Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Some Help And Almost Have Virtumonde Removed


  • Please log in to reply
8 replies to this topic

#1 ttttedttt

ttttedttt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 06 June 2008 - 07:14 PM

Merged topics. Topic title was: Isecurity.cpl Can't Get Rid Of It! which consists of present posts 1-4 ~ OB

Ok so I've been downloading some torrents and managed to get the isecurity.cpl trojan. I found the programs to automatically remove the program but theres only one problem, whenever I try to open the isecurity.cpl removal tool a black command box brieftly opens and then closes.

This happens when I try to open all of my anti-spyware programs as well as my add/remove programs tool from the control panel. When this command box opens for a split second the words Divide Overflow flash on the screen before the box closes. I have also tried to use the system restore tool but that just closes right away with the rest of them.

It installed the nmwegbsf toolbar.
I also made the mistake in downloading the Advanced XP Fixer from their fake windows XP quick fix window.

I was wondering if someone could direct me to a manual isecurity.cpl removal tutorial?

Any Help/Suggestions would be great.

Edited by Orange Blossom, 12 June 2008 - 09:42 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:03 PM

Posted 06 June 2008 - 10:08 PM

Please see How to remove the iSecurity (iSecurity.cpl) Trojan

When done, copy and paste the results of the MBAM log report in your next reply. Also let us know how your computer is running and if there are any more signs of infection or further problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ttttedttt

ttttedttt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 07 June 2008 - 12:44 AM

Please see How to remove the iSecurity (iSecurity.cpl) Trojan

When done, copy and paste the results of the MBAM log report in your next reply. Also let us know how your computer is running and if there are any more signs of infection or further problems.


Thanks Quietman7 but I've looked at that already and the tool that they have you download won't open because the trojan just closes the tool... But do you think if I delete the registry files it will help?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:03 PM

Posted 07 June 2008 - 06:13 AM

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

If you cannot see the file extension, then it's hidden and you will have to Reconfigure Windows XP to show it. Double-click on My Computer, go to Tools > Folder Options and click on the View tab. Under Advanced settings > Files and Folders > check "Show hidden files and Folders" and uncheck "Hide file extensions for known file types", then click Apply > OK.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ttttedttt

ttttedttt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 11 June 2008 - 11:16 AM

Ok, so I downloaded and ran the Deckard's System Scanner. The first time I tried it my computer froze and I had to restart. The second time I left run over night and it worked but after brieftly looking at the log it closed before I was able to save it.

Now my computer runs really really slow and when I try to use system restore to a point I set before I downloaded DSS It won't allow me to restore to it. Does the log save somewhere by default??? I can't really use my computer because it runs so slow so what should I do? I'm hoping to find the file and then post it here but need some guidance.

I do have a 2 gig zip drive I can use if I where needed to download and install a program on my slow computer.

Thanks for any help!

Merged topics. Topic title was: Infected With Virtumonde, can't remove it ~ OB

Edited by Orange Blossom, 12 June 2008 - 09:37 PM.
Move to more appropriate forum. ~ OB


#6 ttttedttt

ttttedttt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 11 June 2008 - 06:35 PM

Merged topics. Title was: Virtumonde ~ OB

Ok, so I downloaded and ran the Deckard's System Scanner. The first time I tried it my computer froze and I had to restart. The second time I left run over night and it worked but after brieftly looking at the log it closed before I was able to save it.

Now my computer runs really really slow and when I try to use system restore to a point I set before I downloaded DSS It won't allow me to restore to it.

So reading through this forum I came accross the ComboFix program. Opening my computer in Safe Mode allowed me to run ComboFix. So here is the log and I was just wondering what I should do from here?





ComboFix 08-06-10.5 - Ted 2008-06-11 17:18:33.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.711 [GMT -5:00]
Running from: C:\Documents and Settings\Ted\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\mcroso~1
C:\WINDOWS\BMef3980c2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\bmf.cs
C:\WINDOWS\system32\ccs.so
C:\WINDOWS\system32\drivers\Winel64.sys
C:\WINDOWS\system32\ho.ln
C:\WINDOWS\system32\ko.o
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mn.n
C:\WINDOWS\system32\psvyjdic.dll
C:\WINDOWS\system32\WinCtrl32.dl_
C:\WINDOWS\system32\WinCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_winel64
-------\Service_Winel64
-------\Service_winel64


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2070-06-24 19:56 . 2070-06-24 19:56 286,720 --------- C:\WINDOWS\Setup1.exe
2070-06-24 19:56 . 2070-06-24 19:56 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2040-06-15 23:01 . 2006-09-02 11:32 <DIR> d-------- C:\Program Files\Microsoft Works
2040-06-15 23:01 . 2040-06-15 23:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2040-06-15 23:01 . 2040-06-15 23:01 <DIR> d-------- C:\Program Files\Common Files\L&H
2040-06-15 22:59 . 2040-06-15 22:59 <DIR> d-------- C:\Program Files\Microsoft.NET
2040-06-15 22:57 . 2040-06-15 22:57 <DIR> dr-h----- C:\MSOCache
2008-06-09 21:53 . 2008-06-09 21:53 <DIR> d-------- C:\Deckard
2008-06-08 23:29 . 2008-06-08 23:29 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 23:27 . 2008-06-11 06:54 <DIR> d-------- C:\SDFix
2008-06-08 14:28 . 2008-06-08 14:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-08 14:28 . 2008-06-08 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 14:20 . 2008-06-08 14:20 <DIR> d-------- C:\VundoFix Backups
2008-06-07 20:27 . 2008-06-07 20:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 20:27 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 20:27 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 17:05 . 2008-06-07 17:05 12,792 --a------ C:\WINDOWS\system32\mssrv32.exe.ren
2008-06-07 16:32 . 2008-06-10 12:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-07 16:23 . 2008-06-10 08:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 16:23 . 2008-06-07 16:23 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-07 16:23 . 2008-06-07 16:23 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-07 16:22 . 2008-06-07 16:22 <DIR> d-------- C:\Program Files\AVG
2008-06-07 16:22 . 2008-06-07 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-07 12:30 . 2008-06-07 12:30 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\Malwarebytes
2008-06-07 12:29 . 2008-06-07 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 10:57 . 2008-06-07 10:57 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-07 10:57 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-07 10:57 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-07 10:57 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-07 10:57 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-07 10:57 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-07 10:56 . 2008-06-11 14:54 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-07 10:56 . 2008-06-07 10:56 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\PC Tools
2008-06-07 10:56 . 2008-06-07 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-06 00:05 . 2008-06-10 23:15 15,360 --a------ C:\WINDOWS\system32\WinCtrl32(2)(2).dll
2008-06-06 00:04 . 2008-06-06 00:04 2 --a------ C:\-334842895
2008-06-04 19:34 . 2008-06-04 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-03 21:00 . 2008-06-03 21:02 <DIR> d-------- C:\Program Files\Torque
2008-06-03 18:56 . 2008-06-07 20:13 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-06-03 18:35 . 2008-06-03 18:35 <DIR> d-------- C:\Program Files\uTorrent
2008-06-03 18:35 . 2008-06-06 00:07 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\uTorrent
2008-06-02 18:56 . 2008-06-02 18:56 <DIR> d-------- C:\Program Files\BrowsingEnhancer
2008-06-02 18:32 . 2008-06-02 18:32 <DIR> d-------- C:\Program Files\DNA
2008-06-02 18:32 . 2008-06-06 00:07 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\DNA
2008-06-01 16:35 . 2008-06-01 16:36 <DIR> d-------- C:\Program Files\3D World Studio
2008-06-01 16:12 . 2008-06-01 16:12 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\Blender Foundation
2008-05-30 23:20 . 2008-05-30 23:20 <DIR> d-------- C:\Program Files\jEdit
2008-05-27 19:16 . 2008-05-27 19:16 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 18:48 . 2008-06-05 23:02 <DIR> d-------- C:\Torque
2008-05-26 17:48 . 2008-06-08 11:58 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\LimeWire
2008-05-26 17:47 . 2008-05-26 17:47 <DIR> d-------- C:\Program Files\LimeWire
2008-05-24 01:15 . 2008-05-24 01:15 <DIR> d-------- C:\Program Files\PHP
2008-05-22 18:45 . 2008-05-22 18:45 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-22 18:45 . 2008-05-22 18:45 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-05-22 18:45 . 2008-05-22 18:45 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-05-22 18:45 . 2008-05-22 18:45 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intel
2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-22 18:44 . 2008-05-22 18:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-22 18:44 . 2007-08-27 11:12 2,777,088 --a------ C:\WINDOWS\system32\NETw4r32.dll
2008-05-22 18:44 . 2007-09-26 06:01 2,236,032 --a------ C:\WINDOWS\system32\drivers\NETw4x32.sys
2008-05-22 18:44 . 2007-08-27 11:12 745,472 --a------ C:\WINDOWS\system32\NETw4c32.dll
2008-05-22 18:42 . 2008-05-22 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-22 18:41 . 2008-05-22 18:41 <DIR> d-------- C:\Documents and Settings\Ted\Application Data\Intel
2008-05-22 18:41 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll
2008-05-22 17:51 . 2008-05-22 17:51 <DIR> d-------- C:\temp\ext18866
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 22:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-11 22:08 --------- d-----w C:\Documents and Settings\Ted\Application Data\OpenOffice.org2
2008-06-11 19:49 --------- d-----w C:\Documents and Settings\Ted\Application Data\Free Download Manager
2008-06-11 05:32 --------- d-----w C:\Program Files\LogMeIn
2008-06-08 20:09 --------- d-----w C:\Documents and Settings\Ted\Application Data\Spyware Terminator
2008-06-08 20:05 --------- d-----w C:\Program Files\Java
2008-06-08 01:29 --------- d-----w C:\Program Files\Spyware Terminator
2008-06-08 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-07 22:47 --------- d-----w C:\Program Files\Lavasoft
2008-06-07 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-07 22:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 16:26 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-06 05:16 --------- d-----w C:\Program Files\CamStudio
2008-06-06 05:04 577,536 ----a-w C:\WINDOWS\system32\user32.DLL
2008-06-06 05:04 577,536 ----a-w C:\WINDOWS\system32\dllcache\user32.dll
2008-06-05 01:23 --------- d-----w C:\Program Files\Dell
2008-05-22 23:45 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-05-22 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 23:42 --------- d-----w C:\Program Files\ATI Technologies
2008-05-22 22:51 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 14:42 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-29 23:48 --------- d-----w C:\Documents and Settings\Ted\Application Data\Corel
2008-04-29 23:40 --------- d-----w C:\Program Files\MSECache
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-20 22:18 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-20 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-04-20 21:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-20 21:44 --------- d-----w C:\Program Files\Bonjour
2008-04-20 21:38 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-05-06 22:13 8 --sh--r C:\WINDOWS\system32\37500C4D6B.sys
2006-05-06 22:02 56 --sh--r C:\WINDOWS\system32\6B4D0C5037.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2006-05-06 22:13 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-06-11_15.14.44.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 19:51:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-11 22:13:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-07 16:22 1177368]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-07 11:26 1817600]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 20:29 39264]

C:\Documents and Settings\Ted\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-29 23:33:11 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Everything\photoshop\experiments
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-22 11:18 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TightVNC\\vncviewer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
S1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-07 16:23]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-07 11:26]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-07 16:22]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
S3 fileobjinfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [2008-04-08 17:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-05 16:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05f28b16-7eaa-11dc-87eb-0015c51172df}]
\shell\autorun\command - Centrum/Centrum.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27307d78-0f1f-11dd-8880-0015c51172df}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 02:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 22:16:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 17:27:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 17:30:09
ComboFix-quarantined-files.txt 2008-06-11 22:29:36

Pre-Run: 30,550,990,848 bytes free
Post-Run: 30,532,947,968 bytes free

244 --- E O F --- 2008-06-06 04:16:25

Edited by Orange Blossom, 12 June 2008 - 09:40 PM.


#7 ttttedttt

ttttedttt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 12 June 2008 - 07:14 PM

Well I'm starting to get pretty excited because I've spent the whole last week trying to remove this dumb Virtumonde nuisance and I think I am almost there! here are my log files and I just need to know what to do now.

Thanks in advance!







Deckard's System Scanner v20071014.68
Run by Ted on 2008-06-12 18:57:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
96: 2008-06-12 23:57:41 UTC - RP628 - Deckard's System Scanner Restore Point
95: 2008-06-11 11:58:00 UTC - RP627 - Restore Operation
94: 2008-06-11 05:33:47 UTC - RP626 - Restore Operation
93: 2008-06-11 04:19:49 UTC - RP625 - Restore Operation
92: 2008-06-11 03:13:44 UTC - RP624 - Restore Operation


-- First Restore Point --
1: 2008-06-06 20:28:55 UTC - RP533 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ted.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:40 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Ted\Desktop\dss.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ted.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {a6b78e6a-5bff-46e7-b0f6-d7673ba47b72} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Bux.to Autoclicker.lnk = ?
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212956361140
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212956794953
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\
O21 - SSODL: PreBootCheck - {6a0dd96f-0987-429f-9274-2151990fdbf9} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
O24 - Desktop Component 1: (no name) - C:\Everything\photoshop\experiments

--
End of file - 13747 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Appdrv - c:\program files\dell\nicconfigsvc\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 fileobjinfo (STFileDriver) - c:\documents and settings\all users\application data\spyware terminator\fileobjinfo.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-12 19:00:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-28 21:12:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2070-06-24 19:56:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2070-06-24 19:56:48 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2040-06-15 23:01:32 0 d-------- C:\Program Files\Common Files\L&H
2040-06-15 23:01:12 0 d-------- C:\Program Files\Microsoft Works
2040-06-15 23:01:06 0 d-------- C:\Program Files\Microsoft ActiveSync
2040-06-15 22:59:31 0 d-------- C:\Program Files\Microsoft.NET
2040-06-15 22:57:42 0 dr-h----- C:\MSOCache
2008-06-12 19:01:16 0 d-------- C:\Program Files\Trend Micro
2008-06-11 14:39:59 0 d-------- C:\cmdcons
2008-06-11 14:38:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-11 14:38:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-11 14:38:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-11 14:38:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-11 14:38:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-11 14:38:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-11 14:38:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-11 14:38:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 21:53:55 9961472 --a------ C:\Documents and Settings\Ted\ntuser.dat
2008-06-09 21:53:55 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-08 23:29:11 0 d-------- C:\WINDOWS\ERUNT
2008-06-08 14:28:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-08 14:20:51 0 d-------- C:\VundoFix Backups
2008-06-07 20:27:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 16:32:00 0 d--h----- C:\$AVG8.VAULT$
2008-06-07 16:23:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-07 16:22:48 0 d-------- C:\Program Files\AVG
2008-06-07 16:22:44 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-07 12:30:41 0 d-------- C:\Documents and Settings\Ted\Application Data\Malwarebytes
2008-06-07 12:29:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 00:05:57 15360 --a------ C:\WINDOWS\system32\WinCtrl32(2)(2).dll
2008-06-06 00:04:32 2 --a------ C:\-334842895
2008-06-04 19:34:17 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-03 21:00:35 0 d-------- C:\Program Files\Torque
2008-06-03 18:56:14 0 d-------- C:\Program Files\PeerGuardian2
2008-06-03 18:35:58 0 d-------- C:\Program Files\uTorrent
2008-06-03 18:35:52 0 d-------- C:\Documents and Settings\Ted\Application Data\uTorrent
2008-06-02 18:56:45 0 d-------- C:\Program Files\BrowsingEnhancer
2008-06-02 18:32:24 0 d-------- C:\Program Files\DNA
2008-06-02 18:32:24 0 d-------- C:\Documents and Settings\Ted\Application Data\DNA
2008-06-01 16:35:48 0 d-------- C:\Program Files\3D World Studio
2008-06-01 16:12:46 0 d-------- C:\Documents and Settings\Ted\Application Data\Blender Foundation
2008-05-30 23:20:43 0 d-------- C:\Program Files\jEdit
2008-05-27 19:16:55 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 18:48:55 0 d-------- C:\Torque
2008-05-26 17:48:53 0 d-------- C:\Documents and Settings\Ted\Application Data\LimeWire
2008-05-26 17:47:19 0 d-------- C:\Program Files\LimeWire
2008-05-24 01:15:37 0 d-------- C:\Program Files\PHP
2008-05-22 18:44:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-22 18:44:31 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-05-22 18:44:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-22 18:44:27 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intel
2008-05-22 18:44:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-22 18:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-22 18:41:09 0 d-------- C:\Documents and Settings\Ted\Application Data\Intel


-- Find3M Report ---------------------------------------------------------------

2008-06-12 18:55:47 0 d-------- C:\Documents and Settings\Ted\Application Data\OpenOffice.org2
2008-06-12 18:54:26 0 d-------- C:\Program Files\Common Files
2008-06-12 18:44:32 0 d-------- C:\Program Files\LogMeIn
2008-06-11 14:49:59 0 d-------- C:\Documents and Settings\Ted\Application Data\Free Download Manager
2008-06-08 15:09:02 0 d-------- C:\Documents and Settings\Ted\Application Data\Spyware Terminator
2008-06-08 15:05:51 0 d-------- C:\Program Files\Java
2008-06-07 20:29:03 0 d-------- C:\Program Files\Spyware Terminator
2008-06-07 17:47:37 0 d-------- C:\Program Files\Lavasoft
2008-06-07 17:46:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-06 00:16:23 0 d-------- C:\Program Files\CamStudio
2008-06-04 20:23:48 0 d-------- C:\Program Files\Dell
2008-05-22 18:45:37 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-05-22 18:43:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-22 18:42:35 0 d-------- C:\Program Files\ATI Technologies
2008-05-22 17:51:36 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 09:42:45 0 d-------- C:\Program Files\MUSICMATCH
2008-05-03 15:55:55 0 d-------- C:\Documents and Settings\Ted\Application Data\Adobe
2008-04-29 18:48:38 0 d-------- C:\Documents and Settings\Ted\Application Data\Corel
2008-04-29 18:40:53 0 d-------- C:\Program Files\MSECache
2008-04-20 17:18:07 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-20 16:50:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-20 16:44:07 0 d-------- C:\Program Files\Bonjour
2008-04-20 16:38:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6b78e6a-5bff-46e7-b0f6-d7673ba47b72}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/07/2008 04:22 PM]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [06/07/2008 11:26 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 05:00 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Ted\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Everything\photoshop\experiments
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/22/2007 11:18 AM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winel64.sys"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05f28b16-7eaa-11dc-87eb-0015c51172df}]
autorun\command- Centrum/Centrum.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27307d78-0f1f-11dd-8880-0015c51172df}]
AutoRun\command- wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-06-12 19:02:17 ------------















Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
CPU 1: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 1022.37 MiB / 473.38 MiB
Pagefile Memory (total/avail): 2460.12 MiB / 1996.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.3 MiB

C: is Fixed (NTFS) - 87.05 GiB total, 27.45 GiB free.
D: is CDROM (No Media)
F: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - ST910021AS - 91.76 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 87.05 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB

\\.\PHYSICALDRIVE1 - USB Flash Disk USB Device - 2000.28 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 2006.48 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TightVNC\\vncviewer.exe"="C:\\Program Files\\TightVNC\\vncviewer.exe:*:Disabled:vncviewer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Disabled:µTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ted\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TEDLAPTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ted
LOGONSERVER=\\TEDLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\PHP;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\jEdit
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PHPRC=C:\Program Files\PHP\
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ted\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ted\LOCALS~1\Temp
USERDOMAIN=TEDLAPTOP
USERNAME=Ted
USERPROFILE=C:\Documents and Settings\Ted
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ted (admin)
LogMeInRemoteUser (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
3D World Studio 5.52 --> "C:\Program Files\3D World Studio\unins000.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Andrea VoiceCenter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED10343F-D30A-4200-9B00-665FC45F52B4}\Setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{0D251F37-10CB-46DF-BFA0-4702218DB0B6}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2008 - English --> C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
BrowsingEnhancer --> C:\Program Files\BrowsingEnhancer\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Painter X --> C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\DOCUME~1\Ted\LOCALS~1\Temp\PainterX.log
Corel Painter X --> MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DSC409 Digital Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89C4390-238E-47A1-A9C7-07F2F6544BA0}\Setup.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
Free Download Manager 2.0 --> "C:\Program Files\Free Download Manager\unins000.exe"
FreeZip --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\freezip.inf,Uninstall
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GTK+ 2.8.9 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
ImageShack Toolbar (1.0.0.38) --> RUNDLL32.EXE advpack.dll,LaunchINFSection C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.inf, UserUninstall
Intel® Integrated Performance Primitives RTI 4.0 --> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
iTunes Library Updater --> MsiExec.exe /I{38EE230F-F631-451F-8800-E29F5E5C9E7D}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jEdit 4.3pre14 --> "C:\Program Files\jEdit\unins000.exe"
KompoZer 0.77 --> "C:\Program Files\KompoZer\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LogMeIn --> MsiExec.exe /I{19409A31-DF7B-4E6A-BF9D-057A7D24EF0E}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{91170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C# 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU --> MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C# 2005 Express Edition - ENU Service Pack 1 (KB926749) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {B6B0F76A-873E-438E-BC25-6704193DD344} /package {7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU --> MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Visual Web Developer 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Web Developer 2008 Express Edition - ENU\setup.exe
Microsoft Visual Web Developer 2008 Express Edition - ENU --> MsiExec.exe /X{19700927-105D-3812-8548-53EDA3F5A22D}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web --> MsiExec.exe /X{3C7EEEC3-464F-3FE9-8795-3CC8B4EAD82A}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
OmniFormat --> C:\Program Files\omniformat\thinsetup.exe - uninstall
OpenOffice.org 2.0 --> MsiExec.exe /I{69579772-D2F7-4018-9882-B5ECA01CB6B4}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PHP 5.2.6 --> MsiExec.exe /I{6E1205BF-25BC-44A5-B10E-34402BFF5D45}
Pinnacle Instant DVD Recorder --> C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SiteAid --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\SiteAid\ST5UNST.LOG"
SmartFTP Client 2.0 --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster ADVANCED MB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Product Registration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TGEA 1.7.0 SDK (remove only) --> "C:\Torque\TGEA_1_7_0\uninst-tsdk.exe"
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
TightVNC 1.2.9 --> "C:\Program Files\TightVNC\unins000.exe"
Torque Game Engine SDK (remove only) --> "C:\Torque\SDK\uninst-tsdk.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VGA USB Camera --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XML Paper Specification Shared Components Pack 1.0 -->
ZIP Reader 8.00.0018 --> MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-06-12 19:02:17 ------------

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:03 PM

Posted 12 June 2008 - 10:25 PM

Hello ttttedttt and welcome to BC :thumbsup:

I realize that you are frustrated with the problems you are having with your computer. Your frustration has led you to create several different topics on the same issue in different forums which has caused massive confusion and has delayed the assistance you receive. Further, you never followed up on quietman7's advice presently located in post 4 of this topic; instead you created more topics and did things on your own. To avoid further confusion for all involved, I have merged all these topics into the one that contains the DSS log in the HiJack This forum. Please refrain from creating any new topics on this issue.

Among the things you have done is to run Combofix. ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

You should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

Orange Blossom :) ~ Forum Moderator
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 ttttedttt

ttttedttt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:03 AM

Posted 12 June 2008 - 11:50 PM

Sorry for the confusion but I think I almost have it gone.. So Back to what Quitman7 suggested here



Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

If you cannot see the file extension, then it's hidden and you will have to Reconfigure Windows XP to show it. Double-click on My Computer, go to Tools > Folder Options and click on the View tab. Under Advanced settings > Files and Folders > check "Show hidden files and Folders" and uncheck "Hide file extensions for known file types", then click Apply > OK.



So I got it to run and here is the log

Malwarebytes' Anti-Malware 1.15
Database version: 839

9:16:04 PM 6/12/2008
mbam-log-6-12-2008 (21-16-04).txt

Scan type: Quick Scan
Objects scanned: 43143
Time elapsed: 18 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Sorry again for the extra posts (I tried to delete them but couldn't) and I just wanna say THANKS a lot for this wonderful forum!!!! You guys are awsome and I'm sure many people appreciate what you are doing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users