Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-dropper.win32.joiner.dp - Computer 1


  • This topic is locked This topic is locked
24 replies to this topic

#1 melbb

melbb

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 21 June 2008 - 05:03 PM

A-squared found this trojan, supposedly, in C:\CSTEMP\Cambridgesoft\SharedAddIn\setup.exe. I think it is probably a false positive, but I'd like to be sure. I haven't noticed anything unusual about my computer. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:50 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [IAAnotif] "c:\Inteldrivers\Iaanotif.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122676128734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122676383046
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11415 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 15 July 2008 - 09:50 AM

Hello, melbb.
Don't I know you from somewhere?

:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create a Deckard's System Scanner (DSS) Log
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.

Primary Mirror
Secondary Mirror

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <-- Will be maximized
    • extra.txt <-- Will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.
Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 15 July 2008 - 01:50 PM

Hello, again, Billy. Thanks for your help.

Main:

Deckard's System Scanner v20071014.68
Run by Melanie Beebe on 2008-07-15 14:45:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-07-15 18:45:52 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-07-15 13:45:22 UTC - RP38 - System Checkpoint
37: 2008-07-14 13:37:46 UTC - RP37 - Installed Ad-Aware
36: 2008-07-14 13:36:24 UTC - RP36 - Removed Ad-Aware 2007
35: 2008-07-13 14:36:21 UTC - RP35 - System Checkpoint


-- First Restore Point --
1: 2008-06-19 13:11:46 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Melanie Beebe.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:16 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Melanie Beebe.CT18M51.000\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELANI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IAAnotif] "c:\Inteldrivers\Iaanotif.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122676128734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122676383046
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11579 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 HPFECP20 - c:\windows\system32\drivers\hpfecp20.sys
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 NMSAccess - c:\program files\cheetah burner\cheetah dvd burner\nmsaccess.exe

S4 WANMiniportService (WAN Miniport (ATW) Service) - "c:\windows\wanmpsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8030CE32D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8030CE32D100
Service: NIC1394


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\SYSTEM32\winlogon.exe (pid 856)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 1800)
2006-10-18 21:47:22 133632 --a------ C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 166912 --a------ C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 284160 --a------ C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 19:32:58 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2006-07-11 01:59:53 102472 --a------ C:\Program Files\NZSearch\SearchEnh1.dll <Not Verified; United Online, Inc.; NetZero Browser Search Enhancements>


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-06-24 19:35:20 0 d-------- C:\Documents and Settings\Kirk Beebe.CT18M51\Application Data\Comodo
2008-06-23 21:34:20 0 dr-h----- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Recent
2008-06-20 13:29:34 0 d-------- C:\Program Files\Common Files\Acronis
2008-06-20 13:29:34 0 d-------- C:\Program Files\Acronis
2008-06-19 17:30:33 0 d-------- C:\Program Files\AskSBar
2008-06-19 17:30:08 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Comodo
2008-06-19 17:30:06 0 d-------- C:\Program Files\COMODO
2008-06-19 17:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-18 15:58:45 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-06-18 15:58:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-06-18 15:55:48 159744 --a------ C:\WINDOWS\system32\OPENAL32.DLL <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-18 15:55:48 139264 --a------ C:\WINDOWS\system32\EAX.DLL <Not Verified; Creative Technology Ltd; EAX Unified>
2008-06-18 15:55:48 11766 --a------ C:\WINDOWS\SETTINGS.REG
2008-06-18 15:55:48 20480 --a------ C:\WINDOWS\P17DEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2008-06-18 14:25:21 0 d-------- C:\Program Files\Avira
2008-06-18 14:25:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-18 14:16:05 0 d-------- C:\WINDOWS\Prefetch
2008-06-18 14:10:56 0 d-------- C:\WINDOWS\system32\scripting
2008-06-18 14:10:56 0 d-------- C:\WINDOWS\l2schemas
2008-06-18 14:10:55 0 d-------- C:\WINDOWS\system32\en
2008-06-17 15:50:05 0 d-------- C:\$WIN_NT$.~BT
2008-06-17 15:50:04 0 d-------- C:\WINDOWS\setup.pss
2008-06-17 15:23:38 0 d-------- C:\Program Files\nLite
2008-06-17 13:53:11 0 d-------- C:\WINDOWS\NLDRV
2008-06-17 13:53:11 0 d-------- C:\WINDOWS\msapps
2008-06-17 07:46:01 0 d-------- C:\Program Files\Western Digital Technologies
2008-06-16 23:27:01 126976 --a------ C:\WINDOWS\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-06-16 23:27:01 0 d-------- C:\WINDOWS\system32\ENU
2008-06-16 23:26:50 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\InstallShield
2008-06-15 12:48:11 0 d-------- C:\Program Files\Windows Resource Kits


-- Find3M Report ---------------------------------------------------------------

2008-07-14 13:30:32 0 d-------- C:\Program Files\a-squared Free
2008-07-14 09:37:49 0 d-------- C:\Program Files\Lavasoft
2008-07-14 09:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 09:32:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-14 09:29:38 0 d-------- C:\Program Files\SpywareBlaster
2008-07-13 09:59:10 0 d-------- C:\Program Files\NetZero
2008-07-01 09:35:48 0 d-------- C:\Program Files\NZSearch
2008-06-26 13:50:07 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Adobe
2008-06-25 08:23:59 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\SiteAdvisor
2008-06-23 20:06:17 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\EndNote
2008-06-20 13:29:34 0 d-------- C:\Program Files\Common Files
2008-06-19 09:11:19 0 d-------- C:\Program Files\Common Files\Motive
2008-06-18 14:51:40 0 d-------- C:\Program Files\Dell AIO Printer A920
2008-06-18 14:11:04 0 d-------- C:\Program Files\Messenger
2008-06-18 14:10:55 0 d-------- C:\Program Files\Movie Maker
2008-06-18 14:09:30 0 d-------- C:\Program Files\Windows NT
2008-06-18 13:51:57 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-15 13:29:13 0 d-------- C:\Program Files\Debugging Tools for Windows
2008-06-14 23:20:35 2555904 --ahs---- C:\gobackio.bin
2008-06-11 22:24:13 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Malwarebytes
2008-05-30 09:21:26 0 d-------- C:\Program Files\CCleaner
2008-05-25 10:49:39 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 19:32:58 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
06/19/2008 05:30 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/19/2008 05:30 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetscapeClient"="" []
"IAAnotif"="c:\Inteldrivers\Iaanotif.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 02:04 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 09:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/13/2007 02:05 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"P17Helper"="P17.dll" [06/10/2004 12:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [06/19/2008 05:30 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/19/2008 05:30 PM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [10/30/2007 08:06 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [10/30/2007 08:11 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [10/30/2007 08:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/03/2004 02:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Privacy Suite RiskMonitor"="C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe" [11/22/2007 11:53 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
@=C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7

C:\Documents and Settings\Melanie Beebe.CT18M51.000\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [6/18/2008 1:53:37 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 07:32 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - AAWSERVICE



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com

16755 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-15 14:48:16 ------------






EXTRA:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1022.09 MiB / 659.59 MiB
Pagefile Memory (total/avail): 2461.65 MiB / 1944.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1877.71 MiB

C: is Fixed (NTFS) - 283.9 GiB total, 238.23 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200AAKS-00B3A0 - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 188.23 MiB
\PARTITION1 (bootable) - Installable File System - 283.9 GiB - C:
\PARTITION2 - Unknown - 14 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CT18M51
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Melanie Beebe.CT18M51.000
LOGONSERVER=\\CT18M51
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MELANI~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\MELANI~1.000\LOCALS~1\Temp
USERDOMAIN=CT18M51
USERNAME=Melanie Beebe
USERPROFILE=C:\Documents and Settings\Melanie Beebe.CT18M51.000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Melanie Beebe.CT18M51.000 (admin)
Kirk Beebe.CT18M51 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Acronis True Image Home --> MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Adorons Easy Security --> C:\Program Files\Belarc\Advisor\Uninstall.exe "C:\Program Files\Enigma Software Group\Adorons Easy Security\install.log"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Mid Recorder 3.7.2 --> "C:\Program Files\Audio Mid Recorder\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{563E2BC8-A0CA-4A81-9DD2-897BB326C679}\Setup.exe"
Cheetah WMA Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDB7CDB2-40E6-4893-95E9-7A551AF865CD}\Setup.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
CyberScrub® Privacy Suite™ 5.0 --> "C:\Program Files\CyberScrub Privacy Suite\unins000.exe"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
Debugging Tools for Windows (x86) --> MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Garmin POI Loader --> MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GPS Image Tracker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe" -l0x9 /removeonly uninstall -removeonly
HijackThis 2.0.2 --> C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\HijackThis.exe /uninstall
HP DeskJet 610C Series (Remove only) --> C:\Program Files\HP DeskJet 610C Series\hpfiui.exe -c -vdivid=HPF -vpnum=20 -vproduct=610C -huninstall
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Jalview --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.jalview.org/webstart/jalview.jnlp"
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LOTR The Return of the King tm --> C:\Program Files\EA GAMES\LOTR The Return of the King tm\EAUninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
MediaFACE 4.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7F581D1D-C9A7-4C77-B88A-27537173CEDF}
MediaFACE 4.0 Business Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}
MediaFACE 4.0 General Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268D18A2-4539-4530-8192-F13EDD876FFC}
MediaFACE 4.0 Lifestyle Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}
MediaFACE 4.0 Music Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8739235F-201D-449C-A03F-277A85F0FE1E}
MediaFACE 4.0 Special Occasion Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DA84434F-25B6-4716-A390-AC678FB6516D}
MediaFACE 4.0 Spiritual Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1DA6AB38-2876-4AE4-8236-24C2CF66601B}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Netscape Internet Service --> C:\Program Files\Belarc\Advisor\Uninstall.exe
Netscape Web Accelerator --> C:\Program Files\Belarc\Advisor\Uninstall.exe
NetZero Internet --> "C:\Program Files\NetZero\uninst.exe"
nLite 1.4.6 --> "C:\Program Files\nLite\unins000.exe"
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
PeaZip 1.9.1 --> "C:\Program Files\PeaZip\unins000.exe"
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 /removeonly /cont -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeMedia Add-on for Acronis True Image 11 Home --> MsiExec.exe /X{82DFB569-F78E-47BB-B252-45B4AA45CA86}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TDK Digital MixMaster --> C:\WINDOWS\UNDMM.exe /UNINSTALL
UCSF Chimera 1.2065 --> "C:\Program Files\Chimera\unins000.exe"
VSO CopyToDVD 3 --> "C:\Program Files\VSO\unins000.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 8.0 --> MsiExec.exe /X{6FC82D6E-0D46-4E72-90DC-36E5D59B97E4}
Word in Works Suite add-in --> MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type28 / Error
Event Submitted/Written: 07/14/2008 10:57:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type27 / Error
Event Submitted/Written: 07/14/2008 10:57:00 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type26 / Error
Event Submitted/Written: 07/14/2008 10:56:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type25 / Error
Event Submitted/Written: 07/14/2008 10:56:58 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10 / Error
Event Submitted/Written: 07/06/2008 08:52:01 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 767637487.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2533 / Warning
Event Submitted/Written: 07/14/2008 00:47:44 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type2483 / Warning
Event Submitted/Written: 07/13/2008 11:01:59 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type2478 / Error
Event Submitted/Written: 07/13/2008 09:35:45 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Event Record #/Type2477 / Error
Event Submitted/Written: 07/13/2008 09:35:45 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type2476 / Error
Event Submitted/Written: 07/13/2008 09:05:45 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-07-15 14:48:16 ------------

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 15 July 2008 - 02:07 PM

Hello, melbb.
We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    iAimTV2 <delete service>
    wanatw <delete service>
    WANMiniportService <delete service>
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NetscapeClient
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IAAnotif
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

We have to remove some entries in HiJack This
  • Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7
  • Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
I need to see the contents of a directory to continue helping.
  • Go to Start -> Run, and type "notepad" into the box.
  • Press ok.
  • Copy and paste the following code into notepad:
    set FILEPATH="C:\$WIN_NT$.~BT"
    dir %FILEPATH% /C /N /O:-D /S  /4 > "%USERPROFILE%\Desktop\DirectoryList.txt"
    "%USERPROFILE%\Desktop\DirectoryList.txt"
    del "%USERPROFILE%\Desktop\DirectoryList.txt"
    del fix.bat
  • Go to File -> Save
  • To the right of "Save as Type:" in the bottom of the window, change the ComboBox to "All Files"
  • Enter fix.bat into the "File name:" box just above the "Save as Type" box.
  • Double click fix.bat on your desktop.
  • Copy and paste the logfile that opens back here.
We need to see if a file is a virus.
  • Please click this link-->Jotti
  • When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
    C:\WINDOWS\system32\cssdll32.dll
  • If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
  • Please post back the results of the scan in your next post.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • OTMoveIt2's Log
  • Log produced when running the file to list the directory.
  • VirusTotal/Jotti's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 15 July 2008 - 03:42 PM

OTMoveIt:

iAimTV2 service deleted successfully.
wanatw service deleted successfully.
WANMiniportService service deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NetscapeClient >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NetscapeClient deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IAAnotif >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IAAnotif deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07152008_160302



JOTTI:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: cssdll32.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 19699febe71ed8919d9a3169a107265a
Packers detected: -

Scanner results
Scan taken on 15 Jul 2008 20:06:31 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Fix.bat log:

Volume in drive C has no label.
Volume Serial Number is C0A9-81BA

Directory of C:\$WIN_NT$.~BT

06/17/2008 03:50 PM 8,192 BOOTSECT.DAT
06/17/2008 03:50 PM 18,967 migrate.inf
06/17/2008 03:50 PM <DIR> ..
06/17/2008 03:50 PM <DIR> .
06/17/2008 03:50 PM <DIR> system32
06/17/2008 03:50 PM 32,621 winnt.sif
06/17/2008 03:50 PM 1,805 unsupdrv.inf
06/17/2008 03:33 PM 413,907 txtsetup.sif
06/17/2008 03:33 PM 262,144 setupreg.hiv
02/12/2007 01:36 PM 277,784 iastor.sys
08/04/2004 01:02 AM 194,201 ntcompat.inf
08/04/2004 01:02 AM 9,424 drvmain.sdb
08/03/2004 11:18 PM 1,038,205 ntkrnlmp.ex_
08/03/2004 11:15 PM 30,067 serial.sy_
08/03/2004 11:15 PM 574,592 ntfs.sys
08/03/2004 11:14 PM 26,025 i8042prt.sy_
08/03/2004 11:14 PM 27,951 classpnp.sy_
08/03/2004 11:14 PM 72,696 fastfat.sy_
08/03/2004 11:14 PM 33,703 cdfs.sy_
08/03/2004 11:10 PM 38,047 ohci1394.sy_
08/03/2004 11:10 PM 29,992 1394bus.sy_
08/03/2004 11:08 PM 14,618 usbstor.sy_
08/03/2004 11:08 PM 14,592 usbccgp.sy_
08/03/2004 11:08 PM 30,383 usbhub.sy_
08/03/2004 11:08 PM 61,918 usbport.sy_
08/03/2004 11:08 PM 15,034 usbehci.sy_
08/03/2004 11:08 PM 9,350 usbohci.sy_
08/03/2004 11:08 PM 11,188 usbuhci.sy_
08/03/2004 11:08 PM 20,061 hidclass.sy_
08/03/2004 11:08 PM 12,727 hidparse.sy_
08/03/2004 11:07 PM 37,184 pci.sy_
08/03/2004 11:07 PM 54,681 pcmcia.sy_
08/03/2004 11:07 PM 91,947 acpi.sy_
08/03/2004 11:07 PM 125,135 dmboot.sy_
08/03/2004 11:07 PM 70,281 dmio.sy_
08/03/2004 11:07 PM 10,544 vga.sy_
08/03/2004 11:07 PM 38,449 videoprt.sy_
08/03/2004 11:05 PM 205,502 setupdd.sy_
08/03/2004 11:05 PM 232,832 spcmdcon.sys
08/03/2004 11:00 PM 12,010 ramdisk.sy_
08/03/2004 11:00 PM 4,064 i2omgmt.sy_
08/03/2004 11:00 PM 10,324 i2omp.sy_
08/03/2004 11:00 PM 68,787 tffsport.sy_
08/03/2004 11:00 PM 260,272 setupldr.bin
08/03/2004 10:59 PM 23,453 sbp2port.sy_
08/03/2004 10:59 PM 6,310 sfloppy.sy_
08/03/2004 10:59 PM 19,989 disk.sy_
08/03/2004 10:59 PM 24,812 cdrom.sy_
08/03/2004 10:59 PM 92,032 ksecdd.sys
08/03/2004 10:59 PM 49,558 atapi.sy_
08/03/2004 10:59 PM 2,943 viaide.sy_
08/03/2004 10:59 PM 52,069 scsiport.sy_
08/03/2004 10:59 PM 13,610 pciidex.sy_
08/03/2004 10:59 PM 2,897 intelide.sy_
08/03/2004 10:59 PM 14,614 lbrtfdc.sy_
08/03/2004 10:59 PM 11,325 flpydisk.sy_
08/03/2004 10:59 PM 15,204 fdc.sy_
08/03/2004 10:59 PM 3,985 kd1394.dl_
08/03/2004 10:59 PM 53,234 hal.dl_
08/03/2004 10:59 PM 51,352 halapic.dl_
08/03/2004 10:59 PM 47,111 halaacpi.dl_
08/03/2004 10:59 PM 40,176 halacpi.dl_
08/03/2004 10:59 PM 8,420 serenum.sy_
08/03/2004 10:58 PM 7,921 kbdhid.sy_
08/03/2004 10:58 PM 12,223 kbdclass.sy_
08/03/2004 10:58 PM 20,981 mountmgr.sy_
08/03/2004 10:38 PM 47,564 ntdetect.com
08/03/2004 10:05 PM 48,044 biosinfo.inf
07/16/2003 04:52 PM 2,509 wmilib.sy_
07/16/2003 04:49 PM 2,437 vgaoem.fo_
07/16/2003 04:49 PM 2,495 usbd.sy_
07/16/2003 04:48 PM 15,864 ultra.sy_
07/16/2003 04:48 PM 2,629 toside.sy_
07/16/2003 04:47 PM 17,923 sym_u3.sy_
07/16/2003 04:47 PM 16,761 sym_hi.sy_
07/16/2003 04:47 PM 18,304 symc8xx.sy_
07/16/2003 04:47 PM 8,352 symc810.sy_
07/16/2003 04:46 PM 1,599 spddlang.sy_
07/16/2003 04:46 PM 11,098 sparrow.sy_
07/16/2003 04:42 PM 27,359 ql1280.sy_
07/16/2003 04:42 PM 25,938 ql12160.sy_
07/16/2003 04:42 PM 22,855 ql1240.sy_
07/16/2003 04:42 PM 22,761 ql1080.sy_
07/16/2003 04:42 PM 18,888 ql10wnt.sy_
07/16/2003 04:41 PM 3,363 perc2hib.sy_
07/16/2003 04:41 PM 16,328 perc2.sy_
07/16/2003 04:41 PM 1,695 pciide.sy_
07/16/2003 04:41 PM 10,256 partmgr.sy_
07/16/2003 04:40 PM 1,629 oprghdlr.sy_
07/16/2003 04:34 PM 9,785 mraid35x.sy_
07/16/2003 04:32 PM 847 l_intl.nl_
07/16/2003 04:31 PM 4,184 kdcom.dl_
07/16/2003 04:31 PM 5,632 kbdus.dll
07/16/2003 04:30 PM 20,351 isapnp.sy_
07/16/2003 04:30 PM 8,560 ini910u.sy_
07/16/2003 04:29 PM 15,648 hpn.sy_
07/16/2003 04:29 PM 5,265 hidusb.sy_
07/16/2003 04:28 PM 60,791 ftdisk.sy_
07/16/2003 04:27 PM 10,997 dpti2o.sy_
07/16/2003 04:27 PM 2,859 dmload.sy_
07/16/2003 04:26 PM 3 disk102
07/16/2003 04:26 PM 3 disk103
07/16/2003 04:26 PM 3 disk104
07/16/2003 04:26 PM 3 disk101
07/16/2003 04:26 PM 29,302 dac2w2k.sy_
07/16/2003 04:26 PM 8,001 dac960nt.sy_
07/16/2003 04:26 PM 1,642 c_437.nl_
07/16/2003 04:26 PM 1,479 c_1252.nl_
07/16/2003 04:25 PM 8,537 cpqarray.sy_
07/16/2003 04:25 PM 3,671 cmdide.sy_
07/16/2003 04:25 PM 3,975 cd20xrnt.sy_
07/16/2003 04:25 PM 7,630 cbidf2k.sy_
07/16/2003 04:24 PM 6,232 bootvid.dl_
07/16/2003 04:24 PM 8,936 asc3550.sy_
07/16/2003 04:24 PM 13,211 asc3350p.sy_
07/16/2003 04:24 PM 15,258 asc.sy_
07/16/2003 04:24 PM 7,277 amsint.sy_
07/16/2003 04:24 PM 30,488 aic78xx.sy_
07/16/2003 04:24 PM 2,839 aliide.sy_
07/16/2003 04:24 PM 8,038 aha154x.sy_
07/16/2003 04:24 PM 29,912 aic78u2.sy_
07/16/2003 04:23 PM 50,331 adpu160m.sy_
07/16/2003 04:23 PM 6,449 acpiec.sy_
07/16/2003 04:23 PM 13,699 abp480n5.sy_
121 File(s) 5,824,914 bytes

Directory of C:\$WIN_NT$.~BT\system32

06/17/2008 03:50 PM <DIR> ..
06/17/2008 03:50 PM <DIR> .
08/04/2004 12:56 AM 708,096 ntdll.dll
07/16/2003 04:49 PM 469,504 smss.exe
2 File(s) 1,177,600 bytes

Total Files Listed:
123 File(s) 7,002,514 bytes
5 Dir(s) 255,795,621,888 bytes free

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:53 PM, on 7/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122676128734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122676383046
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11114 bytes

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 15 July 2008 - 06:14 PM

Hello, melbb.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 16 July 2008 - 01:05 PM

Here it is. When I was running the scan, I got a message from antivir saying it detected a trojan. It listed a file, NOD4325.tmp in my temp folder. When I checked the folder, the file wasn't there. I assume this was a NOD32 file that was created duinr the scan and then deleted, but I just wanted to mention it.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3271 (20080716)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=1193345644943f418a7d8511bb2d3608
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-16 03:29:20
# local_time=2008-07-16 11:29:20 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=273217
# found=0
# scan_time=10473

Edited by melbb, 16 July 2008 - 01:08 PM.


#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 16 July 2008 - 01:14 PM

Hello, melbb.
You now appear to be clean. Congratulations!

We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "None"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :thumbup2:
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :spacer:
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 18 July 2008 - 10:56 PM

Thanks, Billy. I run anti-spyware scans every Friday and was running one today and malware bytes came up with a trojan and some other adware (the latter which I think maybe is a false positive, looks like some files from an old version of ad-aware). I told it to delete them and I had to restart the compter. I ran repeat scans and just got on file from malware bytes, but then avira picked up a trojan in several locations. I don't know what is going on. Can you continue helping me or do I need to start a new topic?

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 18 July 2008 - 11:59 PM

Hello, melbb.

I have no problem helping if you're still having problems. For all I know I missed something :thumbsup:

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
We need to scan for rootkits with GMER
  • Please download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  • When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  • Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 19 July 2008 - 08:55 AM

Hi. Here are the logs. Just wanted to let you know that gmer did not prompt me to restart after changing the settings. Other than that, I followed your instructions. Also, I wanted to let you know that I cannot run malwarebytes after all the file deletions done by malwarebytes and avira without causing my computer to crash shortly into the scan. I don't know if the problem is unique to malwarebytes as I have not tried running any other anti-spyware scanners. I will post those logs for you just for your information, too.

Here is deckards:

Deckard's System Scanner v20071014.68
Run by Melanie Beebe on 2008-07-19 08:27:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-07-19 12:28:03 UTC - RP45 - Deckard's System Scanner Restore Point
44: 2008-07-18 23:14:02 UTC - RP44 - System Checkpoint
43: 2008-07-17 23:13:58 UTC - RP43 - System Checkpoint
42: 2008-07-16 22:29:41 UTC - RP42 - System Checkpoint
41: 2008-07-15 20:33:32 UTC - RP41 - Installed Java™ 6 Update 7


-- First Restore Point --
1: 2008-06-19 13:11:46 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Melanie Beebe.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:40 AM, on 7/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
C:\Documents and Settings\Melanie Beebe.CT18M51.000\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MELANI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netzero.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122676128734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122676383046
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} - http://images.fotki.com/activex/FotkiUploader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 11387 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080715-161321-622 O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...00001A.000000B7

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys
R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 HPFECP20 - c:\windows\system32\drivers\hpfecp20.sys
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 VNUSB (VN Series Device) - c:\windows\system32\drivers\vnusb.sys <Not Verified; OLYMPUS OPTICAL CO.,LTD.; VVRUSB Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 NMSAccess - c:\program files\cheetah burner\cheetah dvd burner\nmsaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\8030CE32D100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\8030CE32D100
Service: NIC1394


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\SYSTEM32\winlogon.exe (pid 860)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\WINDOWS\explorer.exe (pid 3112)
2006-10-18 21:47:22 133632 --a------ C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 166912 --a------ C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 284160 --a------ C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 19:32:58 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>
2006-07-11 01:59:53 102472 --a------ C:\Program Files\NZSearch\SearchEnh1.dll <Not Verified; United Online, Inc.; NetZero Browser Search Enhancements>


-- Files created between 2008-06-19 and 2008-07-19 -----------------------------

2008-07-18 19:46:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\CyberScrub
2008-07-16 09:22:51 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-07-16 09:22:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-16 07:24:38 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-15 16:33:34 0 d-------- C:\Program Files\Java
2008-07-15 16:33:33 0 d-------- C:\Program Files\Common Files\Java
2008-06-24 19:35:20 0 d-------- C:\Documents and Settings\Kirk Beebe.CT18M51\Application Data\Comodo
2008-06-23 21:34:20 0 dr-h----- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Recent
2008-06-20 13:29:34 0 d-------- C:\Program Files\Common Files\Acronis
2008-06-20 13:29:34 0 d-------- C:\Program Files\Acronis
2008-06-19 17:30:33 0 d-------- C:\Program Files\AskSBar
2008-06-19 17:30:08 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Comodo
2008-06-19 17:30:06 0 d-------- C:\Program Files\COMODO
2008-06-19 17:30:06 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo


-- Find3M Report ---------------------------------------------------------------

2008-07-19 08:12:18 0 d-------- C:\Program Files\Debugging Tools for Windows
2008-07-19 00:00:11 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 23:59:02 0 d-------- C:\Program Files\a-squared Free
2008-07-18 20:18:02 0 d-------- C:\Program Files\SpywareBlaster
2008-07-15 17:16:47 0 d-------- C:\Program Files\NetZero
2008-07-15 16:33:33 0 d-------- C:\Program Files\Common Files
2008-07-14 09:37:49 0 d-------- C:\Program Files\Lavasoft
2008-07-14 09:36:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 09:35:48 0 d-------- C:\Program Files\NZSearch
2008-06-26 13:50:07 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Adobe
2008-06-25 08:23:59 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\SiteAdvisor
2008-06-23 20:06:17 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\EndNote
2008-06-19 09:11:19 0 d-------- C:\Program Files\Common Files\Motive
2008-06-18 14:51:40 0 d-------- C:\Program Files\Dell AIO Printer A920
2008-06-18 14:25:21 0 d-------- C:\Program Files\Avira
2008-06-18 14:11:04 0 d-------- C:\Program Files\Messenger
2008-06-18 14:10:55 0 d-------- C:\Program Files\Movie Maker
2008-06-18 14:09:30 0 d-------- C:\Program Files\Windows NT
2008-06-18 13:51:57 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-17 15:40:38 0 d-------- C:\Program Files\nLite
2008-06-17 07:46:01 0 d-------- C:\Program Files\Western Digital Technologies
2008-06-16 23:26:50 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\InstallShield
2008-06-15 12:48:11 0 d-------- C:\Program Files\Windows Resource Kits
2008-06-14 23:20:35 2555904 --ahs---- C:\gobackio.bin
2008-06-11 22:24:13 0 d-------- C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data\Malwarebytes
2008-05-30 09:21:26 0 d-------- C:\Program Files\CCleaner
2008-05-25 10:49:39 0 d-------- C:\Program Files\SiteAdvisor
2008-05-20 19:32:58 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
06/19/2008 05:30 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [06/19/2008 05:30 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/15/2004 02:04 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 10:43 AM]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 09:23 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/13/2007 02:05 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07/17/2008 02:34 PM]
"P17Helper"="P17.dll" [06/10/2004 12:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [06/19/2008 05:30 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/19/2008 05:30 PM]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [10/30/2007 08:06 PM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [10/30/2007 08:11 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [10/30/2007 08:07 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/03/2004 02:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"Privacy Suite RiskMonitor"="C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe" [11/22/2007 11:53 AM]

C:\Documents and Settings\Melanie Beebe.CT18M51.000\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [6/18/2008 1:53:37 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 07:32 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= scecli scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com

16755 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-19 08:32:19 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 1022.09 MiB / 638.36 MiB
Pagefile Memory (total/avail): 2461.9 MiB / 2057.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1877.65 MiB

C: is Fixed (NTFS) - 283.9 GiB total, 237.57 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200AAKS-00B3A0 - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 188.23 MiB
\PARTITION1 (bootable) - Installable File System - 283.9 GiB - C:
\PARTITION2 - Unknown - 14 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Melanie Beebe.CT18M51.000\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CT18M51
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Melanie Beebe.CT18M51.000
LOGONSERVER=\\CT18M51
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MELANI~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\MELANI~1.000\LOCALS~1\Temp
USERDOMAIN=CT18M51
USERNAME=Melanie Beebe
USERPROFILE=C:\Documents and Settings\Melanie Beebe.CT18M51.000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Melanie Beebe.CT18M51.000 (admin)
Kirk Beebe.CT18M51 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Acronis True Image Home --> MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Adorons Easy Security --> C:\Program Files\Belarc\Advisor\Uninstall.exe "C:\Program Files\Enigma Software Group\Adorons Easy Security\install.log"
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Mid Recorder 3.7.2 --> "C:\Program Files\Audio Mid Recorder\unins000.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Cheetah DVD Burner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{563E2BC8-A0CA-4A81-9DD2-897BB326C679}\Setup.exe"
Cheetah WMA Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDB7CDB2-40E6-4893-95E9-7A551AF865CD}\Setup.exe"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
CyberScrub® Privacy Suite™ 5.0 --> "C:\Program Files\CyberScrub Privacy Suite\unins000.exe"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
Debugging Tools for Windows (x86) --> MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637}
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Garmin POI Loader --> MsiExec.exe /X{80A2A967-C1B7-412D-B2B2-C4A33209C205}
Garmin WebUpdater --> MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
GPS Image Tracker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe" -l0x9 /removeonly uninstall -removeonly
HijackThis 2.0.2 --> C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\HijackThis.exe /uninstall
HP DeskJet 610C Series (Remove only) --> C:\Program Files\HP DeskJet 610C Series\hpfiui.exe -c -vdivid=HPF -vpnum=20 -vproduct=610C -huninstall
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Jalview --> C:\WINDOWS\system32\javaws.exe -uninstall "http://www.jalview.org/webstart/jalview.jnlp"
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LOTR The Return of the King tm --> C:\Program Files\EA GAMES\LOTR The Return of the King tm\EAUninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
MediaFACE 4.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7F581D1D-C9A7-4C77-B88A-27537173CEDF}
MediaFACE 4.0 Business Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}
MediaFACE 4.0 General Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268D18A2-4539-4530-8192-F13EDD876FFC}
MediaFACE 4.0 Lifestyle Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}
MediaFACE 4.0 Music Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8739235F-201D-449C-A03F-277A85F0FE1E}
MediaFACE 4.0 Special Occasion Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DA84434F-25B6-4716-A390-AC678FB6516D}
MediaFACE 4.0 Spiritual Image Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1DA6AB38-2876-4AE4-8236-24C2CF66601B}
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA}
Microsoft Works 2000 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2000\Setup\Launcher.exe D:\
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Netscape Internet Service --> C:\Program Files\Belarc\Advisor\Uninstall.exe
Netscape Web Accelerator --> C:\Program Files\Belarc\Advisor\Uninstall.exe
NetZero Internet --> "C:\Program Files\NetZero\uninst.exe"
nLite 1.4.6 --> "C:\Program Files\nLite\unins000.exe"
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
PeaZip 1.9.1 --> "C:\Program Files\PeaZip\unins000.exe"
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 /removeonly /cont -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeMedia Add-on for Acronis True Image 11 Home --> MsiExec.exe /X{82DFB569-F78E-47BB-B252-45B4AA45CA86}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
TDK Digital MixMaster --> C:\WINDOWS\UNDMM.exe /UNINSTALL
UCSF Chimera 1.2065 --> "C:\Program Files\Chimera\unins000.exe"
VSO CopyToDVD 3 --> "C:\Program Files\VSO\unins000.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 8.0 --> MsiExec.exe /X{6FC82D6E-0D46-4E72-90DC-36E5D59B97E4}
Word in Works Suite add-in --> MsiExec.exe /I{0DB93918-2A77-11D3-805A-00C04FA329AA}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type71 / Error
Event Submitted/Written: 07/18/2008 11:25:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avscan.exe, version 8.1.4.7, faulting module msvcr71.dll, version 7.10.3052.4, fault address 0x00010440.
Processing media-specific event for [avscan.exe!ws!]

Event Record #/Type70 / Warning
Event Submitted/Written: 07/18/2008 10:51:25 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011556.exe

Event Record #/Type69 / Warning
Event Submitted/Written: 07/18/2008 10:51:02 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011555.exe

Event Record #/Type68 / Warning
Event Submitted/Written: 07/18/2008 10:50:50 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011556.exe

Event Record #/Type67 / Warning
Event Submitted/Written: 07/18/2008 10:50:43 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011556.exe



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3104 / Error
Event Submitted/Written: 07/19/2008 07:54:44 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bf933a6f, parameter3 af9d68fc, parameter4 00000000.

Event Record #/Type3053 / Error
Event Submitted/Written: 07/19/2008 00:43:22 AM
Event ID/Source: 9 / iaStor
Event Description:
The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Event Record #/Type3052 / Warning
Event Submitted/Written: 07/19/2008 00:43:22 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type3051 / Error
Event Submitted/Written: 07/19/2008 00:43:02 AM
Event ID/Source: 9 / iaStor
Event Description:
The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Event Record #/Type3050 / Warning
Event Submitted/Written: 07/19/2008 00:43:02 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-19 08:32:19 ------------

#12 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 19 July 2008 - 08:56 AM

here is gmer:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-19 09:08:06
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6988C8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xB69883C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xB69888A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xB698943C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xB6988080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xB698A084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6988E72]
SSDT F7C17D94 ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xB69890B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6989268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xB6987B02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xB6989D24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xB6988AB0]
SSDT F7C17D80 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xB6988744]
SSDT F7C17D85 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xB69897F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6988196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6989AE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6989EC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xB6989602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xB69885D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6988638]
SSDT F7C17D8F ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xB6987E18]
SSDT F7C17D8A ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00625060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00624F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00624C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006216D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00621550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00621860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00621230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 006213C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 70, 88 ]
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00624960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe[388] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00624AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wdfmgr.exe[424] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[424] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\MsPMSPSv.exe[464] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\a-squared Free\a2service.exe[668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\a-squared Free\a2service.exe[668] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[684] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00635060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00634F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00631860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00631230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 006313C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 71, 88 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00634C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006316D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00631550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00634960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[752] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00634AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[788] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[904] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[904] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[924] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[924] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1124] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1300] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1300] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SAService.exe[1388] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1392] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1392] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1568] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1568] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003B5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003B4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 49, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003B4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1624] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003B4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\LEXPPS.EXE[1744] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1752] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[2036] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2036] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[2368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2368] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[3112] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[3112] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003A5060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 48, 88 ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003A4960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3224] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[3244] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SiteAdvisor\6261\SiteAdv.exe[3268] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 4B, 88 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3304] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Rundll32.exe[3316] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[3316] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] USER32.DLL!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] USER32.DLL!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] USER32.DLL!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Melanie Beebe.CT18M51.000\Desktop\gmer\gmer.exe[3368] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00A85060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A84F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A84C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 00A816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00A81550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00A81860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00A81230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 00A813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ B6, 88 ]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00A84960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[3412] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00A84AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00D25060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00D24F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00D24C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] USER32.dll!mouse_event 7E46673F 3 Bytes JMP 00D216D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] USER32.dll!mouse_event + 4 7E466743 1 Byte [ 82 ]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] USER32.dll!keybd_event 7E466783 3 Bytes JMP 00D21550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] USER32.dll!keybd_event + 4 7E466787 1 Byte [ 82 ]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00D21860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00D21230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 00D213C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ E0, 88 ]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00D24960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3420] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00D24AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3436] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[3524] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] user32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] user32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] user32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] GDI32.dll!CreateDCW 77F1BE28 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] GDI32.dll!CreateDCW + 3 77F1BE2B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberScrub Privacy Suite\CSRiskmon.exe[3688] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7353950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7353990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7353710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7353770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us@DisplayName America Online (Choose which version to remove)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us@UninstallString C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us@DisplayIcon C:\Program Files\America Online 9.0\AOL.EXE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\America Online us@InstalledPath C:\Program Files\America Online 9.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach@DisplayName AOL Coach Version 1.0(Build:20030807.3)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AolCoach@UnInstallString C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource@PRODUCT_GUID {56F3E1FF-54FE-4384-A153-6CCABA097814}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource@LogFile C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector@LogFile C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Detector@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack@LogFile C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Player Skin Pack@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center@LogFile C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative MiniDisc Center@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults@LogFile C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio@LogFile C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver@DisplayName Dell Digital Jukebox Driver
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver@UninstallString C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver@UnwiseLog C:\WINDOWS\UNWISE.EXE C:\WINDOWS\DJBDRV.LOG
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Digital Jukebox Driver@DisplayIcon C:\Program Files\Dell\Digital Jukebox Drivers\CtDrvStp.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DEVCTRL2@LogFile C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DEVCTRL2@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics3@LogFile C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics3@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EAX@LogFile C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EAX@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EQUALIZER@LogFile C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EQUALIZER@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{1DA6AB38-2876-4AE4-8236-24C2CF66601B}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{1DA6AB38-2876-4AE4-8236-24C2CF66601B}@LogFile C:\Program Files\InstallShield Installation Information\{1DA6AB38-2876-4AE4-8236-24C2CF66601B}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{1DA6AB38-2876-4AE4-8236-24C2CF66601B}@StatusText MediaFACE 4.0 Spiritual Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{268D18A2-4539-4530-8192-F13EDD876FFC}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{268D18A2-4539-4530-8192-F13EDD876FFC}@LogFile C:\Program Files\InstallShield Installation Information\{268D18A2-4539-4530-8192-F13EDD876FFC}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{268D18A2-4539-4530-8192-F13EDD876FFC}@StatusText MediaFACE 4.0 General Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{2E086814-7392-4E0F-ADB8-54A81E47406C}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{2E086814-7392-4E0F-ADB8-54A81E47406C}@LogFile C:\Program Files\InstallShield Installation Information\{2E086814-7392-4E0F-ADB8-54A81E47406C}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{2E086814-7392-4E0F-ADB8-54A81E47406C}@StatusText Broadcom Advanced Control Suite 2 Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{7F581D1D-C9A7-4C77-B88A-27537173CEDF}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{7F581D1D-C9A7-4C77-B88A-27537173CEDF}@LogFile C:\Program Files\InstallShield Installation Information\{7F581D1D-C9A7-4C77-B88A-27537173CEDF}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{7F581D1D-C9A7-4C77-B88A-27537173CEDF}@StatusText
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8739235F-201D-449C-A03F-277A85F0FE1E}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8739235F-201D-449C-A03F-277A85F0FE1E}@LogFile C:\Program Files\InstallShield Installation Information\{8739235F-201D-449C-A03F-277A85F0FE1E}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{8739235F-201D-449C-A03F-277A85F0FE1E}@StatusText MediaFACE 4.0 Music Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}@LogFile C:\Program Files\InstallShield Installation Information\{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{9AD92782-CAC6-48DF-A060-BFD6FE7689E7}@StatusText MediaFACE 4.0 Lifestyle Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DA84434F-25B6-4716-A390-AC678FB6516D}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DA84434F-25B6-4716-A390-AC678FB6516D}@LogFile C:\Program Files\InstallShield Installation Information\{DA84434F-25B6-4716-A390-AC678FB6516D}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{DA84434F-25B6-4716-A390-AC678FB6516D}@StatusText MediaFACE 4.0 Special Occasion Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}@LogFile C:\Program Files\InstallShield Installation Information\{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{FED4E1E2-9E19-44FE-8265-E4AAE03EBC80}@StatusText MediaFACE 4.0 Business Image Library Setup is preparing the InstallShield Wizard, which will guide you through the program setup process. Please wait.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@UninstallString C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@DisplayName Broadcom Advanced Control Suite 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@LogFile C:\Program Files\InstallShield Installation Information\{2E086814-7392-4E0F-ADB8-54A81E47406C}\Setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Comments Broadcom Advanced Control Suite 2 (BACS)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Contact Dell Customer Support
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@DisplayVersion 7.58.01
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@HelpTelephone ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@InstallDate 20040903
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@InstallLocation C:\Program Files\Broadcom\BACS\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@InstallSource
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@ProductID
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Publisher Broadcom
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Readme C:\Program Files\Broadcom\BACS\Readme.txt
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@URLInfoAbout www.broadcom.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@URLUpdateInfo http://www.support.dell.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@HelpLink http://www.support.dell.com
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@EstimatedSize 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Language 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@Version 121241601
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@VersionMajor 7
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@VersionMinor 58
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@DisplayIcon
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@RegOwner
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}@RegCompany
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime@DisplayName QuickTime
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickTime@UninstallString C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFBM@LogFile C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SFBM@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave@DisplayName Shockwave
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave@UninstallString C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave@QuietDisplayName Shockwave Director 8.5.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave@QuietUninstallString RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\\INF\\swdir.inf,DefaultUninstall,5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave@RequiresIESysFile 4.70.0.1155
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash@QuietDisplayName Shockwave Flash
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash@QuietUninstallString RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash@RequiresIESysFile 4.70.0.1155
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! 24-bit@PRODUCT_GUID {CEB481CC-F57C-4397-81A0-DADD22257047}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Live! 24-bit Windows Drivers@UninstallString "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER@LogFile C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEAKER@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin@UninstallString C:\Program Files\Learn2.com\StRunner\stuninst.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin@DisplayName Learn2 Player (Uninstall Only)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SURMIXER@LogFile C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SURMIXER@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}@DisplayName ATI Control Panel
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}@LogFile C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}@DisplayVersion 6.14.10.5103
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}@DisplayName Dell Media Experience
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2637C347-9DAD-11D6-9EA2-00055D0CA761}@LogFile C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@DisplayName Modem On Hold
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@DisplayIcon C:\Program Files\Modem On Hold\MOH.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@Publisher BVRP Software, Inc
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@DisplayVersion 1.12
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@VersionMajor 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@VersionMinor 12
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@InstallLocation C:\Program Files\Modem On Hold
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@Language 9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}@LogFile C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}@LogFile C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}@LogFile C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45EBDA59-D33B-433A-956E-B2F236468B56}@UninstallString C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45EBDA59-D33B-433A-956E-B2F236468B56}@DisplayName MUSICMATCH? Jukebox
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45EBDA59-D33B-433A-956E-B2F236468B56}@LogFile C:\Program Files\InstallShield Installation Information\{45EBDA59-D33B-433A-956E-B2F236468B56}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45EBDA59-D33B-433A-956E-B2F236468B56}@DisplayIcon C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMJB.exe,0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}@LogFile C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@ProductName Creative MediaSource
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@ProductVersion 1.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@CREATIVE_MEDIASOURCE Creative MediaSource
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@Count CREATIVE_MEDIASOURCE,MEDIA_DETECTOR,MEDIASOURCE_PLAYER_SKINPACK,
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@MEDIA_DETECTOR Creative MediaSource Detector
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@MEDIASOURCE_PLAYER_SKINPACK Creative MediaSource Player Skin Pack
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@DisplayName Creative MediaSource
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@LogFile C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56F3E1FF-54FE-4384-A153-6CCABA097814}@DisplayIcon C:\Program Files\Creative\MediaSource\CTCMS.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}@LogFile C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\DATABASE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\DATABASE@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\DATABASE@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MANALYZE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MANALYZE@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MANALYZE@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MEDIATAG
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MEDIATAG@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\MEDIATAG@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\NETCONT
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\NETCONT@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\NETCONT@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\PLAYREC
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\PLAYREC@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\PLAYREC@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\PLAYREC@DEBD7BF3-5856-11D6-A285-00A0CC51B2FE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\SMARTPLY
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\SMARTPLY@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\SMARTPLY@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@7A900EAB-DA37-4554-AF19-9C337476D05D
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@DEBD7BF3-5856-11D6-A285-00A0CC51B2FE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@A1185190-514F-11D6-A285-00A0CC51B2FE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@5210ED6D-52A9-11D6-A285-00A0CC51B2FE
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\THEME@FB2292C6-1F0A-11D7-AB2D-0090271A23A2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67AEFC4C-69E4-11D7-85F4-00E018013273}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67AEFC4C-69E4-11D7-85F4-00E018013273}@LogFile C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}@DisplayName PowerDVD 5.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}@LogFile C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}@DisplayIcon C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe,0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7201B853-5833-11D6-A285-00A0CC51B2FE}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7201B853-5833-11D6-A285-00A0CC51B2FE}@LogFile C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}@DisplayName Modem Event Monitor
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}@LogFile C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A900EAB-DA37-4554-AF19-9C337476D05D}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A900EAB-DA37-4554-AF19-9C337476D05D}@LogFile C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@DisplayIcon C:\Program Files\Modem Helper\MDM_Util.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@Publisher BVRP Software
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@DisplayVersion 2.25
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@InstallLocation C:\Program Files\Modem Helper
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@Language 9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@DisplayName Modem Helper
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@LogFile C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}@ModemHelperPath C:\Program Files\Modem Helper
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}@DisplayName Intel Application Accelerator
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}@LogFile C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}@TargetDir C:\Program Files\Intel\Intel Application Accelerator
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1185190-514F-11D6-A285-00A0CC51B2FE}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A1185190-514F-11D6-A285-00A0CC51B2FE}@LogFile C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC157741-3285-4D6A-B934-9174587A3493}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC157741-3285-4D6A-B934-9174587A3493}@LogFile C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}@LogFile C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@ProductName Sound Blaster Live! 24-bit
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@ProductVersion 5.0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@DiskID SB24-DLS1D-W2-LB
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@DiskIDLoc C:\DELL\T4170\
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@DisplayName Sound Blaster Live! 24-bit
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@LogFile C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@DEVICE_CONTROL DEVCTRL2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@RESTORE_DEFAULTS2 Creative Restore Defaults
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@DIAGNOSTICS3 Diagnostics3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@EAX_CONSOLE EAX
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@SURROUND_MIXER SURMIXER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@SPEAKER_SETTINGS SPEAKER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@GRAPHIC_EQUALIZER EQUALIZER
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@MINIDISC Creative MiniDisc Center
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@WAVESTUDIO Creative WaveStudio
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@SFBANK_MGR SFBM
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@MIDISAMPLE MIDI Samples
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CEB481CC-F57C-4397-81A0-DADD22257047}@WINDRV Sound Blaster Live! 24-bit Windows Drivers
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}@LogFile C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}@LogFile C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}@LogFile C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}@UninstallString RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}@LogFile C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.ilg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@0 C:\Program Files\Netscape Internet Service\css.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@1 C:\Program Files\Netscape Internet Service\dialer.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@2 C:\Program Files\Netscape Internet Service\help.chm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@3 C:\Program Files\Netscape Internet Service\help.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@4 C:\Program Files\Netscape Internet Service\main.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@5 C:\Program Files\Netscape Internet Service\install.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@6 C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@7 C:\Program Files\Netscape Internet Service\cmdial32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@8 C:\Program Files\Netscape Internet Service\phdiag.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@9 C:\Program Files\Netscape Internet Service\userpath.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@10 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\settings.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@11 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\skin0000.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@12 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\update.ini
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@13 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\skin0000.ini
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@14 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\currloc.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@15 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\phdiag.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@16 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\users.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@17 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\pbk.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@18 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\pbk.dat.idx
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@19 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\pbk.dat.tmp
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Files@ 19
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Folder@0 C:\Program Files\Netscape Internet Service\update
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Folder@1 C:\Documents and Settings\All Users\Application Data\Netscape Internet Service\skin0000
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Folder@ 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell@ 3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0@szLabel Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0@szLinkObject C:\Program Files\Netscape Internet Service\dialer.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0@szWorkingDir C:\Program Files\Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0@szProgGrpDir Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\0@dStyle 69664
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1@szLabel Netscape Internet Service Help
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1@szLinkObject C:\Program Files\Netscape Internet Service\help.chm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1@szWorkingDir C:\Program Files\Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1@szProgGrpDir Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\1@dStyle 69664
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2@szLabel Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2@szLinkObject C:\Program Files\Netscape Internet Service\dialer.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2@szWorkingDir C:\Program Files\Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2@szProgGrpDir Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\2@dStyle 69633
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3@szLabel Netscape Internet Service Help
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3@szLinkObject C:\Program Files\Netscape Internet Service\help.chm
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3@szWorkingDir C:\Program Files\Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3@szProgGrpDir Netscape Internet Service
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73D9}\Shell\3@dStyle 69633
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@0 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\accinst.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@1 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\accinst.ini
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@2 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\accupd.ini
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@3 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\nsaccel.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@4 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@5 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\psapi.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@6 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sdicore.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@7 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\sporder.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@8 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\0.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@9 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\0.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@10 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\1.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@11 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\1.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@12 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\2.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@13 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\2.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@14 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\3.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@15 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\3.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@16 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\4.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@17 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\4.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@18 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\5.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@19 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\5.jpg
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@20 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\cproxy.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@21 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\fullq_img.html
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@22 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\fullqall_img.html
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@23 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i1.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@24 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i2.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@25 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i3.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@26 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i4.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@27 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i5.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@28 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i6.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@29 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i7.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@30 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i8.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@31 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i9.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@32 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i10.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@33 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i11.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@34 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\i12.gif
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@35 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\icon_busy.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@36 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\icon_disconnected.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@37 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\icon_enabled.ico
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@38 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\sdi_ui.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@39 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\statistics.dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@40 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources\sdi.db
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Files@ 40
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Folder@0 C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\resources
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FFC3B772-C00A-42da-90A6-A87F4AFD73E0}\Folder@ 0

---- EOF - GMER 1.0.14 ----

#13 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 19 July 2008 - 08:58 AM

malwarebytes log:

Malwarebytes' Anti-Malware 1.20
Database version: 965
Windows 5.1.2600 Service Pack 3

8:00:32 PM 7/18/2008
mbam-log-7-18-2008 (20-00-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 141998
Time elapsed: 1 hour(s), 40 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\Ad-Aware Add-ons\plhexdump.exe (Adware.Agent) -> Delete on reboot.
C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\Ad-Aware Add-ons\plmessengerstop.exe (Adware.Agent) -> Delete on reboot.
C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\Ad-Aware Add-ons\pltweakse.exe (Adware.Agent) -> Delete on reboot.
C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\Ad-Aware Add-ons\plvx2cleaner.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\TDM\TDMInstall.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files\MUSICMATCH\MUSICMATCH Update\TDM\TDMInstall.exe (Adware.Agent) -> Delete on reboot.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002421.rbf (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002467.dll (Adware.Agent) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> Delete on reboot.





Second malwarebytes log after first round of deletions:

Malwarebytes' Anti-Malware 1.20
Database version: 965
Windows 5.1.2600 Service Pack 3

11:42:18 PM 7/18/2008
mbam-log-7-18-2008 (23-42-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142013
Time elapsed: 3 hour(s), 16 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011553.exe (Adware.Agent) -> Delete on reboot.



avira log after first set of malwarebytes deletions:



Avira AntiVir Personal
Report file date: Friday, July 18, 2008 20:21

Scanning for 1475814 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CT18M51

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 7/11/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 7/17/2008 18:34:30
AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/17/2008 18:34:30
LUKE.DLL : 8.1.4.5 164097 Bytes 7/17/2008 18:34:30
LUKERES.DLL : 8.1.4.0 12033 Bytes 7/17/2008 18:34:30
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 18:40:06
ANTIVIR2.VDF : 7.0.5.119 1264128 Bytes 7/15/2008 18:30:04
ANTIVIR3.VDF : 7.0.5.138 321536 Bytes 7/18/2008 18:26:56
Engineversion : 8.1.1.11
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 7/18/2008 18:27:09
AESCN.DLL : 8.1.0.23 119156 Bytes 7/15/2008 18:30:34
AERDL.DLL : 8.1.0.20 418165 Bytes 6/18/2008 19:38:11
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 18:30:31
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 7/18/2008 18:27:06
AEHEUR.DLL : 8.1.0.43 1339767 Bytes 7/18/2008 18:27:04
AEHELP.DLL : 8.1.0.15 115063 Bytes 6/18/2008 19:37:49
AEGEN.DLL : 8.1.0.29 307573 Bytes 6/20/2008 18:31:40
AEEMU.DLL : 8.1.0.6 430451 Bytes 6/18/2008 19:37:43
AECORE.DLL : 8.1.1.6 172405 Bytes 7/17/2008 18:34:30
AEBB.DLL : 8.1.0.1 53617 Bytes 7/17/2008 18:34:30
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/17/2008 18:34:30
AVPREF.DLL : 8.0.2.0 38657 Bytes 7/17/2008 18:34:30
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.1 33537 Bytes 7/17/2008 18:34:30
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/17/2008 18:34:30
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/17/2008 18:34:30
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/17/2008 18:34:26
RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/17/2008 18:34:26

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, July 18, 2008 20:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'a2free.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Ad-Aware.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageTryStartService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SAService.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccess.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'CSRiskMon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'schedhlp.exe' - '1' Module(s) have been scanned
Scan process 'TimounterMonitor.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'cssurf.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SiteAdv.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Kirk Beebe.CT18M51\My Documents\Spyware Detection\spywareblastersetup.exe
[DETECTION] Is the TR/Gendal.2247855 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[WARNING] Error in ARK lib
[NOTE] The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011555.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48b156c5.qua'!
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0011556.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48b156dc.qua'!


End of the scan: Friday, July 18, 2008 23:24
Used time: 3:03:16 Hour(s)

The scan has been done completely.

7527 Scanning directories
272568 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
272563 Files not concerned
3933 Archives were scanned
3 Warnings
3 Notes

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:25 AM

Posted 19 July 2008 - 01:46 PM

Hello, Melbb

WARNING!!
I would suggest you back up your data sooner rather than later on your D hard disk. Note the following:
Event Record #/Type3052 / Warning
Event Submitted/Written: 07/19/2008 00:43:22 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

That indicates likely failure of that disk. If your machine is behaving slow, that may be why.

It could also explain some of the other problems you've been having on this machine.


The entries detected by MbAM and Avira appear to be heuristics hits against Ad-Aware. This may make sense considering adAware has descriptions of malware within itself. The "Several locations" Avira hit appear to installers for Spyware Blaster, as well as their copies in System Restore.


Do you have any other questions?
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:25 AM

Posted 19 July 2008 - 01:59 PM

Do you mean my C drive? You said D. D is my CD writer drive.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users