FilesdvdSantaunins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Full Tilt Poker --> "C:Program FilesInstallShield Installation Information{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}setup.exe" -runfromtemp -l0x0009 -removeonly
Genie Backup Manager Pro 8.0 --> "d:Program FilesGenie-SoftGBMPro8unins000.exe"
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:program filesgooglegoogletoolbar1.dll"
Google Updater --> "C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe" -uninstall
Hallmark Card Studio 2007 Deluxe --> MsiExec.exe /X{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}
HDD Regenerator --> MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
HiDownload --> "d:Program FilesStreamingStarHiDownloadunins000.exe"
High Definition Audio Driver Package - KB888111 --> C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2170 series --> D:Program FilesHewlett-PackardDigital Imaging{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}Setuphpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2170 series --> MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
ImgBurn --> "d:Program FilesImgBurnuninstall.exe"
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.3.0 Basic --> "d:Program FilesK-Lite Codec Packunins000.exe"
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:Documents and SettingsAll UsersApplication DataKodakEasyShareSetup$SETUP_140002_b857a6Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.12.3 --> "d:Program FilesLimeWireuninstall.exe"
Loader --> "C:Program FilesLoaderunins000.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5809E7CF-4DCF-11D4-9875-00105ACE7734}Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}setup.exe" -l0x9 -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Menu Template Package 1 Ver 1.10 --> C:Program FilesCommon FilesAnvsoftAnvsoft DVD Menu Template Package 1uninst.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> D:Program FilesFirefoxuninstallhelper.exe
MP3 Wav Editor 3.30 --> "d:Program FilesMP3 Wav Editorunins000.exe"
MSXML4SP2 --> MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
myibay eBay bid sniper 1.0.0.18 --> "d:Program Filesmyibayunins000.exe"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetMos Multi-IO Controller --> NmUninst.exe
Network Stumbler 0.4.0 (remove only) --> "d:Program FilesNetwork Stumbleruninst.exe"
NOD32 antivirus system --> d:Program FilesNOD32Setupsetup.exe /UNINSTALL
NOD32 FiX --> "d:Program FilesNOD32unins000.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:WINDOWSsystem32nvuninst.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:Program FilesPhotodex Presenteruninst.exe
Picasa 2 --> "C:Program FilesPicasa2Uninstall.exe"
PokerTracker 3 (remove only) --> "d:Program FilesPokerTracker 3uninstall.exe"
PostgreSQL 8.3 --> MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Power MP3 Recorder Cutter, (ver 5.0) --> "d:Program FilesCooolsoftunins000.exe"
PowerISO --> "d:Program FilesPowerISOuninstall.exe"
Presto! PageManager 7.15.16 --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1100Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}PMSetup.exe" -l0x9 anythinganything -removeonly
PunkBuster Services --> C:WINDOWSsystem32pbsvc.exe -u
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
R-Studio 4.2 --> d:Program FilesR-StudioUninstall.exe
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soap 3.0 Toolkit --> MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Sony Picture Utility --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1001Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1050Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}setup.exe" -l0x9 UNINSTALL -removeonly
SoundMAX --> RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1000Intel32Ctor.dll,LaunchSetup "C:Program FilesInstallShield Installation Information{F0A37341-D692-11D4-A984-009027EC0A9C}setup.exe" -l0x9 -removeonly
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab --> C:Program FilesSystemRequirementsLabUninstall.exe
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Total Uninstall 4.6.2 --> "d:Program FilesTotal Uninstall 4unins000.exe"
UFile 2007 --> MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
UFile Updater 2007 --> MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6c --> d:Program FilesVideoLANVLCuninstall.exe
Videora iPhone Converter 3.07 --> d:Program FilesRed KawaVideo Converter 3uninstaller.exe
VideoReDo TVSuite Version 3.1.4.549 --> "d:Program FilesVideoReDoTVSuiteunins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp --> "d:Program FilesWinampUninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> d:Program FilesWinRARuninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Your Uninstaller! 2008 Version 6.0 --> "d:Program FilesYour Uninstaller 2008unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type12992 / Success
Event Submitted/Written: 06/11/2008 04:57:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12966 / Success
Event Submitted/Written: 06/10/2008 04:23:57 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12787 / Success
Event Submitted/Written: 06/06/2008 03:05:35 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12689 / Success
Event Submitted/Written: 06/04/2008 05:43:10 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type12680 / Warning
Event Submitted/Written: 06/03/2008 07:48:31 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5323 / Warning
Event Submitted/Written: 06/11/2008 06:02:08 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5236 / Warning
Event Submitted/Written: 06/07/2008 04:06:52 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5204 / Error
Event Submitted/Written: 06/06/2008 03:31:20 PM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on DeviceCdRom0.

Event Record #/Type5161 / Warning
Event Submitted/Written: 06/06/2008 08:54:21 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type5148 / Error
Event Submitted/Written: 06/05/2008 09:49:13 PM
Event ID/Source: 6161 / Print
Event Description:
The document Untitled owned by aaa failed to print on printer Canon MX700 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 58725908. Number of bytes printed: 43179532. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: DESKTOP. Win32 error code returned by the print processor: Untitled0. Untitled1



-- End of Deckard's System Scanner: finished at 2008-06-11 19:50:25 ------------
------------
[/b]Merged posts. ~ OB[/b]

just did an online scan with kaspersky, here's the log
i can see the file that's giving me this headache, wont delete the file just yet until i hear from you guys

thanks


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 12, 2008 03:07:07
Records in database: 854438
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:
C:
D:
E:
F:
G:
H:

Scan statistics:
Files scanned: 157814
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:26:33


File name / Threat name / Threats count
C:DeckardSystem ScannerbackupDOCUME~1AKASHA~1LOCALS~1Tempsattvsetup.rar Infected: Trojan-PSW.Win32.Firefox.k 1

The selected area was scanned.

Mod Edit: Added topic description per members request ~ TMacK

Attached Files


Edited by TMacK, 18 June 2008 - 08:51 PM.


BC AdBot (Login to Remove)

 


#2 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 23 June 2008 - 07:04 PM

don't mean to be impatient, just wondering if anyone can look at this problem that im having
thx

#3 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 30 June 2008 - 01:24 PM

ttt

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 05 July 2008 - 12:40 PM

Hello aky. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:

Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:12:35 PM

Posted 11 July 2008 - 06:48 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
All others please read The Preparation Guide before starting your topic.

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#6 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:12:35 PM

Posted 30 July 2008 - 05:07 AM

re-opened at user request

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#7 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 30 July 2008 - 01:30 PM

DSS MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Akash and Preeti on 2008-07-29 00:33:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-07-29 07:33:42 UTC - RP163 - Deckard's System Scanner Restore Point
4: 2008-07-29 05:40:28 UTC - RP162 - System Checkpoint
3: 2008-07-28 05:08:06 UTC - RP161 - Software Distribution Service 3.0
2: 2008-07-27 14:09:39 UTC - RP160 - System Checkpoint
1: 2008-07-26 13:23:32 UTC - RP159 - System Checkpoint


Performed disk cleanup.

[color=red]System Drive C: has 2.67 GiB (less than 15%) free.[/color]


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-29 00:35:31
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
D:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\allSnap\allSnap.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\ICQ6\ICQ.exe
D:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Akash and Preeti\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\Run: [21684] C:\WINDOWS/21684.exe
O4 - HKCU\..\Run: [ICQ] "d:\Program Files\ICQ6\ICQ.exe" silent
O4 - Startup: allSnap.lnk = D:\Program Files\allSnap\allSnap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Event Planner Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184799061406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FF73499-FE8E-44BB-B796-0AA21FAE39CB}: NameServer = 64.59.144.16,64.59.144.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--
End of file - 12546 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].js - jsfile - DefaultIcon - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7[/COLOR]
[COLOR=red].js - jsfile - shell\open\command - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>

S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - d:\program files\nero\nero8\nero backitup\nbservice.exe
R2 pgsql-8.3 (PostgreSQL Database Server 8.3) - "c:\program files\postgresql\8.3\bin\pg_ctl.exe" runservice -w -n "pgsql-8.3" -d "c:\program files\postgresql\8.3\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX700 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX700 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 224)
2007-07-24 15:17:08	147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 3616)
2008-01-14 16:41:18	 69632 --a------ D:\Program Files\allSnap\snap_libW.dll <Not Verified; Ivan Heckman; allSnap>
2005-01-28 15:31:34	 45056 --a------ D:\Program Files\Logitech\SetPoint\gamehook.dll
2005-01-28 15:34:04	 57344 --a------ D:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2007-05-22 10:59:22	128512 --a------ D:\Program Files\WinRAR\RarExt.dll
2006-03-17 19:24:39	192512 --a------ D:\Program Files\PowerISO\PWRISOSH.DLL <Not Verified; PowerISO Computing, Inc.; PowerISO Shell Dynamic Link Library>
2007-07-01 21:57:01	543232 --a------ D:\Program Files\Jetico\Shared\BCShExt.dll <Not Verified; Jetico, Inc.; BestCrypt SHELLEXT Dynamic Link Library>
2004-01-08 10:50:00	 24064 --a------ C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL <Not Verified; Logitech Inc.; Productivity Software Common Files>
2004-01-08 10:50:00	  6144 --a------ D:\Program Files\Logitech\MouseWare\system\LgWndHk.dll <Not Verified; Logitech Inc.; MouseWare>

C:\WINDOWS\system32\rundll32.exe (pid 2476)
2005-01-28 15:34:04	 57344 --a------ D:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2005-01-28 15:31:34	 45056 --a------ D:\Program Files\Logitech\SetPoint\gamehook.dll
2004-01-08 10:50:00	 24064 --a------ C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL <Not Verified; Logitech Inc.; Productivity Software Common Files>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-28 02:02:07	   412 --a------ C:\WINDOWS\Tasks\GBM - Incremental-Full.job
2008-07-25 07:16:00	   284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-24 02:27:25	   416 --a------ C:\WINDOWS\Tasks\GBM - Full Pictures-Full.job


-- Files created between 2008-06-29 and 2008-07-29 -----------------------------

2008-07-28 12:04:29		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\ICQ
2008-07-28 12:03:05		 0 d-------- C:\WINDOWS\LastGood
2008-07-27 21:39:12		 0 dr-h----- C:\Documents and Settings\Akash and Preeti\Recent
2008-07-25 10:34:01		 0 d-------- C:\Program Files\iPod
2008-07-25 10:32:38		 0 d-------- C:\Program Files\QuickTime
2008-07-25 10:27:55		 0 d-------- C:\Program Files\Safari
2008-07-23 00:04:21		 0 d-------- C:\TempDVD
2008-07-23 00:04:20		 0 d-------- C:\dvdsanta
2008-07-22 10:32:14		 0 d-------- C:\Program Files\Vstplugins
2008-07-22 10:32:08		 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-20 01:06:42		 0 d-------- C:\Program Files\Evil Msn
2008-07-16 12:36:00		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\InstallShield
2008-07-16 03:01:17		 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 21:39:11		 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-14 21:38:27		 0 d-------- C:\Program Files\Reference Assemblies
2008-07-14 21:33:24		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony Setup
2008-07-14 20:51:47		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Publish Providers
2008-07-14 20:51:34		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony
2008-07-11 22:22:50		 0 d-------- C:\Program Files\PokerStars


-- Find3M Report ---------------------------------------------------------------

2008-07-28 12:06:19		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 10:33:27		 0 d-------- C:\Program Files\Bonjour
2008-07-21 12:32:22		 0 d-------- C:\Program Files\Apple Software Update
2008-07-18 10:30:08		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Adobe
2008-07-17 01:12:27		 0 d-------- C:\Program Files\Java
2008-07-16 12:39:56		 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-14 21:40:40		 0 d-------- C:\Program Files\MSBuild
2008-07-14 21:26:27		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\dvdcss
2008-07-13 22:00:52		 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-18 16:58:13		 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Mozilla
2008-06-14 13:08:01	  1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-02 22:05:43	  2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 06:34 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [12/10/2004 01:45 PM C:\WINDOWS\KHALMNPR.Exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 09:50 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 09:35 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [05/20/2007 04:37 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [03/19/2008 11:01 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]
"21684"="C:\WINDOWS/21684.exe" [07/04/2006 03:28 PM]
"ICQ"="d:\Program Files\ICQ6\ICQ.exe" [04/01/2008 03:40 AM]

C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\
allSnap.lnk - D:\Program Files\allSnap\allSnap.exe [4/8/2008 12:04:38 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]
Picture Motion Browser Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [7/17/2008 1:07:50 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - C:\WINDOWS\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [12/21/2007 9:56:56 PM]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [12/28/2007 8:55:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akash and Preeti^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
"d:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"d:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
AutoRun\command- H:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-07-29 00:37:33 ----------


DSS EXTRA.TXT
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU		  6600  @ 2.40GHz
CPU 1: Intel(R) Core(TM)2 CPU		  6600  @ 2.40GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 2047.11 MiB / 1218.21 MiB
Pagefile Memory (total/avail): 3939.39 MiB / 3238.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.19 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40 GiB total, 2.67 GiB free. 
D: is Fixed (NTFS) - 150 GiB total, 30.78 GiB free. 
E: is Fixed (NTFS) - 84.47 GiB total, 20.46 GiB free. 
F: is Fixed (NTFS) - 5 GiB total, 2.97 GiB free. 
G: is CDROM (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L300S0 - 279.47 GiB - 4 partitions
  \PARTITION0 (bootable) - Installable File System - 40 GiB - C:
  \PARTITION1 - Installable File System - 150 GiB - D:
  \PARTITION2 - Installable File System - 84.47 GiB - E:
  \PARTITION3 - Installable File System - 5 GiB - F:

\\.\PHYSICALDRIVE1 - Canon MX700 series USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\\Program Files\\BitComet\\BitComet.exe"="E:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"D:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="D:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"D:\\Program Files\\Crysis\\Bin32\\Crysis.exe"="D:\\Program Files\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"D:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="D:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\ICQ6\\ICQ.exe"="D:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Akash and Preeti\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Akash and Preeti
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AKASHA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AKASHA~1\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Akash and Preeti
USERPROFILE=C:\Documents and Settings\Akash and Preeti
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Akash and Preeti [I](admin)[/I]
Achla
postgres
postgres.DESKTOP
postgres.DESKTOP.000
test account [I](new local, admin)[/I]
Guest [I](new local, guest)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
 --> C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
 --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) --> 
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Allok Video Joiner 2.2.0 --> "d:\Program Files\Allok Video Joiner\unins000.exe"
allSnap version 1.33.2 --> "d:\Program Files\allSnap\unins000.exe"
AoA MP4 Converter --> "d:\Program Files\AoA MP4 Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9  -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033 
AVI/MPEG/RM/WMV Joiner 4.81 --> "d:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
BCWipe 3.0 --> "C:\WINDOWS\BCUnInstall.exe" d:\Program Files\Jetico\BCWipe\UnInstall.log
BitComet 1.00 --> e:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon IJ Network Scan Utility --> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool --> C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX700 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> d:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Classic Menu 3.x for Office 2007 --> "d:\Program Files\Classic Menu for Office\unins000.exe"
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec --> d:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Photo Slideshow Pro 7.92 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
dvdSanta 4.50 --> "d:\Program Files\dvdSanta\unins000.exe"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Evil Msn --> MsiExec.exe /X{EC964A14-A2C1-42EB-839E-D2904F59B250}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Genie Backup Manager Pro 8.0 --> "d:\Program Files\Genie-Soft\GBMPro8\unins000.exe"
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hallmark Card Studio 2007 Deluxe --> MsiExec.exe /X{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}
HDD Regenerator --> MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
HiDownload --> "d:\Program Files\StreamingStar\HiDownload\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2170 series --> D:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2170 series --> MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn --> "d:\Program Files\ImgBurn\uninstall.exe"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.3.0 Basic --> "d:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_b857a6\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.12.3 --> "d:\Program Files\LimeWire\uninstall.exe"
Loader --> "C:\Program Files\Loader\unins000.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9  -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Menu Template Package 1 Ver 1.10 --> C:\Program Files\Common Files\Anvsoft\Anvsoft DVD Menu Template Package 1\uninst.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> D:\Program Files\Firefox\uninstall\helper.exe
MP3 Wav Editor 3.30 --> "d:\Program Files\MP3 Wav Editor\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4SP2 --> MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
myibay eBay bid sniper 1.0.0.18 --> "d:\Program Files\myibay\unins000.exe"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetMos Multi-IO Controller --> NmUninst.exe
Network Stumbler 0.4.0 (remove only) --> "d:\Program Files\Network Stumbler\uninst.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTracker 3 (remove only) --> "d:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3 --> MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
Power MP3 Recorder Cutter, (ver 5.0) --> "d:\Program Files\Cooolsoft\unins000.exe"
PowerISO --> "d:\Program Files\PowerISO\uninstall.exe"
Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
R-Studio 4.2 --> d:\Program Files\R-Studio\Uninstall.exe
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soap 3.0 Toolkit --> MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9  -removeonly
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Total Uninstall 4.6.2 --> "d:\Program Files\Total Uninstall 4\unins000.exe"
UFile 2007 --> MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
UFile Updater 2007 --> MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VideoLAN VLC media player 0.8.6c --> d:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPhone Converter 3.07 --> d:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VideoReDo TVSuite Version 3.1.4.549 --> "d:\Program Files\VideoReDoTVSuite\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp --> "d:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> d:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Your Uninstaller! 2008 Version 6.0 --> "d:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type14961 / Error
Event Submitted/Written: 07/28/2008 11:46:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.0.43, faulting module quicktime.qts, version 7.50.61.0, fault address 0x001515c3.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type14901 / Success
Event Submitted/Written: 07/27/2008 09:39:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14872 / Error
Event Submitted/Written: 07/27/2008 04:07:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application vlc.exe, version 0.8.6.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type14718 / Success
Event Submitted/Written: 07/23/2008 10:26:49 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type14692 / Error
Event Submitted/Written: 07/22/2008 08:39:53 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application vegas80.exe, version 8.0.0.179, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9471 / Warning
Event Submitted/Written: 07/29/2008 00:28:31 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type9465 / Warning
Event Submitted/Written: 07/28/2008 11:16:05 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type9452 / Warning
Event Submitted/Written: 07/28/2008 00:28:20 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type9449 / Error
Event Submitted/Written: 07/27/2008 11:03:39 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type9448 / Error
Event Submitted/Written: 07/27/2008 11:03:04 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-07-29 00:37:33 ------------



KASPERSKY SCAN REPORT.TXT

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Tuesday, July 29, 2008
 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Tuesday, July 29, 2008 19:02:47
 Records in database: 1023831
--------------------------------------------------------------------------------

Scan settings:
	Scan using the following database: extended
	Scan archives: yes
	Scan mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Scan statistics:
	Files scanned: 174452
	Threat name: 0
	Infected objects: 0
	Suspicious objects: 0
	Duration of the scan: 05:03:12

No malware has been detected. The scan area is clean.

The selected area was scanned.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 30 July 2008 - 05:27 PM

Hello, aky.
We need to run ComboFix.In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 04 August 2008 - 06:58 PM

ComboFix 08-08-04.01 - Akash and Preeti 2008-08-04 16:16:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1421 [GMT -7:00]
Running from: C:\Documents and Settings\Akash and Preeti\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Akash and Preeti\Application Data\macromedia\Flash Player\#SharedObjects\JVHP8DLM\interclick.com
C:\Documents and Settings\Akash and Preeti\Application Data\macromedia\Flash Player\#SharedObjects\JVHP8DLM\interclick.com\ud.sol
C:\Documents and Settings\Akash and Preeti\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Akash and Preeti\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-07-28 12:04 . 2008-07-28 12:07 <DIR> d-------- C:\Documents and Settings\Akash and Preeti\Application Data\ICQ
2008-07-25 10:34 . 2008-07-25 10:34 <DIR> d-------- C:\Program Files\iPod
2008-07-25 10:32 . 2008-07-25 10:32 <DIR> d-------- C:\Program Files\QuickTime
2008-07-25 10:27 . 2008-07-25 10:27 <DIR> d-------- C:\Program Files\Safari
2008-07-23 00:04 . 2008-07-23 00:04 <DIR> d-------- C:\TempDVD
2008-07-23 00:04 . 2008-07-23 16:10 <DIR> d-------- C:\dvdsanta
2008-07-22 10:32 . 2008-07-22 10:32 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-22 10:32 . 2008-07-22 10:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-20 01:06 . 2008-07-20 01:06 <DIR> d-------- C:\Program Files\Evil Msn
2008-07-20 01:05 . 2008-07-20 01:05 79 --a------ C:\WINDOWS\SuperUtil.ini
2008-07-16 12:36 . 2008-07-16 12:36 <DIR> d-------- C:\Documents and Settings\Akash and Preeti\Application Data\InstallShield
2008-07-16 03:01 . 2008-07-16 03:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-14 21:39 . 2008-07-14 21:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-07-14 21:38 . 2008-07-14 21:38 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-07-14 21:37 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-07-14 21:33 . 2008-07-14 21:33 <DIR> d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony Setup
2008-07-14 20:51 . 2008-07-22 10:34 <DIR> d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony
2008-07-14 20:51 . 2008-07-14 20:51 <DIR> d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Publish Providers
2008-07-14 20:51 . 2008-07-22 20:40 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-07-14 20:51 . 2008-07-22 20:40 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-07-14 20:51 . 2008-07-14 20:51 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-07-11 22:22 . 2008-07-23 10:26 <DIR> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 23:23 342,304 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-04 23:23 12,954,400 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-04 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-04 23:19 37,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-04 23:19 180,644 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-04 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-30 21:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-25 17:33 --------- d-----w C:\Program Files\Bonjour
2008-07-23 16:54 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-23 16:54 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-23 10:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 19:32 --------- d-----w C:\Program Files\Apple Software Update
2008-07-17 08:12 --------- d-----w C:\Program Files\Java
2008-07-16 19:39 --------- d-----w C:\Program Files\AviSynth 2.5
2008-07-15 04:40 --------- d-----w C:\Program Files\MSBuild
2008-07-15 04:26 --------- d-----w C:\Documents and Settings\Akash and Preeti\Application Data\dvdcss
2008-07-14 05:00 --------- d-----w C:\Program Files\Full Tilt Poker
2008-07-10 16:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 03:02 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-02-04 22:01 22,328 ----a-w C:\Documents and Settings\Akash and Preeti\Application Data\PnkBstrK.sys
2008-01-05 18:39 55,408 ----a-w C:\Documents and Settings\Akash and Preeti\Application Data\GDIPFONTCACHEV1.DAT
2007-09-27 16:00 19,552 ----a-w C:\Documents and Settings\Achla\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 03:41 256 ----a-w C:\Documents and Settings\Akash and Preeti\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-19 11:01 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-04-16 08:55 189056]
"21684"="C:\WINDOWS/21684.exe" [2006-07-04 15:28 12702750]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2008-04-01 03:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 06:34 868352]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 09:50 1603152]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 16:37 124512]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-04-16 08:55 189056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\
allSnap.lnk - D:\Program Files\allSnap\allSnap.exe [2008-04-08 12:04:38 90112]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Picture Motion Browser Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-17 01:07:50 385024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - C:\WINDOWS\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-12-21 21:56:56 1718]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 20:55:07 434176]

[HKLM\~\startupfolder\C:^Documents and Settings^Akash and Preeti^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
--a------ 2007-07-18 23:47 516848 d:\Program Files\Jetico\BCWipe\BCWipeTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 13:02 79400 D:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 19:24 184320 d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-23 00:19 23120680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 11:49 36352 d:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11086:TCP"= 11086:TCP:BitComet 11086 TCP
"11086:UDP"= 11086:UDP:BitComet 11086 UDP
"15919:TCP"= 15919:TCP:BitComet 15919 TCP
"15919:UDP"= 15919:UDP:BitComet 15919 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21277:TCP"= 21277:TCP:BitComet 21277 TCP
"21277:UDP"= 21277:UDP:BitComet 21277 UDP
"11507:TCP"= 11507:TCP:BitComet 11507 TCP
"11507:UDP"= 11507:UDP:BitComet 11507 UDP
"18520:TCP"= 18520:TCP:BitComet 18520 TCP
"18520:UDP"= 18520:UDP:BitComet 18520 UDP
"15959:TCP"= 15959:TCP:BitComet 15959 TCP
"15959:UDP"= 15959:UDP:BitComet 15959 UDP

R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D C:\Program Files\PostgreSQL\8.3\data\ []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 00:30]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 19:12]
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-01-16 02:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-31 C:\WINDOWS\Tasks\GBM - Full Pictures-Full.job
- d:\Program Files\Genie-Soft\GBMPro8\GBM8.exe [2008-04-21 05:48]

2008-08-04 C:\WINDOWS\Tasks\GBM - Incremental-Full.job
- d:\Program Files\Genie-Soft\GBMPro8\GBM8.exe [2008-04-21 05:48]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-TomTomHOME - d:\Program Files\TomTom HOME 2\HOMERunner.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Akash and Preeti\Application Data\Mozilla\Firefox\Profiles\f6l7fglr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.warez-bb.org/|https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fzx%3Dnkoo2w9l3k4e%26nsr%3D1%26ui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2#inbox|http://tsn.ca/|http://www.facebook.com/profile.php?id=729946082
FF -: plugin - C:\Documents and Settings\Akash and Preeti\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.940.34809\npCIDetect11.dll
FF -: plugin - D:\Program Files\Firefox\plugins\np-mswmp.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npBitCometAgent.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npnul32.dll
FF -: plugin - D:\Program Files\Firefox\plugins\NPOFF12.DLL
FF -: plugin - D:\Program Files\Firefox\plugins\nppdf32.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\Firefox\plugins\npqtplugin7.dll
FF -: plugin - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\Program Files\VideoLAN\VLC\npvlc.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 16:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> D:\Program Files\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-08-04 16:28:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 23:27:56

Pre-Run: 5,594,935,296 bytes free
Post-Run: 5,777,203,200 bytes free

287 --- E O F --- 2008-07-28 05:09:28

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 05 August 2008 - 10:13 AM

Hello, aky.
You have a Peer-To-Peer program installed.
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire, Bitcomet, hxxp://www.warez-bb.org). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/151756/satellite-tv-for-pc-trojan-pswwin32firefoxk/
    
    file::
    C:\Documents and Settings\Achla\Application Data\GDIPFONTCACHEV1.DAT
    C:\Documents and Settings\Akash and Preeti\pool.bin
    
    collect::[54]
    C:\WINDOWS/21684.exe
    
    suspect::[54]
    C:\WINDOWS\Twunk001.MTX
    C:\WINDOWS\Twain001.Mtx
    C:\WINDOWS\Twunk002.MTX
    C:\Windows\system32\sessmgr.exe
    
    registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "21684"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Also, please let me know if you installed a PostgreSQL server on this machine.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 05 August 2008 - 12:27 PM

as for PostgreSQL, i dont believe i installed this. maybe a long time ago, when i was trying to make a message board??? but i dont need this, so maybe i should get rid of this?

when i ran combofix, it asked me to submit a file to bleepingcomputers which i did.

as for the log, here it is.

ComboFix 08-08-04.01 - Akash and Preeti 2008-08-05 10:13:46.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1394 [GMT -7:00]
Running from: C:\Documents and Settings\Akash and Preeti\Desktop\New Folder\ComboFix.exe
Command switches used :: C:\Documents and Settings\Akash and Preeti\Desktop\New Folder\CFScript.txt
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-07-05 to 2008-08-05  )))))))))))))))))))))))))))))))
.

2008-07-28 12:04 . 2008-07-28 12:07	<DIR>	d--------	C:\Documents and Settings\Akash and Preeti\Application Data\ICQ
2008-07-25 10:34 . 2008-07-25 10:34	<DIR>	d--------	C:\Program Files\iPod
2008-07-25 10:32 . 2008-07-25 10:32	<DIR>	d--------	C:\Program Files\QuickTime
2008-07-25 10:27 . 2008-07-25 10:27	<DIR>	d--------	C:\Program Files\Safari
2008-07-23 00:04 . 2008-07-23 00:04	<DIR>	d--------	C:\TempDVD
2008-07-23 00:04 . 2008-07-23 16:10	<DIR>	d--------	C:\dvdsanta
2008-07-22 10:32 . 2008-07-22 10:32	<DIR>	d--------	C:\Program Files\Vstplugins
2008-07-22 10:32 . 2008-07-22 10:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Sony
2008-07-20 01:06 . 2008-07-20 01:06	<DIR>	d--------	C:\Program Files\Evil Msn
2008-07-20 01:05 . 2008-07-20 01:05	79	--a------	C:\WINDOWS\SuperUtil.ini
2008-07-16 12:36 . 2008-07-16 12:36	<DIR>	d--------	C:\Documents and Settings\Akash and Preeti\Application Data\InstallShield
2008-07-16 03:01 . 2008-07-16 03:01	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-07-14 21:39 . 2008-07-14 21:39	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-07-14 21:38 . 2008-07-14 21:38	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-07-14 21:37 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-07-14 21:33 . 2008-07-14 21:33	<DIR>	d--------	C:\Documents and Settings\Akash and Preeti\Application Data\Sony Setup
2008-07-14 20:51 . 2008-07-22 10:34	<DIR>	d--------	C:\Documents and Settings\Akash and Preeti\Application Data\Sony
2008-07-14 20:51 . 2008-07-14 20:51	<DIR>	d--------	C:\Documents and Settings\Akash and Preeti\Application Data\Publish Providers
2008-07-14 20:51 . 2008-08-04 22:50	156	--a------	C:\WINDOWS\Twunk001.MTX
2008-07-14 20:51 . 2008-08-04 22:50	3	--a------	C:\WINDOWS\Twain001.Mtx
2008-07-14 20:51 . 2008-07-14 20:51	0	--a------	C:\WINDOWS\Twunk002.MTX
2008-07-11 22:22 . 2008-07-23 10:26	<DIR>	d--------	C:\Program Files\PokerStars

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 16:35	363,552	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-05 16:35	13,276,960	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-05 07:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-05 06:01	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 23:22	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-04 23:19	37,220	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-04 23:19	180,644	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-28 19:06	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-25 17:33	---------	d-----w	C:\Program Files\Bonjour
2008-07-23 16:54	96,559	----a-w	C:\WINDOWS\system32\drivers\klin.dat
2008-07-23 16:54	87,855	----a-w	C:\WINDOWS\system32\drivers\klick.dat
2008-07-23 10:00	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-21 19:32	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-17 08:12	---------	d-----w	C:\Program Files\Java
2008-07-16 19:39	---------	d-----w	C:\Program Files\AviSynth 2.5
2008-07-15 04:40	---------	d-----w	C:\Program Files\MSBuild
2008-07-15 04:26	---------	d-----w	C:\Documents and Settings\Akash and Preeti\Application Data\dvdcss
2008-07-14 05:00	---------	d-----w	C:\Program Files\Full Tilt Poker
2008-07-10 16:35	32,000	----a-w	C:\WINDOWS\system32\drivers\usbaapl.sys
2008-06-20 17:41	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 03:02	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys
2008-06-13 13:10	272,128	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:18	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2008-02-04 22:01	22,328	----a-w	C:\Documents and Settings\Akash and Preeti\Application Data\PnkBstrK.sys
2008-01-05 18:39	55,408	----a-w	C:\Documents and Settings\Akash and Preeti\Application Data\GDIPFONTCACHEV1.DAT
2007-09-27 16:00	19,552	----a-w	C:\Documents and Settings\Achla\Application Data\GDIPFONTCACHEV1.DAT
2007-08-08 03:41	256	----a-w	C:\Documents and Settings\Akash and Preeti\pool.bin
2006-06-23 06:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-19 11:01 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-04-16 08:55 189056]
"ICQ"="D:\Program Files\ICQ6\ICQ.exe" [2008-04-01 03:40 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 06:34 868352]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 09:50 1603152]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 09:35 20480]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 16:37 124512]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-04-16 08:55 189056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\
allSnap.lnk - D:\Program Files\allSnap\allSnap.exe [2008-04-08 12:04:38 90112]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]
Picture Motion Browser Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-07-17 01:07:50 385024]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - C:\WINDOWS\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2007-12-21 21:56:56 1718]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-28 20:55:07 434176]

[HKLM\~\startupfolder\C:^Documents and Settings^Akash and Preeti^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
--a------ 2007-07-18 23:47 516848 d:\Program Files\Jetico\BCWipe\BCWipeTM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 10:51 289064 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2007-02-04 13:02 79400 D:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-17 19:24 184320 d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-23 00:19 23120680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 11:49 36352 d:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"D:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11086:TCP"= 11086:TCP:BitComet 11086 TCP
"11086:UDP"= 11086:UDP:BitComet 11086 UDP
"15919:TCP"= 15919:TCP:BitComet 15919 TCP
"15919:UDP"= 15919:UDP:BitComet 15919 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"21277:TCP"= 21277:TCP:BitComet 21277 TCP
"21277:UDP"= 21277:UDP:BitComet 21277 UDP
"11507:TCP"= 11507:TCP:BitComet 11507 TCP
"11507:UDP"= 11507:UDP:BitComet 11507 UDP
"18520:TCP"= 18520:TCP:BitComet 18520 TCP
"18520:UDP"= 18520:UDP:BitComet 18520 UDP
"15959:TCP"= 15959:TCP:BitComet 15959 TCP
"15959:UDP"= 15959:UDP:BitComet 15959 UDP

R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D C:\Program Files\PostgreSQL\8.3\data\ []
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 10:50]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 00:30]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 19:12]
S4 BCSWAP;BCSWAP;C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-01-16 02:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-31 C:\WINDOWS\Tasks\GBM - Full Pictures-Full.job
- d:\Program Files\Genie-Soft\GBMPro8\GBM8.exe [2008-04-21 05:48]

2008-08-05 C:\WINDOWS\Tasks\GBM - Incremental-Full.job
- d:\Program Files\Genie-Soft\GBMPro8\GBM8.exe [2008-04-21 05:48]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 10:21:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> D:\Program Files\Logitech\SetPoint\GameHook.dll
.
Completion time: 2008-08-05 10:24:17
ComboFix-quarantined-files.txt  2008-08-05 17:24:12
ComboFix2.txt  2008-08-05 16:40:15
ComboFix3.txt  2008-08-04 23:28:06

Pre-Run: 5,710,344,192 bytes free
Post-Run: 5,696,249,856 bytes free

231	--- E O F ---	2008-07-28 05:09:28


#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 05 August 2008 - 11:14 PM

Hello, aky.
Yes it is a good idea to uninstall PostgreSQL if you aren't using it.

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
PostgreSQL

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Please let me know of any problems you may have encountered.

Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
In your next reply, please include the following:
  • ESET OnlineScan's Log
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3

Edited by Billy O'Neal, 05 August 2008 - 11:14 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 aky

aky
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 07 August 2008 - 03:46 PM

ok i just noticed when i turn on my computer i dont get the popup box that started this entire problem, could i be cured?

anyway, ive updated JAVA and my windows XP

here are the logs.

ESET OnlineScan's Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3337 (20080807)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0cf73a820d4cf742bb5774ab085f5fb7
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-07 07:50:24
# local_time=2008-08-07 12:50:24 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=526532
# found=0
# scan_time=4201



# DSS's Main.txt

Deckard's System Scanner v20071014.68
Run by Akash and Preeti on 2008-08-07 13:41:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.16 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-07 13:41:52
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\allSnap\allSnap.exe
D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Firefox\firefox.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Akash and Preeti\Desktop\dss.exe
C:\Documents and Settings\Akash and Preeti\Desktop\dss.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: allSnap.lnk = D:\Program Files\allSnap\allSnap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Event Planner Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184799061406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FF73499-FE8E-44BB-B796-0AA21FAE39CB}: NameServer = 64.59.144.16,64.59.144.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--
End of file - 12875 bytes

-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 11:35:43 0 d-------- C:\Program Files\EsetOnlineScanner
2008-08-07 11:33:35 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-07 11:31:49 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-06 22:55:15 0 d-------- C:\WINDOWS\LastGood
2008-08-06 22:33:12 0 d-------- C:\Program Files\Common Files\Java
2008-08-06 22:27:33 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 22:10:19 0 d-------- C:\WINDOWS\system32\scripting
2008-08-06 22:10:19 0 d-------- C:\WINDOWS\l2schemas
2008-08-06 22:10:18 0 d-------- C:\WINDOWS\system32\en
2008-08-06 22:10:18 0 d-------- C:\WINDOWS\system32\bits
2008-08-06 22:08:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-06 21:35:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-06 21:27:34 0 d-------- C:\Documents and Settings\Akash and Preeti\.SunDownloadManager
2008-08-04 16:15:28 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 16:15:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 16:15:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 16:15:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 16:15:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 16:15:28 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 16:15:28 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 16:15:28 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 16:11:31 0 dr-hs---- C:\cmdcons
2008-08-04 16:11:29 0 d-------- C:\WINDOWS\setup.pss
2008-08-04 16:11:17 0 d-------- C:\WINDOWS\setupupd
2008-07-28 12:04:29 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\ICQ
2008-07-27 21:39:12 0 dr-h----- C:\Documents and Settings\Akash and Preeti\Recent
2008-07-25 10:34:01 0 d-------- C:\Program Files\iPod
2008-07-25 10:32:38 0 d-------- C:\Program Files\QuickTime
2008-07-25 10:27:55 0 d-------- C:\Program Files\Safari
2008-07-23 00:04:21 0 d-------- C:\TempDVD
2008-07-23 00:04:20 0 d-------- C:\dvdsanta
2008-07-22 10:32:14 0 d-------- C:\Program Files\Vstplugins
2008-07-22 10:32:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-16 12:36:00 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\InstallShield
2008-07-16 03:01:17 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 21:39:11 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-14 21:38:27 0 d-------- C:\Program Files\Reference Assemblies
2008-07-14 21:33:24 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony Setup
2008-07-14 20:51:47 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Publish Providers
2008-07-14 20:51:34 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony
2008-07-11 22:22:50 0 d-------- C:\Program Files\PokerStars


-- Find3M Report ---------------------------------------------------------------

2008-08-06 22:33:44 0 d-------- C:\Program Files\Java
2008-08-06 22:33:12 0 d-------- C:\Program Files\Common Files
2008-08-06 22:10:47 0 d-------- C:\Program Files\Messenger
2008-08-06 22:10:18 0 d-------- C:\Program Files\Movie Maker
2008-08-06 22:07:51 0 d-------- C:\Program Files\Windows NT
2008-07-28 12:06:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 10:33:27 0 d-------- C:\Program Files\Bonjour
2008-07-21 12:32:22 0 d-------- C:\Program Files\Apple Software Update
2008-07-18 10:30:08 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Adobe
2008-07-16 12:39:56 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-14 21:40:40 0 d-------- C:\Program Files\MSBuild
2008-07-14 21:26:27 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\dvdcss
2008-07-13 22:00:52 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-18 16:58:13 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Mozilla
2008-06-14 13:08:01 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 06:34 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [12/10/2004 01:45 PM C:\WINDOWS\KHALMNPR.Exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 09:50 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 09:35 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [05/20/2007 04:37 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [03/19/2008 11:01 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\
allSnap.lnk - D:\Program Files\allSnap\allSnap.exe [4/8/2008 12:04:38 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]
Picture Motion Browser Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [7/17/2008 1:07:50 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - C:\WINDOWS\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [12/21/2007 9:56:56 PM]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [12/28/2007 8:55:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akash and Preeti^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
"d:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
AutoRun\command- H:\InstallTomTomHOME.exe





-- End of Deckard's System Scanner: finished at 2008-08-07 13:42:55 ------------




# DSS's Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 2047.11 MiB / 1188.26 MiB
Pagefile Memory (total/avail): 3939.38 MiB / 3275.89 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 40 GiB total, 3.15 GiB free.
D: is Fixed (NTFS) - 150 GiB total, 17.88 GiB free.
E: is Fixed (NTFS) - 84.47 GiB total, 19.52 GiB free.
F: is Fixed (NTFS) - 5 GiB total, 2.97 GiB free.
G: is CDROM (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L300S0 - 279.47 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 40 GiB - C:
\PARTITION1 - Installable File System - 150 GiB - D:
\PARTITION2 - Installable File System - 84.47 GiB - E:
\PARTITION3 - Installable File System - 5 GiB - F:

\\.\PHYSICALDRIVE1 - Canon MX700 series USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Akash and Preeti\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Akash and Preeti
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AKASHA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\AKASHA~1\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Akash and Preeti
USERPROFILE=C:\Documents and Settings\Akash and Preeti
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Akash and Preeti (admin)
Achla
postgres
postgres.DESKTOP
postgres.DESKTOP.000
test account (new local, admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Allok Video Joiner 2.2.0 --> "d:\Program Files\Allok Video Joiner\unins000.exe"
allSnap version 1.33.2 --> "d:\Program Files\allSnap\unins000.exe"
AoA MP4 Converter --> "d:\Program Files\AoA MP4 Converter\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
AVI/MPEG/RM/WMV Joiner 4.81 --> "d:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
BCWipe 3.0 --> "C:\WINDOWS\BCUnInstall.exe" d:\Program Files\Jetico\BCWipe\UnInstall.log
BitComet 1.00 --> e:\Program Files\BitComet\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon IJ Network Scan Utility --> C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool --> C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX700 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> d:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Classic Menu 3.x for Office 2007 --> "d:\Program Files\Classic Menu for Office\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Codec --> d:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Photo Slideshow Pro 7.92 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe
dvdSanta 4.50 --> "d:\Program Files\dvdSanta\unins000.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Genie Backup Manager Pro 8.0 --> "d:\Program Files\Genie-Soft\GBMPro8\unins000.exe"
Google Photos Screensaver --> MsiExec.exe /X{A52415E5-CA1E-44DE-9EDC-D412F31D271C}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hallmark Card Studio 2007 Deluxe --> MsiExec.exe /X{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}
HDD Regenerator --> MsiExec.exe /X{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}
HiDownload --> "d:\Program Files\StreamingStar\HiDownload\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 2170 series --> D:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2170 series --> MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn --> "d:\Program Files\ImgBurn\uninstall.exe"
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.3.0 Basic --> "d:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_b857a6\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire PRO 4.12.3 --> "d:\Program Files\LimeWire\uninstall.exe"
Loader --> "C:\Program Files\Loader\unins000.exe"
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Menu Template Package 1 Ver 1.10 --> C:\Program Files\Common Files\Anvsoft\Anvsoft DVD Menu Template Package 1\uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1) --> D:\Program Files\Firefox\uninstall\helper.exe
MP3 Wav Editor 3.30 --> "d:\Program Files\MP3 Wav Editor\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4SP2 --> MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
myibay eBay bid sniper 1.0.0.18 --> "d:\Program Files\myibay\unins000.exe"
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetMos Multi-IO Controller --> NmUninst.exe
Network Stumbler 0.4.0 (remove only) --> "d:\Program Files\Network Stumbler\uninst.exe"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTracker 3 (remove only) --> "d:\Program Files\PokerTracker 3\uninstall.exe"
Power MP3 Recorder Cutter, (ver 5.0) --> "d:\Program Files\Cooolsoft\unins000.exe"
PowerISO --> "d:\Program Files\PowerISO\uninstall.exe"
Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
R-Studio 4.2 --> d:\Program Files\R-Studio\Uninstall.exe
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soap 3.0 Toolkit --> MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Sonic UDF Reader --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sony Picture Utility --> C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Total Uninstall 4.6.2 --> "d:\Program Files\Total Uninstall 4\unins000.exe"
UFile 2007 --> MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
UFile Updater 2007 --> MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VideoLAN VLC media player 0.8.6c --> d:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPhone Converter 3.07 --> d:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VideoReDo TVSuite Version 3.1.4.549 --> "d:\Program Files\VideoReDoTVSuite\unins000.exe"
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp --> "d:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> d:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Your Uninstaller! 2008 Version 6.0 --> "d:\Program Files\Your Uninstaller 2008\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type15373 / Warning
Event Submitted/Written: 08/06/2008 10:28:24 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type15372 / Warning
Event Submitted/Written: 08/06/2008 10:28:24 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type15364 / Warning
Event Submitted/Written: 08/06/2008 10:11:21 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type15352 / Success
Event Submitted/Written: 08/06/2008 09:23:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type15288 / Success
Event Submitted/Written: 08/05/2008 06:27:37 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9999 / Error
Event Submitted/Written: 08/07/2008 11:34:17 AM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Media Player 11.

Event Record #/Type9986 / Error
Event Submitted/Written: 08/07/2008 11:26:16 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type9985 / Error
Event Submitted/Written: 08/07/2008 11:26:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type9984 / Error
Event Submitted/Written: 08/07/2008 11:25:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type9983 / Error
Event Submitted/Written: 08/07/2008 11:25:42 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}



-- End of Deckard's System Scanner: finished at 2008-08-07 13:43:03 ------------




another main.txt file opened up, not sure what this is, but ill post it here anyways

Deckard's System Scanner v20071014.68
Run by Akash and Preeti on 2008-08-07 13:40:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
22: 2008-08-07 20:40:23 UTC - RP22 - Deckard's System Scanner Restore Point
21: 2008-08-07 18:30:56 UTC - RP21 - Software Distribution Service 3.0
20: 2008-08-07 05:55:41 UTC - RP20 - Software Distribution Service 3.0
19: 2008-08-07 05:33:08 UTC - RP19 - Installed Java™ 6 Update 7
18: 2008-08-07 05:14:37 UTC - RP18 - Removed Java™ 6 Update 7


-- First Restore Point --
1: 2008-08-04 23:15:39 UTC - RP1 - System Checkpoint


Performed disk cleanup.

System Drive C: has 3.16 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-07 13:40:55
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\allSnap\allSnap.exe
D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Firefox\firefox.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Akash and Preeti\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GBMPro8Agent] d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - Startup: allSnap.lnk = D:\Program Files\allSnap\allSnap.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = ?
O4 - Global Startup: Event Planner Reminder.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download All Files by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - d:\Program Files\StreamingStar\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1184799061406
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FF73499-FE8E-44BB-B796-0AA21FAE39CB}: NameServer = 64.59.144.16,64.59.144.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe


--
End of file - 12757 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - jsfile - DefaultIcon - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>

S3 catchme - c:\docume~1\akasha~1\locals~1\temp\catchme.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - d:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S2 pgsql-8.3 (PostgreSQL Database Server 8.3) - "c:\program files\postgresql\8.3\bin\pg_ctl.exe" runservice -w -n "pgsql-8.3" -d "c:\program files\postgresql\8.3\data\" <Not Verified; PostgreSQL Global Development Group; PostgreSQL>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Canon MX700 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX700 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 228)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 2656)
2004-01-08 10:50:00 24064 --a------ C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL <Not Verified; Logitech Inc.; Productivity Software Common Files>
2004-01-08 10:50:00 6144 --a------ D:\Program Files\Logitech\MouseWare\system\LgWndHk.dll <Not Verified; Logitech Inc.; MouseWare>
2008-01-14 16:41:18 69632 --a------ D:\Program Files\allSnap\snap_libW.dll <Not Verified; Ivan Heckman; allSnap>
2005-01-28 15:34:04 57344 --a------ D:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>
2005-01-28 15:31:34 45056 --a------ D:\Program Files\Logitech\SetPoint\gamehook.dll

C:\WINDOWS\system32\rundll32.exe (pid 3264)
2004-01-08 10:50:00 6144 --a------ D:\Program Files\Logitech\MouseWare\system\LgWndHk.dll <Not Verified; Logitech Inc.; MouseWare>
2004-01-08 10:50:00 24064 --a------ C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL <Not Verified; Logitech Inc.; Productivity Software Common Files>
2005-01-28 15:34:04 57344 --a------ D:\Program Files\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint>


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 02:25:34 416 --a------ C:\WINDOWS\Tasks\GBM - Full Pictures-Full.job
2008-08-06 02:02:11 412 --a------ C:\WINDOWS\Tasks\GBM - Incremental-Full.job
2008-08-01 07:16:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 11:35:43 0 d-------- C:\Program Files\EsetOnlineScanner
2008-08-07 11:33:35 0 d-------- C:\Program Files\Windows Media Connect 2
2008-08-07 11:31:49 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-06 22:55:15 0 d-------- C:\WINDOWS\LastGood
2008-08-06 22:33:12 0 d-------- C:\Program Files\Common Files\Java
2008-08-06 22:27:33 0 d-------- C:\WINDOWS\Prefetch
2008-08-06 22:10:19 0 d-------- C:\WINDOWS\system32\scripting
2008-08-06 22:10:19 0 d-------- C:\WINDOWS\l2schemas
2008-08-06 22:10:18 0 d-------- C:\WINDOWS\system32\en
2008-08-06 22:10:18 0 d-------- C:\WINDOWS\system32\bits
2008-08-06 22:08:09 0 d-------- C:\WINDOWS\ServicePackFiles
2008-08-06 21:35:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-06 21:27:34 0 d-------- C:\Documents and Settings\Akash and Preeti\.SunDownloadManager
2008-08-04 16:15:28 68096 --a------ C:\WINDOWS\zip.exe
2008-08-04 16:15:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-04 16:15:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-04 16:15:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-04 16:15:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-04 16:15:28 98816 --a------ C:\WINDOWS\sed.exe
2008-08-04 16:15:28 80412 --a------ C:\WINDOWS\grep.exe
2008-08-04 16:15:28 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-04 16:11:31 0 dr-hs---- C:\cmdcons
2008-08-04 16:11:29 0 d-------- C:\WINDOWS\setup.pss
2008-08-04 16:11:17 0 d-------- C:\WINDOWS\setupupd
2008-07-28 12:04:29 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\ICQ
2008-07-27 21:39:12 0 dr-h----- C:\Documents and Settings\Akash and Preeti\Recent
2008-07-25 10:34:01 0 d-------- C:\Program Files\iPod
2008-07-25 10:32:38 0 d-------- C:\Program Files\QuickTime
2008-07-25 10:27:55 0 d-------- C:\Program Files\Safari
2008-07-23 00:04:21 0 d-------- C:\TempDVD
2008-07-23 00:04:20 0 d-------- C:\dvdsanta
2008-07-22 10:32:14 0 d-------- C:\Program Files\Vstplugins
2008-07-22 10:32:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-16 12:36:00 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\InstallShield
2008-07-16 03:01:17 0 d-------- C:\Program Files\MSXML 6.0
2008-07-14 21:39:11 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-14 21:38:27 0 d-------- C:\Program Files\Reference Assemblies
2008-07-14 21:33:24 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony Setup
2008-07-14 20:51:47 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Publish Providers
2008-07-14 20:51:34 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Sony
2008-07-11 22:22:50 0 d-------- C:\Program Files\PokerStars


-- Find3M Report ---------------------------------------------------------------

2008-08-06 22:33:44 0 d-------- C:\Program Files\Java
2008-08-06 22:33:12 0 d-------- C:\Program Files\Common Files
2008-08-06 22:10:47 0 d-------- C:\Program Files\Messenger
2008-08-06 22:10:18 0 d-------- C:\Program Files\Movie Maker
2008-08-06 22:07:51 0 d-------- C:\Program Files\Windows NT
2008-07-28 12:06:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-25 10:33:27 0 d-------- C:\Program Files\Bonjour
2008-07-21 12:32:22 0 d-------- C:\Program Files\Apple Software Update
2008-07-18 10:30:08 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Adobe
2008-07-16 12:39:56 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-14 21:40:40 0 d-------- C:\Program Files\MSBuild
2008-07-14 21:26:27 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\dvdcss
2008-07-13 22:00:52 0 d-------- C:\Program Files\Full Tilt Poker
2008-06-18 16:58:13 0 d-------- C:\Documents and Settings\Akash and Preeti\Application Data\Mozilla
2008-06-14 13:08:01 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 06:34 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [12/10/2004 01:45 PM C:\WINDOWS\KHALMNPR.Exe]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 09:50 AM]
"WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 09:35 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"IJNetworkScanUtility"="C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [05/20/2007 04:37 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [03/19/2008 11:01 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"GBMPro8Agent"="d:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [04/16/2008 08:55 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"MPlayer2_FixUp"=C:\WINDOWS\inf\unregmp2.exe /Fixups

C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\
allSnap.lnk - D:\Program Files\allSnap\allSnap.exe [4/8/2008 12:04:38 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]
Picture Motion Browser Media Check Tool.lnk - D:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [7/17/2008 1:07:50 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - C:\WINDOWS\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [12/21/2007 9:56:56 PM]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [12/28/2007 8:55:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Akash and Preeti^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Documents and Settings\Akash and Preeti\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCWipeTM Startup]
"d:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MonAppli]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"D:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\empty.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9da43a3c-4c63-11dc-857c-0015af0f44ee}]
AutoRun\command- H:\InstallTomTomHOME.exe




-- End of Deckard's System Scanner: finished at 2008-08-07 13:43:03 ------------



#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 07 August 2008 - 08:37 PM

Hello, aky.
You now appear to be clean. Congratulations!

We need to remove ComboFix
  • Click START then RUN
  • Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.
    Posted Image
We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "UNKNOWN!!"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :thumbup2:
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :spacer:
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:35 AM

Posted 09 August 2008 - 10:46 PM

Hello, aky.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users