Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Anti Virus Xp 2008


  • This topic is locked This topic is locked
21 replies to this topic

#1 dp3133

dp3133

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 10 August 2008 - 09:33 AM

I got infected with the Anti virus XP 2008 bug. I ran Malwarebytes' Anti-Malware and seemed to remove it. There still seems to be other bits and viruses that are still on my computer. Occasionaly my virus protectoin will say that I have a virus still on my computer.
Please help..
Attached below are the different scans that are required for this post...

Thanks!!


Deckard's System Scanner v20071014.68
Run by Daniel Pilgrim on 2008-08-10 09:22:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-08-10 13:23:01 UTC - RP1239 - Deckard's System Scanner Restore Point
3: 2008-08-09 22:17:44 UTC - RP1238 - System Checkpoint
2: 2008-08-08 21:53:54 UTC - RP1237 - Installed Java™ 6 Update 7
1: 2008-08-08 13:10:53 UTC - RP1236 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).
System Drive C: has 1.44 GiB (less than 15%) free.


-- HijackThis (run as Daniel Pilgrim.exe) --------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-10 09:33:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\vsstat.exe
C:\Program Files\Network Associates\VirusScan\vshwin32.exe
C:\Program Files\Network Associates\VirusScan\avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SM1bg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PopUp Stopper\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Daniel Pilgrim\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxvf.exe] C:\WINDOWS\system32\kdxvf.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.aol.com (HKCU)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11111111-2222-3333-4444-555555555555} () - https://www.taxsimple.com/citrix/federal.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} (CTAdjust Class) - http://download.microsoft.com/download/7/3...dd/clearadj.CAB
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\Runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MySql - Unknown owner - C:/Fireserv/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe


--
End of file - 9428 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20051027-141950-578 O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
backup-20051027-142010-816 O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NaiFsRec - c:\windows\system32\drivers\naifsrec.sys
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 NaiFiltr - c:\program files\common files\network associates\mcshield\naifiltr.sys

S3 V90drv - c:\windows\system32\drivers\v90drv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AvSynMgr (AVSync Manager) - "c:\program files\network associates\virusscan\avsynmgr.exe"
R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

S2 MySql - c:/fireserv/mysql/bin/mysqld-nt.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description:
Device ID: ROOT\IMAGE\0000
Manufacturer:
Name:
PNP Device ID: ROOT\IMAGE\0000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-03 10:19:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-10 and 2008-08-10 -----------------------------

2008-08-08 12:01:34 0 d-------- C:\Documents and Settings\Daniel Pilgrim\Application Data\Malwarebytes
2008-08-08 11:58:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 11:57:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 11:27:56 0 d-------- C:\Program Files\RogueRemover FREE
2008-08-08 10:49:23 0 d-------- C:\Program Files\Enigma Software Group
2008-08-08 10:39:41 181 --a------ C:\WINDOWS\Sysvxd.exe
2008-08-05 01:15:29 66360 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-29 14:45:31 0 d-------- C:\Program Files\Picasa2
2008-07-28 22:23:23 0 d-------- C:\WINDOWS\Prefetch
2008-07-28 20:59:17 0 d-------- C:\WINDOWS\system32\scripting
2008-07-28 20:58:58 0 d-------- C:\WINDOWS\l2schemas
2008-07-28 20:58:55 0 d-------- C:\WINDOWS\system32\en
2008-07-28 20:16:30 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-28 17:12:41 0 d-------- C:\WINDOWS\system32\CatRoot_bak


-- Find3M Report ---------------------------------------------------------------

2008-08-08 18:00:48 0 d-------- C:\Program Files\Java
2008-08-08 15:35:53 857 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-08-08 09:04:13 0 d-------- C:\Documents and Settings\Daniel Pilgrim\Application Data\uTorrent
2008-08-08 08:36:47 0 d-------- C:\Program Files\Soulseek-Test
2008-07-29 14:47:02 0 d-------- C:\Program Files\Google
2008-07-28 21:35:46 0 d-------- C:\Program Files\Messenger
2008-07-28 21:18:12 0 d-------- C:\Program Files\Windows NT
2008-07-28 21:18:01 0 d-------- C:\Program Files\Movie Maker
2008-07-26 17:14:26 0 d-------- C:\Documents and Settings\Daniel Pilgrim\Application Data\Adobe
2008-07-20 19:30:24 0 d-------- C:\Program Files\Soulseek
2008-06-24 22:42:56 0 d-------- C:\Program Files\Daniusoft
2008-06-24 22:39:52 0 d-------- C:\Program Files\Free M4a to MP3 Converter
2008-06-24 22:18:34 0 d-------- C:\Program Files\WMA-MP3.com
2008-06-24 15:41:00 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 03:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/07/2003 08:11 PM]
"Mp3Detective"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"C:\WINDOWS\system32\kdxvf.exe"="C:\WINDOWS\system32\kdxvf.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe" [02/06/2003 11:30 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Mp3Detective"="" []
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [06/07/2006 11:26 PM]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [7/7/2007 7:43:43 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel Pilgrim^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel Pilgrim^Start Menu^Programs^Startup^Yahoo! Desktop Search System Tray.lnk]
path=C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup\Yahoo! Desktop Search System Tray.lnk
backup=C:\WINDOWS\pss\Yahoo! Desktop Search System Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMAmp]
C:\Program Files\The Easy Network\AIM Amp 1.xx\AIMAmp.exe -norun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbdirect]
C:\PROGRA~1\\scansoft\PAPERP~1\fbdirect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
C:\WINDOWS\realtime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc




-- End of Deckard's System Scanner: finished at 2008-08-10 09:37:27 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 1.80GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 247.48 MiB / 91.74 MiB
Pagefile Memory (total/avail): 848.62 MiB / 533.58 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.5 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 55.9 GiB total, 1.44 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST360020A - 55.9 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.9 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\RightFTP\\rightftp.exe"="C:\\Program Files\\RightFTP\\rightftp.exe:*:Enabled:rightftp"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\WINDOWS\\system32"="C:\\WINDOWS\\system32:*:Enabled:lockx"
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\utorrent.exe"="C:\\Program Files\\utorrent.exe:*:Enabled:utorrent"
"C:\\Program Files\\aim\\aim.exe"="C:\\Program Files\\aim\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\WINDOWS\\system32\\wjview.exe"="C:\\WINDOWS\\system32\\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Daniel Pilgrim\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DANIEL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Daniel Pilgrim
LOGONSERVER=\\DANIEL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\SSH Communications Security\SSH Secure Shell;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\SSHCOM~1\SSHSEC~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp
USERDOMAIN=DANIEL
USERNAME=Daniel Pilgrim
USERPROFILE=C:\Documents and Settings\Daniel Pilgrim
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Daniel Pilgrim (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
56Kbps Internal Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Winamp\Plugins\wavremu.exe
AOL Instant Messenger --> C:\Program Files\aim\uninstll.exe -LOG= C:\Program Files\aim\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client --> C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Cool Edit 2000 --> C:\Program Files\Cool2000\ce2Kunin.exe
Corel Applications --> C:\WINDOWS\Corel\Uninstal.exe
Cypress USB Mass Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Daniusoft WMA MP3 Converter(Build 1.5.11) --> "C:\Program Files\Daniusoft\WMA MP3 Converter\unins000.exe"
dBpowerAMP Mp4 & AAC Decode Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
DivX 5.0.2 Bundle --> C:\WINDOWS\unvise32.exe C:\uninstal.log
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player 2.1 --> C:\Program Files\DivX\DivX Player 2.1\uninstall.bat
EasyDivX v0.820 Standard --> C:\EasyDivX\uninstall.exe
Elecard MPEG2 Decoder Package 2.0 --> "C:\Program Files\Elecard MPEG2 Decoder Package 2.0\Uninstall.exe" "C:\Program Files\Elecard MPEG2 Decoder Package 2.0\install.log"
ewido security suite --> C:\Program Files\ewido\security suite\Uninstall.exe
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
Free M4a to MP3 Converter 5.9 --> "C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
gizmo3 --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\gizmo3\ST5UNST.LOG"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guidua (remove only) --> "C:\Program Files\Guidua 0.16\uninstall.exe"
Hex Workshop v5 --> MsiExec.exe /I{4E6258E0-F48C-48D9-BB36-007D6C78EC82}
HijackThis 1.99.1 --> C:\hijackthis\hijackthis\HijackThis.exe /uninstall
hp deskjet 940c series (Remove only) --> C:\Program Files\hp deskjet 940c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=940c -huninstall
HP Photo Imaging Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
Intel® Extreme Graphics Driver Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.1_05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78D082B3-ACEE-11D7-9D64-00010240CE95}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
Macromedia Dreamweaver 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Dreamweaver 3\Uninst.isu"
Macromedia Fireworks 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Fireworks 3\Uninst.isu"
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan --> MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
MediaGateway --> C:\Program Files\MediaGateway\MediaGateway.exe /Remove
Memorex Solid State Digital Audio Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBEC99F0-A1CD-47FD-8967-E2673FE897C2}\setup.exe" -l0x9
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Press Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MP3 Indexer 1.3.0.8 --> C:\Program Files\MP3 Indexer\uninst.exe
mp3 List Maker De Luhe --> MsiExec.exe /X{4001C821-7B7C-413C-B848-29894D9EA883}
MP3Detective --> "C:\Program Files\MP3Detective\uninstall.exe"
MP3Detective --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\MP3Detective\ST5UNST.LOG"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Pop-Up Stopper Free Edition --> C:\PROGRA~1\POPUPS~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\POPUPS~1\POP-UP~1\INSTALL.LOG
Protected Music Converter 1.0.0.9 --> "C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RightFTP 1.0 --> "C:\Program Files\RightFTP\unins000.exe"
Roxio Burn Engine --> MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Samsung USB Driver (MCCI 4.24 WHQL) --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoulSeek 157 test 8 --> "C:\Program Files\Soulseek-Test\uninstall.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.2 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SSH Communications Security\SSH Secure Shell\Uninst.isu"
Trojan Remover 6.3.9 --> "C:\Program Files\Trojan Remover\unins000.exe"
USB Storage Adapter FX (SM1) --> SM1UN.EXE SM1FX_AT
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VX2 Cleaner plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\INSTALL.LOG
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /A C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10328 / Error
Event Submitted/Written: 08/08/2008 02:56:48 PM / 08/08/2008 02:56:50 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe took longer than 35000 ms to complete a request.

The process will be terminated.
Thread id : 2764 (0xacc)

Thread address : 0x120dbcce

Thread message :

Build Nov 7 2001 22:53:54 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rstrui.exe
(@ 24016(34938)
10006(34938)
10003(34672)
10003(27282)
10003(11766)

Event Record #/Type10323 / Error
Event Submitted/Written: 08/08/2008 02:37:58 PM
Event ID/Source: 4505 / McUpdate
Event Description:
AutoUpdate failed. All the connections failed.

Event Record #/Type10319 / Error
Event Submitted/Written: 08/08/2008 01:32:54 PM / 08/08/2008 01:32:56 PM
Event ID/Source: 4510 / McUpdate
Event Description:
Cannot stop the On-Access Scanner. The .DAT Update cannot continue because the old .DAT files cannot be replaced.

Event Record #/Type10318 / Error
Event Submitted/Written: 08/08/2008 01:32:24 PM / 08/08/2008 01:32:25 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe took longer than 35000 ms to complete a request.

The process will be terminated.
Thread id : 700 (0x2bc)

Thread address : 0x120dbcce

Thread message :

Build Nov 7 2001 22:53:54 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\windows\network diagnostic\xpnetdiag.exe
(@ 10003(27109)
10003(2328)
10003(2313)
10003(2313)
10010(2313)

Event Record #/Type10304 / Error
Event Submitted/Written: 08/08/2008 11:30:57 AM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type101532 / Error
Event Submitted/Written: 08/09/2008 08:38:51 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {2692A9D5-61DF-46D5-A5A1-A6CCA921D578} did not register with DCOM within the required timeout.

Event Record #/Type101531 / Warning
Event Submitted/Written: 08/09/2008 05:15:07 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type101503 / Error
Event Submitted/Written: 08/08/2008 03:36:51 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type101494 / Error
Event Submitted/Written: 08/08/2008 03:36:17 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The MySql service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type101492 / Error
Event Submitted/Written: 08/08/2008 03:36:02 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Upload Manager service failed to start due to the following error:
%%1079



-- End of Deckard's System Scanner: finished at 2008-08-10 09:37:27 ------------


Saturday, August 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 23:36:58
Records in database: 1070662


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 95077
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 03:56:17

File name Threat name Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.


Saturday, August 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 23:36:58
Records in database: 1070662


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 152946
Threat name 7
Infected objects 15
Suspicious objects 0
Duration of the scan 04:15:47

File name Threat name Threats count
C:\AimAmp.exe Infected: Flooder.Win32.VB.aq 1

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval.n 3

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval 4

C:\AimAmp.exe Infected: not-a-virus:AdWare.Win32.PowerSearch.b 1

C:\hijackthis\hijackthis\backups\backup-20050214-094724-531.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1

C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.


Sunday, August 10, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 08, 2008 23:36:58
Records in database: 1070662


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Folder
C:\

Scan statistics
Files scanned 153448
Threat name 7
Infected objects 15
Suspicious objects 0
Duration of the scan 04:32:23

File name Threat name Threats count
C:\AimAmp.exe Infected: Flooder.Win32.VB.aq 1

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval.n 3

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval 4

C:\AimAmp.exe Infected: not-a-virus:AdWare.Win32.PowerSearch.b 1

C:\hijackthis\hijackthis\backups\backup-20050214-094724-531.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1

C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:31 PM

Posted 21 August 2008 - 11:56 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 25 August 2008 - 07:18 AM

I still need help with my problem. I will attempt to complete the scans today...they just take some time.

#4 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 26 August 2008 - 05:38 AM

Here ya go....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:23 AM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Daniel Pilgrim\Local Settings\Temp\jkos-Daniel Pilgrim\binaries\ScanningProcess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxvf.exe] C:\WINDOWS\system32\kdxvf.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11111111-2222-3333-4444-555555555555} - https://www.taxsimple.com/citrix/federal.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MySql - Unknown owner - C:/Fireserv/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8384 bytes


Monday, August 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 08:38:45
Records in database: 1143253


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics
Files scanned 95511
Threat name 3
Infected objects 7
Suspicious objects 0
Duration of the scan 04:23:45

File name Threat name Threats count
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\Program Files\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\Program Files\Winamp\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.


-------------------

Monday, August 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 08:38:45
Records in database: 1143253


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 157661
Threat name 9
Infected objects 18
Suspicious objects 0
Duration of the scan 05:04:22

File name Threat name Threats count
C:\AimAmp.exe Infected: Flooder.Win32.VB.aq 1

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval.n 3

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval 4

C:\AimAmp.exe Infected: not-a-virus:AdWare.Win32.PowerSearch.b 1

C:\Deckard\System Scanner\backup\DOCUME~1\DANIEL~1\LOCALS~1\Temp\piniqhni.exe Infected: Trojan.Win32.Buzus.qqc 1

C:\hijackthis\hijackthis\backups\backup-20050214-094724-531.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1

C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\Program Files\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\Program Files\Winamp\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.

--------------------

Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 25, 2008 08:38:45
Records in database: 1143253


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area Folder
C:\

Scan statistics
Files scanned 158464
Threat name 9
Infected objects 18
Suspicious objects 0
Duration of the scan 03:53:42

File name Threat name Threats count
C:\AimAmp.exe Infected: Flooder.Win32.VB.aq 1

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval.n 3

C:\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval 4

C:\AimAmp.exe Infected: not-a-virus:AdWare.Win32.PowerSearch.b 1

C:\Deckard\System Scanner\backup\DOCUME~1\DANIEL~1\LOCALS~1\Temp\piniqhni.exe Infected: Trojan.Win32.Buzus.qqc 1

C:\hijackthis\hijackthis\backups\backup-20050214-094724-531.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1

C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\Program Files\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\Program Files\Winamp\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\WINDOWS\system32\1.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\2.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\3.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\WINDOWS\system32\4.tmp Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

The selected area was scanned.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 26 August 2008 - 05:45 PM

Hello. I'm Extremeboy and I will be helping you with your log.

I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, to track your topic. The topics you are tracking can be found here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Also Please delete your DSS.exe as it has some issues that needs to be sorted out.

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy

Edited by extremeboy, 26 August 2008 - 06:43 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 27 August 2008 - 05:42 AM

on the desktop, there is a file called dss.exe
do you want me to delete that file? or are there more files that need to be deleted along with that one.
thanks.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 27 August 2008 - 09:50 AM

Hi Dp3133 an welcome to Bleepingcomputer!

on the desktop, there is a file called dss.exe
do you want me to delete that file? or are there more files that need to be deleted along with that one.
thanks.

Yes, please delete the file called DSS.exe from your desktop. Yes, there are other files/folders that needed to be deleted as well, but don't worry those will get deleted when you follow the instructions below.

Thanks :thumbsup:

View Point Program
Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:
  • Viewpoint
  • Viewpoint Manager,
  • Viewpoint Media Player.
Removing Programs using Add/Remove

We need to also remove ewido security suite control from Add/Remove because that program is outdated and they are no longer updated, therefore they will not be a great help when removing spywares.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
uninstall the following by clicking on the following entries and selecting "remove":

ewido security suite control

Additional instructions can be found here if needed.

Install an Anti-spyware Program

Please download and install an antispyware program from one of the trusted venders below.If you wish to have a real-time protection like ewido Security suite; spybot,Spywareterminator has real-time protection that you can enable without any fee.

Download and Run Fixwareout

Please download FixWareout from one of these mirrors:
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

Fixing Hijackthis Entrys

Please Run HijackThisagain.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxvf.exe] C:\WINDOWS\system32\kdxvf.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (file missing)

Then close all windows except HijackThis and click Fix Checked.

Download and Run OTMoveIT
  • Please download OTMoveIt2 by OldTimerto your desktop.
  • Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\Program Files\shnamp202.exe
    C:\AimAmp.exe
    C:\Program Files\Winamp\shnamp202.exe
    C:\WINDOWS\system32\1.tmp
    C:\WINDOWS\system32\2.tmp
    C:\WINDOWS\system32\3.tmp
    C:\WINDOWS\system32\4.tmp
    C:\WINDOWS\system32\kdxvf.exe
    C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
    C:\Deckard

  • Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Click the red Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Save Uninstall List with HijackThis
  • Double click the HijackThis icon on your desktop.
  • If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.
  • Click Open the Misc Tools section.
  • Under System tools, select Uninstall Manager....
  • Near the bottom right, click Save list... and save uninstall_list.txt onto your desktop.
  • Close out of HijackThis.
  • Post back with uninstall_list.txt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


For your next reply please provide the following:
  • Fixwareout log(report.txt)
  • OTmoveit log
  • uninstall_list.txt
  • Kasperksy online scan log
  • Fresh Hijackthis log.
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 02 September 2008 - 06:02 AM

I am still here...it has been taking me some time to get this all together..hopefully by today i can finish the last scan. thanks.

#9 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 07 September 2008 - 10:59 AM

Hello,
Here is all my postings except for the online scan. it will be scanned tonight.
I did have some problems with the OTMoveIt Scan.
During the move of some of the files:
File/Folder C:\WINDOWS\system32\1.tmp not found.
File/Folder C:\WINDOWS\system32\2.tmp not found.
File/Folder C:\WINDOWS\system32\3.tmp not found.
File/Folder C:\WINDOWS\system32\4.tmp not found.

my virus scan kept popping up with issues. i dont' think it ever worked correctly. my computer froze up. i rebooted and tried again and those were the results of the scan.

Thanks...
Dan

Fixwareout log(report.txt)
Username "Daniel Pilgrim" - 08/29/2008 21:29:45 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"="C:\\WINDOWS\\SM1BG.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Mp3Detective"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"C:\\WINDOWS\\system32\\kdxvf.exe"="C:\\WINDOWS\\system32\\kdxvf.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\POPUPS~1\\POP-UP~1\\PSFree.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Mp3Detective"=""
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"Nero PhotoShow Media Manager"="C:\\PROGRA~1\\Nero\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

OTmoveit log
File/Folder C:\Program Files\shnamp202.exe not found.
File/Folder C:\AimAmp.exe not found.
File/Folder C:\Program Files\Winamp\shnamp202.exe not found.
File/Folder C:\WINDOWS\system32\1.tmp not found.
File/Folder C:\WINDOWS\system32\2.tmp not found.
File/Folder C:\WINDOWS\system32\3.tmp not found.
File/Folder C:\WINDOWS\system32\4.tmp not found.
File/Folder C:\WINDOWS\system32\kdxvf.exe not found.
File/Folder C:\Program Files\Common Files\Real\Toolbar\RealBar.dll not found.
C:\Deckard\System Scanner moved successfully.
C:\Deckard moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_083826



uninstall_list.txt
56Kbps Internal Modem
ACDSee
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
AnalogX Vocal Remover (WinAmp)
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Avance AC'97 Audio
CCleaner (remove only)
Citrix ICA Web Client
Cool Edit 2000
Corel Applications
Cypress USB Mass Storage Driver Installation
Daniusoft WMA MP3 Converter(Build 1.5.11)
dBpowerAMP Mp4 & AAC Decode Codec
DivX 5.0.2 Bundle
DivX Codec
DivX Player 2.1
EasyDivX v0.820 Standard
Elecard MPEG2 Decoder Package 2.0
FinePixViewer Ver.4.2
Free M4a to MP3 Converter 5.9
FUJIFILM USB Driver
gizmo3
Google Video Player
Guidua (remove only)
Hex Workshop v5
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
hp deskjet 940c series (Remove only)
HP Photo Imaging Software
HP Photo Printing Software
Intel® Extreme Graphics Driver Software
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_05
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java Web Start
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Last.fm 1.4.2.58376
Macromedia Dreamweaver 3
Macromedia Fireworks 3
Macromedia Flash MX 2004
Malwarebytes' Anti-Malware
McAfee VirusScan
MediaGateway
Memorex Solid State Digital Audio Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Press Interactive Training
Microsoft Windows Media Video 9 VCM
MicroStaff WINASPI
MP3 Indexer 1.3.0.8
mp3 List Maker De Luhe
MP3Detective
MP3Detective
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Picasa 2
Pop-Up Stopper Free Edition
Protected Music Converter 1.0.0.9
QuickTime
RAW FILE CONVERTER LE
RealOne Player
RightFTP 1.0
Roxio Burn Engine
Samsung USB Driver (MCCI 4.24 WHQL)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Shockwave
SoulSeek 157 test 8
SoulSeek Client 156c
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
SpywareBlaster v3.2
SSH Secure Shell
Trojan Remover 6.3.9
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
USB Storage Adapter FX (SM1)
VX2 Cleaner plug-in for Ad-Aware SE
WinAce Archiver
Winamp
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar for Internet Explorer


Fresh Hijackthis log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:25 AM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Daniel Pilgrim\Local Settings\Temp\jkos-Daniel Pilgrim\binaries\ScanningProcess.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11111111-2222-3333-4444-555555555555} - https://www.taxsimple.com/citrix/federal.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MySql - Unknown owner - C:/Fireserv/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8198 bytes

#10 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 08 September 2008 - 07:12 AM

And here is the latest online scan...

Monday, September 8, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 08, 2008 00:04:25
Records in database: 1201079


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 155694
Threat name 8
Infected objects 14
Suspicious objects 0
Duration of the scan 04:53:19

File name Threat name Threats count
C:\hijackthis\hijackthis\backups\backup-20050214-094724-531.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1

C:\_OTMoveIt\MovedFiles\08312008_081959\AimAmp.exe Infected: Flooder.Win32.VB.aq 1

C:\_OTMoveIt\MovedFiles\08312008_081959\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval.n 3

C:\_OTMoveIt\MovedFiles\08312008_081959\AimAmp.exe Infected: Trojan-Downloader.Win32.Keenval 4

C:\_OTMoveIt\MovedFiles\08312008_081959\AimAmp.exe Infected: not-a-virus:AdWare.Win32.PowerSearch.b 1

C:\_OTMoveIt\MovedFiles\08312008_081959\Deckard\System Scanner\backup\DOCUME~1\DANIEL~1\LOCALS~1\Temp\piniqhni.exe Infected: Trojan.Win32.Buzus.qqc 1

C:\_OTMoveIt\MovedFiles\08312008_081959\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1

C:\_OTMoveIt\MovedFiles\08312008_081959\Program Files\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

C:\_OTMoveIt\MovedFiles\08312008_081959\Program Files\Winamp\shnamp202.exe Infected: Trojan.Win32.DelAll.ad 1

The selected area was scanned.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 09 September 2008 - 07:12 AM

Hi Dp3133

my virus scan kept popping up with issues. i dont' think it ever worked correctly. my computer froze up. i rebooted and tried again and those were the results of the scan.

I see that you have installed Mcafee's Anti-virus program, that means it was enabled and probably active when you ran OTmoveit2 and fixwareout.
That is why it caused you some trouble.

This time we'll disable them. :thumbsup:

Disable Realtime Protection

Realtime security programs are important because they go protect you from malware. However, they can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.
If you are not sure whcih Real-time protection to disable, they are:
  • Mcafee Anti-Virus
  • Spybot S&D with tea-timer


Fix Hijackthis Entrys

Please Run HijackThis again.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).


O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)


Then close all windows except HijackThis and click Fix Checked.

Removing Programs using Add/Remove

I see that you still have some other older version of Java installed which is unnesccary.
Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a while.
If they exist, uninstall the following programs by clicking on the following entries and selecting "remove":

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_05
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Java 2 Runtime Environment, SE v1.4.2_06
Java Web Start
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1



NOTE: Please remove the ones that I mentioned above only[/b]

Additional instructions can be found here if needed.

Cleanup with OTMoveIt

Lets removed the tools and the files that we moved.
  • Double click OTMoveIt2.exe on your desktop to start the program.
  • Click the big CleanUp! button.
    OTCleanIt needs to download a small file. You may recieve a warning from your firewall or security program saying OTCleanIt trying to access the Internet. Allow it to do so
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
Install a firewall

Please download and install a third-party firewall from the following selection of excellent programs.The main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall stops incoming signals from accessing your computer. However, it will not stop programs from sending outgoing signals to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if it is already disabled then don't worry about it.

If its not do the following steps:
  • Go to Start
  • Then click on Run
  • In the run box type the following: "firewall.cpl"(Without quotes)
  • Under the General tab put the dot on the Off (Not Recommended)
After that is all completed I want to see one last RSIT log.

Provide the following:
  • RSIT log(info.txt and log.txt)<-Run RSIT after you finish everything above.
  • HOW IS YOUR COMPUTER NOW?
Thanks :)

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 09 September 2008 - 08:03 AM

what is RSIT.log?
not sure what one is...let me know please.
Thanks.
Dan

#13 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 09 September 2008 - 09:32 AM

I have done everything you have said...except run RSIT (since i am not sure what that is)...

however, in the meantime, i got a virus alert...
virus name-possiblepup
that was the infected file...C:\System Volume Information\_restore{66F23E54-A1A0-4309-B298-096C8FB5561D}\RP1278\A0067164.exe

let me know
thanks
dp

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 09 September 2008 - 02:25 PM

Hi Dp3133,

Sorry about that,that was my bad I'm helping others right now and sometimes I get confused of what tools what we have already ran.

virus name-possiblepup
that was the infected file...C:\System Volume Information\_restore{66F23E54-A1A0-4309-B298-096C8FB5561D}\RP1278\A0067164.exe

Don't worry about that, that can be easily removed.

Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)
Paste the RSIT logs to me

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 dp3133

dp3133
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 09 September 2008 - 08:36 PM

log.txt

Logfile of random's system information tool (written by random/random)
Run by Daniel Pilgrim at 2008-09-09 21:33:01
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 2 GB (3%) free of 57 GB
Total RAM: 247 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:10 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Daniel Pilgrim\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Daniel Pilgrim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - -{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {11111111-2222-3333-4444-555555555555} - https://www.taxsimple.com/citrix/federal.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: MySql - Unknown owner - C:/Fireserv/mysql/bin/mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8316 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-09-29 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
-{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2006-09-29 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SM1BG"=C:\WINDOWS\SM1BG.EXE [2003-08-27 94208]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-12-07 151597]
"Mp3Detective"= []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-09-09 1655552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"=C:\PROGRA~1\POPUPS~1\POP-UP~1\PSFree.exe [2003-02-06 516096]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Mp3Detective"= []
"RealPlayer"=C:\Program Files\Real\RealPlayer\realplay.exe [2006-06-07 1003520]
"Nero PhotoShow Media Manager"=C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMAmp]
C:\Program Files\The Easy Network\AIM Amp 1.xx\AIMAmp.exe -norun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-09 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbdirect]
C:\PROGRA~1\\scansoft\PAPERP~1\fbdirect.exe [1998-11-17 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2002-03-26 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-10-22 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2002-03-26 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDRealtime]
C:\WINDOWS\realtime.exe [2003-03-15 168448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-02-01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-12-07 151597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe [2005-04-24 281232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\BigFix.exe /atstartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel Pilgrim^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
C:\Fireserv\mysql\bin\WINMYS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Daniel Pilgrim^Start Menu^Programs^Startup^Yahoo! Desktop Search System Tray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~2\YDSSYS~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Daniel Pilgrim\Start Menu\Programs\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-03-26 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\RightFTP\rightftp.exe"="C:\Program Files\RightFTP\rightftp.exe:*:Enabled:rightftp"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\Program Files\Soulseek-Test\slsk.exe"="C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\utorrent.exe"="C:\Program Files\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\aim\aim.exe"="C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"C:\WINDOWS\system32\wjview.exe"="C:\WINDOWS\system32\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\aim\aim.exe"="C:\Program Files\aim\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

File associations

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

List of files/folders created in the last three months

2008-09-09 18:30:27 ----D---- C:\rsit
2008-09-09 09:27:33 ----D---- C:\Documents and Settings\Daniel Pilgrim\Application Data\Comodo
2008-09-09 09:27:23 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-09-09 09:27:23 ----A---- C:\WINDOWS\system32\guard32.dll
2008-09-09 09:27:19 ----D---- C:\Program Files\COMODO
2008-09-09 09:22:49 ----A---- C:\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
2008-08-27 19:15:48 ----A---- C:\Program Files\spybotsd160.exe
2008-08-24 09:09:56 ----D---- C:\Program Files\Trend Micro
2008-08-15 03:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 03:20:07 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 03:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 03:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 03:09:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 03:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-10 09:23:01 ----D---- C:\WINDOWS\ERDNT
2008-08-08 18:01:04 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-08 18:01:04 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-08 18:01:04 ----A---- C:\WINDOWS\system32\java.exe
2008-08-08 13:41:03 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-08 12:01:34 ----D---- C:\Documents and Settings\Daniel Pilgrim\Application Data\Malwarebytes
2008-08-08 11:58:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 11:57:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 11:27:56 ----D---- C:\Program Files\RogueRemover FREE
2008-08-08 10:49:23 ----D---- C:\Program Files\Enigma Software Group
2008-08-08 10:39:41 ----A---- C:\WINDOWS\Sysvxd.exe
2008-07-29 14:45:31 ----D---- C:\Program Files\Picasa2
2008-07-29 14:42:52 ----A---- C:\Program Files\picasaweb-current-setup.exe
2008-07-28 22:23:23 ----D---- C:\WINDOWS\Prefetch
2008-07-28 20:59:17 ----D---- C:\WINDOWS\system32\scripting
2008-07-28 20:58:58 ----D---- C:\WINDOWS\l2schemas
2008-07-28 20:58:55 ----D---- C:\WINDOWS\system32\en
2008-07-28 20:20:14 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-07-28 20:19:48 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-07-28 20:16:43 ----A---- C:\WINDOWS\system32\autochk.exe
2008-07-28 20:16:43 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-07-28 20:16:42 ----A---- C:\WINDOWS\system32\cacls.exe
2008-07-28 20:16:42 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-07-28 20:16:41 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-07-28 20:16:41 ----A---- C:\WINDOWS\system32\cmd.exe
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\ftp.exe
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\format.com
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-07-28 20:16:40 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-07-28 20:16:39 ----A---- C:\WINDOWS\system32\localspl.dll
2008-07-28 20:16:39 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-07-28 20:16:39 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-07-28 20:16:38 ----A---- C:\WINDOWS\system32\locator.exe
2008-07-28 20:16:37 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-07-28 20:16:37 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-07-28 20:16:37 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-07-28 20:16:36 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-07-28 20:16:36 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-07-28 20:16:35 ----N---- C:\WINDOWS\system32\oleaut32.dll
2008-07-28 20:16:35 ----A---- C:\WINDOWS\system32\printui.dll
2008-07-28 20:16:35 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-07-28 20:16:35 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-07-28 20:16:34 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-07-28 20:16:34 ----A---- C:\WINDOWS\system32\rasman.dll
2008-07-28 20:16:34 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-07-28 20:16:34 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-07-28 20:16:34 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\services.exe
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\schannel.dll
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\savedump.exe
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\samlib.dll
2008-07-28 20:16:33 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-07-28 20:16:32 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-07-28 20:16:32 ----A---- C:\WINDOWS\system32\smss.exe
2008-07-28 20:16:32 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-07-28 20:16:31 ----A---- C:\WINDOWS\system32\userinit.exe
2008-07-28 20:16:31 ----A---- C:\WINDOWS\system32\untfs.dll
2008-07-28 20:16:31 ----A---- C:\WINDOWS\system32\ulib.dll
2008-07-28 20:16:31 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-07-28 20:16:31 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-07-28 20:16:30 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-07-28 20:16:29 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-07-28 20:16:13 ----A---- C:\WINDOWS\system32\hal.dll
2008-07-28 20:16:12 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-07-28 20:16:12 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-28 18:16:16 ----A---- C:\WINDOWS\system32\SET1BDA.tmp
2008-07-28 18:16:08 ----N---- C:\WINDOWS\system32\SET28F9.tmp
2008-07-28 18:16:08 ----A---- C:\WINDOWS\system32\SET1BDE.tmp
2008-07-28 18:16:07 ----A---- C:\WINDOWS\system32\SET1BDF.tmp
2008-07-28 18:16:06 ----A---- C:\WINDOWS\system32\SET28FA.tmp
2008-07-28 18:16:04 ----A---- C:\WINDOWS\system32\SET1BE5.tmp
2008-07-28 18:16:04 ----A---- C:\WINDOWS\system32\SET1BE3.tmp
2008-07-28 18:16:04 ----A---- C:\WINDOWS\system32\SET1BE1.tmp
2008-07-28 18:16:03 ----N---- C:\WINDOWS\system32\SET28FE.tmp
2008-07-28 18:16:03 ----N---- C:\WINDOWS\system32\SET28FD.tmp
2008-07-28 18:16:02 ----A---- C:\WINDOWS\system32\SET1BF0.tmp
2008-07-28 18:16:02 ----A---- C:\WINDOWS\system32\SET1BED.tmp
2008-07-28 18:16:02 ----A---- C:\WINDOWS\system32\SET1BEC.tmp
2008-07-28 18:15:53 ----A---- C:\WINDOWS\system32\SET1BF7.tmp
2008-07-28 18:15:53 ----A---- C:\WINDOWS\system32\SET1BF6.tmp
2008-07-28 18:15:53 ----A---- C:\WINDOWS\system32\SET1BF5.tmp
2008-07-28 18:15:52 ----A---- C:\WINDOWS\system32\SET1BF9.tmp
2008-07-28 18:15:51 ----A---- C:\WINDOWS\system32\SET1BFC.tmp
2008-07-28 18:15:51 ----A---- C:\WINDOWS\system32\SET1BFB.tmp
2008-07-28 18:15:51 ----A---- C:\WINDOWS\system32\SET1BFA.tmp
2008-07-28 18:15:50 ----A---- C:\WINDOWS\system32\SET1BFF.tmp
2008-07-28 18:15:50 ----A---- C:\WINDOWS\system32\SET1BFD.tmp
2008-07-28 18:15:49 ----A---- C:\WINDOWS\system32\SET1C01.tmp
2008-07-28 18:15:49 ----A---- C:\WINDOWS\system32\SET1C00.tmp
2008-07-28 18:15:48 ----A---- C:\WINDOWS\system32\SET2902.tmp
2008-07-28 18:15:43 ----A---- C:\WINDOWS\system32\SET1C04.tmp
2008-07-28 18:15:41 ----A---- C:\WINDOWS\system32\SET1C0B.tmp
2008-07-28 18:15:40 ----A---- C:\WINDOWS\system32\SET1C0D.tmp
2008-07-28 18:15:40 ----A---- C:\WINDOWS\system32\SET1C0C.tmp
2008-07-28 18:15:36 ----A---- C:\WINDOWS\system32\SET1C12.tmp
2008-07-28 18:15:36 ----A---- C:\WINDOWS\system32\SET1C10.tmp
2008-07-28 18:15:35 ----A---- C:\WINDOWS\system32\SET1C13.tmp
2008-07-28 18:15:34 ----A---- C:\WINDOWS\system32\SET1C1A.tmp
2008-07-28 18:15:34 ----A---- C:\WINDOWS\system32\SET1C17.tmp
2008-07-28 18:15:32 ----A---- C:\WINDOWS\system32\SET1C1C.tmp
2008-07-28 18:15:31 ----A---- C:\WINDOWS\system32\SET1C20.tmp
2008-07-28 18:15:31 ----A---- C:\WINDOWS\system32\SET1C1E.tmp
2008-07-28 18:15:31 ----A---- C:\WINDOWS\system32\SET1C1D.tmp
2008-07-28 18:15:29 ----A---- C:\WINDOWS\system32\SET1C25.tmp
2008-07-28 18:15:22 ----A---- C:\WINDOWS\system32\SET1C27.tmp
2008-07-28 18:15:22 ----A---- C:\WINDOWS\system32\SET1C26.tmp
2008-07-28 18:15:21 ----A---- C:\WINDOWS\system32\SET1C28.tmp
2008-07-28 18:15:20 ----A---- C:\WINDOWS\system32\SET1C29.tmp
2008-07-28 18:15:18 ----A---- C:\WINDOWS\system32\SET1C2F.tmp
2008-07-28 18:15:17 ----A---- C:\WINDOWS\system32\SET1C34.tmp
2008-07-28 18:15:16 ----A---- C:\WINDOWS\system32\SET1C38.tmp
2008-07-28 18:15:16 ----A---- C:\WINDOWS\system32\SET1C35.tmp
2008-07-28 18:15:14 ----A---- C:\WINDOWS\system32\SET1C3C.tmp
2008-07-28 18:15:14 ----A---- C:\WINDOWS\system32\SET1C3B.tmp
2008-07-28 18:15:08 ----A---- C:\WINDOWS\system32\SET1C44.tmp
2008-07-28 18:15:08 ----A---- C:\WINDOWS\system32\SET1C43.tmp
2008-07-28 18:15:07 ----A---- C:\WINDOWS\system32\SET1C45.tmp
2008-07-28 18:15:06 ----N---- C:\WINDOWS\system32\SET1C4B.tmp
2008-07-28 18:15:06 ----A---- C:\WINDOWS\system32\SET1C4A.tmp
2008-07-28 18:15:06 ----A---- C:\WINDOWS\system32\SET1C47.tmp
2008-07-28 18:15:04 ----A---- C:\WINDOWS\system32\SET1C54.tmp
2008-07-28 18:15:03 ----A---- C:\WINDOWS\system32\SET1C55.tmp
2008-07-28 18:15:02 ----A---- C:\WINDOWS\system32\SET1C58.tmp
2008-07-28 18:15:01 ----A---- C:\WINDOWS\system32\SET1C5A.tmp
2008-07-28 18:15:00 ----A---- C:\WINDOWS\system32\SET1C5C.tmp
2008-07-28 18:15:00 ----A---- C:\WINDOWS\system32\SET1C5B.tmp
2008-07-28 18:14:59 ----A---- C:\WINDOWS\system32\SET1C5D.tmp
2008-07-28 18:14:54 ----A---- C:\WINDOWS\system32\SET1C5F.tmp
2008-07-28 18:14:54 ----A---- C:\WINDOWS\system32\SET1C5E.tmp
2008-07-28 18:14:43 ----A---- C:\WINDOWS\system32\SET1C73.tmp
2008-07-28 18:14:43 ----A---- C:\WINDOWS\system32\SET1C6F.tmp
2008-07-28 18:14:42 ----A---- C:\WINDOWS\system32\SET1C78.tmp
2008-07-28 18:14:42 ----A---- C:\WINDOWS\system32\SET1C76.tmp
2008-07-28 18:14:42 ----A---- C:\WINDOWS\system32\SET1C75.tmp
2008-07-28 18:14:42 ----A---- C:\WINDOWS\system32\SET1C74.tmp
2008-07-28 18:14:38 ----A---- C:\WINDOWS\system32\SET1C79.tmp
2008-07-28 18:14:37 ----A---- C:\WINDOWS\system32\SET1C7A.tmp
2008-07-28 18:14:36 ----A---- C:\WINDOWS\system32\SET1C7D.tmp
2008-07-28 18:14:36 ----A---- C:\WINDOWS\system32\SET1C7B.tmp
2008-07-28 18:14:35 ----A---- C:\WINDOWS\system32\SET1C7E.tmp
2008-07-28 18:14:33 ----A---- C:\WINDOWS\system32\SET1C88.tmp
2008-07-28 18:14:33 ----A---- C:\WINDOWS\system32\SET1C87.tmp
2008-07-28 18:14:33 ----A---- C:\WINDOWS\system32\SET1C83.tmp
2008-07-28 18:14:33 ----A---- C:\WINDOWS\system32\SET1C82.tmp
2008-07-28 18:14:31 ----A---- C:\WINDOWS\system32\SET1C8F.tmp
2008-07-28 18:14:31 ----A---- C:\WINDOWS\system32\SET1C8E.tmp
2008-07-28 18:14:30 ----A---- C:\WINDOWS\system32\SET1C90.tmp
2008-07-28 18:14:28 ----A---- C:\WINDOWS\system32\SET1C98.tmp
2008-07-28 18:14:26 ----A---- C:\WINDOWS\system32\SET1CA0.tmp
2008-07-28 18:14:26 ----A---- C:\WINDOWS\system32\SET1C9F.tmp
2008-07-28 18:14:26 ----A---- C:\WINDOWS\system32\SET1C9E.tmp
2008-07-28 18:14:25 ----A---- C:\WINDOWS\system32\SET1CA1.tmp
2008-07-28 18:14:24 ----A---- C:\WINDOWS\system32\SET1CA9.tmp
2008-07-28 18:14:24 ----A---- C:\WINDOWS\system32\SET1CA3.tmp
2008-07-28 18:14:22 ----A---- C:\WINDOWS\system32\SET1CB5.tmp
2008-07-28 18:14:21 ----A---- C:\WINDOWS\system32\SET1CBA.tmp
2008-07-28 18:14:21 ----A---- C:\WINDOWS\system32\SET1CB9.tmp
2008-07-28 18:14:21 ----A---- C:\WINDOWS\system32\SET1CB7.tmp
2008-07-28 18:14:20 ----A---- C:\WINDOWS\system32\SET1CBB.tmp
2008-07-28 18:14:18 ----A---- C:\WINDOWS\system32\SET1CBD.tmp
2008-07-28 18:14:17 ----A---- C:\WINDOWS\system32\SET1CC0.tmp
2008-07-28 18:14:11 ----A---- C:\WINDOWS\system32\SET1CC6.tmp
2008-07-28 18:14:08 ----A---- C:\WINDOWS\system32\SET1CCB.tmp
2008-07-28 18:14:08 ----A---- C:\WINDOWS\system32\SET1CCA.tmp
2008-07-28 18:14:06 ----A---- C:\WINDOWS\system32\SET1CCE.tmp
2008-07-28 18:14:04 ----A---- C:\WINDOWS\system32\SET1CD0.tmp
2008-07-28 18:14:02 ----A---- C:\WINDOWS\system32\SET1CD3.tmp
2008-07-28 18:13:46 ----A---- C:\WINDOWS\system32\SET1CE2.tmp
2008-07-28 18:13:45 ----A---- C:\WINDOWS\system32\SET1CE4.tmp
2008-07-28 18:13:44 ----A---- C:\WINDOWS\system32\SET1CE5.tmp
2008-07-28 18:13:41 ----A---- C:\WINDOWS\system32\SET1CE6.tmp
2008-07-28 18:13:40 ----A---- C:\WINDOWS\system32\SET1CF1.tmp
2008-07-28 18:13:40 ----A---- C:\WINDOWS\system32\SET1CEE.tmp
2008-07-28 18:13:40 ----A---- C:\WINDOWS\system32\SET1CED.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CFB.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF9.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF8.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF7.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF5.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF4.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF3.tmp
2008-07-28 18:13:39 ----A---- C:\WINDOWS\system32\SET1CF2.tmp
2008-07-28 18:13:38 ----A---- C:\WINDOWS\system32\SET1CFD.tmp
2008-07-28 18:13:38 ----A---- C:\WINDOWS\system32\SET1CFC.tmp
2008-07-28 18:13:36 ----A---- C:\WINDOWS\system32\SET1CFF.tmp
2008-07-28 18:13:28 ----A---- C:\WINDOWS\system32\SET1D02.tmp
2008-07-28 18:13:19 ----A---- C:\WINDOWS\system32\SET1D08.tmp
2008-07-28 18:13:19 ----A---- C:\WINDOWS\system32\SET1D07.tmp
2008-07-28 18:13:12 ----A---- C:\WINDOWS\system32\SET1D09.tmp
2008-07-28 18:13:05 ----A---- C:\WINDOWS\system32\SET1D0B.tmp
2008-07-28 18:13:03 ----A---- C:\WINDOWS\system32\SET1D0D.tmp
2008-07-28 18:13:01 ----A---- C:\WINDOWS\system32\SET1D0E.tmp
2008-07-28 18:13:00 ----A---- C:\WINDOWS\system32\SET1D0F.tmp
2008-07-28 18:12:59 ----A---- C:\WINDOWS\system32\SET1D10.tmp
2008-07-28 18:12:58 ----A---- C:\WINDOWS\system32\SET1D12.tmp
2008-07-28 18:12:57 ----A---- C:\WINDOWS\system32\SET1D15.tmp
2008-07-28 18:12:56 ----A---- C:\WINDOWS\system32\SET1D18.tmp
2008-07-28 18:12:56 ----A---- C:\WINDOWS\system32\SET1D17.tmp
2008-07-28 18:12:55 ----A---- C:\WINDOWS\system32\SET1D1B.tmp
2008-07-28 18:12:54 ----A---- C:\WINDOWS\system32\SET1D1F.tmp
2008-07-28 18:12:54 ----A---- C:\WINDOWS\system32\SET1D1C.tmp
2008-07-28 18:12:53 ----A---- C:\WINDOWS\system32\SET1D23.tmp
2008-07-28 18:12:53 ----A---- C:\WINDOWS\system32\SET1D22.tmp
2008-07-28 18:12:52 ----A---- C:\WINDOWS\system32\SET1D25.tmp
2008-07-28 18:12:50 ----A---- C:\WINDOWS\system32\SET1D2A.tmp
2008-07-28 18:12:48 ----A---- C:\WINDOWS\system32\SET1D2C.tmp
2008-07-28 18:12:46 ----A---- C:\WINDOWS\system32\SET1D2F.tmp
2008-07-28 18:12:43 ----A---- C:\WINDOWS\system32\SET1D35.tmp
2008-07-28 18:12:43 ----A---- C:\WINDOWS\system32\SET1D33.tmp
2008-07-28 18:12:42 ----ASH---- C:\WINDOWS\system32\SET1D36.tmp
2008-07-28 18:12:41 ----A---- C:\WINDOWS\system32\SET1D3A.tmp
2008-07-28 18:12:41 ----A---- C:\WINDOWS\system32\SET1D39.tmp
2008-07-28 18:12:37 ----A---- C:\WINDOWS\system32\SET1D41.tmp
2008-07-28 18:12:37 ----A---- C:\WINDOWS\system32\SET1D40.tmp
2008-07-28 18:12:36 ----A---- C:\WINDOWS\system32\SET1D44.tmp
2008-07-28 18:12:36 ----A---- C:\WINDOWS\system32\SET1D43.tmp
2008-07-28 18:12:19 ----A---- C:\WINDOWS\system32\SET1D48.tmp
2008-07-28 18:12:17 ----A---- C:\WINDOWS\system32\SET1D4A.tmp
2008-07-28 18:12:16 ----A---- C:\WINDOWS\system32\SET1D4C.tmp
2008-07-28 18:12:16 ----A---- C:\WINDOWS\system32\SET1D4B.tmp
2008-07-28 18:12:15 ----A---- C:\WINDOWS\system32\SET1D4F.tmp
2008-07-28 18:12:15 ----A---- C:\WINDOWS\system32\SET1D4E.tmp
2008-07-28 18:12:15 ----A---- C:\WINDOWS\system32\SET1D4D.tmp
2008-07-28 18:12:14 ----A---- C:\WINDOWS\system32\SET1D51.tmp
2008-07-28 18:12:12 ----A---- C:\WINDOWS\system32\SET1D53.tmp
2008-07-28 18:12:05 ----A---- C:\WINDOWS\system32\SET1D56.tmp
2008-07-28 18:12:02 ----A---- C:\WINDOWS\system32\SET1D61.tmp
2008-07-28 18:12:00 ----N---- C:\WINDOWS\system32\SET2932.tmp
2008-07-28 18:11:59 ----A---- C:\WINDOWS\system32\SET1D67.tmp
2008-07-28 18:11:59 ----A---- C:\WINDOWS\system32\SET1D65.tmp
2008-07-28 18:11:59 ----A---- C:\WINDOWS\system32\SET1D64.tmp
2008-07-28 18:11:59 ----A---- C:\WINDOWS\system32\SET1D63.tmp
2008-07-28 18:11:58 ----A---- C:\WINDOWS\system32\SET1D69.tmp
2008-07-28 18:11:54 ----A---- C:\WINDOWS\system32\SET1D6E.tmp
2008-07-28 18:11:53 ----A---- C:\WINDOWS\system32\SET1D71.tmp
2008-07-28 18:11:53 ----A---- C:\WINDOWS\system32\SET1D70.tmp
2008-07-28 18:11:47 ----A---- C:\WINDOWS\system32\SET1D78.tmp
2008-07-28 18:11:42 ----A---- C:\WINDOWS\system32\SET1D83.tmp
2008-07-28 18:11:39 ----A---- C:\WINDOWS\system32\SET1D87.tmp
2008-07-28 18:11:39 ----A---- C:\WINDOWS\system32\SET1D86.tmp
2008-07-28 18:11:34 ----A---- C:\WINDOWS\system32\SET1D8B.tmp
2008-07-28 18:11:30 ----A---- C:\WINDOWS\system32\SET1D93.tmp
2008-07-28 18:11:27 ----A---- C:\WINDOWS\system32\SET1D9A.tmp
2008-07-28 18:11:26 ----A---- C:\WINDOWS\system32\SET1D9C.tmp
2008-07-28 18:10:58 ----A---- C:\WINDOWS\system32\SET1DA2.tmp
2008-07-28 18:10:56 ----A---- C:\WINDOWS\system32\SET1DA5.tmp
2008-07-28 18:10:55 ----A---- C:\WINDOWS\system32\SET1DA7.tmp
2008-07-28 18:10:53 ----A---- C:\WINDOWS\system32\SET1DAA.tmp
2008-07-28 18:10:47 ----A---- C:\WINDOWS\system32\SET1DBA.tmp
2008-07-28 18:10:46 ----A---- C:\WINDOWS\system32\SET1DBE.tmp
2008-07-28 18:10:45 ----A---- C:\WINDOWS\system32\SET1DC2.tmp
2008-07-28 18:10:45 ----A---- C:\WINDOWS\system32\SET1DC0.tmp
2008-07-28 18:10:44 ----A---- C:\WINDOWS\system32\SET1DC8.tmp
2008-07-28 18:10:42 ----A---- C:\WINDOWS\system32\SET1DCC.tmp
2008-07-28 18:10:36 ----A---- C:\WINDOWS\system32\SET1DDA.tmp
2008-07-28 18:10:24 ----A---- C:\WINDOWS\system32\SET1DE0.tmp
2008-07-28 18:10:23 ----A---- C:\WINDOWS\system32\SET1DE3.tmp
2008-07-28 18:10:23 ----A---- C:\WINDOWS\system32\SET1DE2.tmp
2008-07-28 18:10:19 ----A---- C:\WINDOWS\system32\SET1DE9.tmp
2008-07-28 18:10:18 ----A---- C:\WINDOWS\system32\SET1DED.tmp
2008-07-28 18:10:09 ----A---- C:\WINDOWS\005773_.tmp
2008-07-28 18:10:08 ----A---- C:\WINDOWS\system32\SET1DFB.tmp
2008-07-28 18:10:08 ----A---- C:\WINDOWS\SET1EE0.tmp
2008-07-28 18:10:06 ----A---- C:\WINDOWS\system32\SET1DFF.tmp
2008-07-28 18:10:06 ----A---- C:\WINDOWS\system32\SET1DFE.tmp
2008-07-28 18:10:06 ----A---- C:\WINDOWS\system32\SET1DFD.tmp
2008-07-28 18:09:58 ----A---- C:\WINDOWS\system32\SET1E0B.tmp
2008-07-28 18:09:58 ----A---- C:\WINDOWS\system32\SET1E07.tmp
2008-07-28 18:09:56 ----A---- C:\WINDOWS\system32\SET1E10.tmp
2008-07-28 18:09:54 ----A---- C:\WINDOWS\system32\SET1E16.tmp
2008-07-28 18:09:52 ----A---- C:\WINDOWS\system32\SET1E27.tmp
2008-07-28 18:09:52 ----A---- C:\WINDOWS\system32\SET1E26.tmp
2008-07-28 18:09:49 ----A---- C:\WINDOWS\system32\SET1E36.tmp
2008-07-28 18:09:42 ----A---- C:\WINDOWS\system32\SET1E4C.tmp
2008-07-28 18:09:42 ----A---- C:\WINDOWS\system32\SET1E49.tmp
2008-07-28 18:09:42 ----A---- C:\WINDOWS\system32\SET1E48.tmp
2008-07-28 18:09:41 ----A---- C:\WINDOWS\system32\SET1E53.tmp
2008-07-28 18:09:37 ----A---- C:\WINDOWS\system32\SET1E57.tmp
2008-07-28 18:09:29 ----A---- C:\WINDOWS\system32\SET1E5B.tmp
2008-07-28 18:09:29 ----A---- C:\WINDOWS\system32\SET1E5A.tmp
2008-07-28 18:09:28 ----A---- C:\WINDOWS\system32\SET1E5C.tmp
2008-07-28 18:09:27 ----A---- C:\WINDOWS\system32\SET1E5E.tmp
2008-07-28 18:09:26 ----A---- C:\WINDOWS\system32\SET1E65.tmp
2008-07-28 18:09:26 ----A---- C:\WINDOWS\system32\SET1E63.tmp
2008-07-28 18:09:26 ----A---- C:\WINDOWS\system32\SET1E61.tmp
2008-07-28 18:09:26 ----A---- C:\WINDOWS\system32\SET1E60.tmp
2008-07-28 18:09:26 ----A---- C:\WINDOWS\system32\SET1E5F.tmp
2008-07-28 18:09:25 ----A---- C:\WINDOWS\system32\SET1E68.tmp
2008-07-28 18:09:25 ----A---- C:\WINDOWS\system32\SET1E66.tmp
2008-07-28 18:09:22 ----A---- C:\WINDOWS\system32\SET1E6B.tmp
2008-07-28 18:09:21 ----A---- C:\WINDOWS\system32\SET1E6D.tmp
2008-07-28 18:09:18 ----A---- C:\WINDOWS\system32\SET1E72.tmp
2008-07-28 18:09:17 ----A---- C:\WINDOWS\system32\SET1E73.tmp
2008-07-28 18:09:14 ----A---- C:\WINDOWS\system32\SET1E82.tmp
2008-07-28 18:09:14 ----A---- C:\WINDOWS\system32\SET1E7B.tmp
2008-07-28 18:09:13 ----A---- C:\WINDOWS\system32\SET1E84.tmp
2008-07-28 18:09:09 ----A---- C:\WINDOWS\system32\SET1E87.tmp
2008-07-28 18:09:08 ----A---- C:\WINDOWS\system32\SET1E8A.tmp
2008-07-28 18:09:06 ----A---- C:\WINDOWS\system32\SET1E8F.tmp
2008-07-28 18:09:06 ----A---- C:\WINDOWS\system32\SET1E8D.tmp
2008-07-28 18:09:05 ----A---- C:\WINDOWS\system32\SET1E93.tmp
2008-07-28 18:09:02 ----A---- C:\WINDOWS\system32\SET1E97.tmp
2008-07-28 18:09:02 ----A---- C:\WINDOWS\system32\SET1E96.tmp
2008-07-28 18:09:02 ----A---- C:\WINDOWS\system32\SET1E95.tmp
2008-07-28 18:09:01 ----A---- C:\WINDOWS\system32\SET1E9D.tmp
2008-07-28 18:09:01 ----A---- C:\WINDOWS\system32\SET1E9C.tmp
2008-07-28 18:09:01 ----A---- C:\WINDOWS\system32\SET1E9B.tmp
2008-07-28 18:08:59 ----A---- C:\WINDOWS\system32\SET1EA6.tmp
2008-07-28 18:08:59 ----A---- C:\WINDOWS\system32\SET1EA4.tmp
2008-07-28 18:08:59 ----A---- C:\WINDOWS\system32\SET1EA1.tmp
2008-07-28 18:08:59 ----A---- C:\WINDOWS\system32\SET1EA0.tmp
2008-07-28 18:08:42 ----A---- C:\WINDOWS\system32\SET1EAC.tmp
2008-07-28 18:08:41 ----A---- C:\WINDOWS\system32\SET1EAF.tmp
2008-07-28 18:08:41 ----A---- C:\WINDOWS\system32\SET1EAE.tmp
2008-07-28 18:08:37 ----A---- C:\WINDOWS\system32\SET1EB3.tmp
2008-07-28 18:08:36 ----A---- C:\WINDOWS\system32\SET1EB7.tmp
2008-07-28 18:08:36 ----A---- C:\WINDOWS\system32\SET1EB5.tmp
2008-07-28 17:12:41 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-07-10 03:03:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-24 22:42:56 ----D---- C:\Program Files\Daniusoft
2008-06-24 22:39:48 ----D---- C:\Program Files\Free M4a to MP3 Converter
2008-06-24 22:18:39 ----A---- C:\WINDOWS\system32\mfc71u.dll
2008-06-24 22:18:34 ----D---- C:\Program Files\WMA-MP3.com
2008-06-21 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-12 03:07:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-12 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-12 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-12 03:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

List of drivers

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-04-05 88320]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-19 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-19 2560]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-09-09 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-09-09 24208]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\System32\Drivers\SbcpHid.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\System32\drivers\CdaD10BA.SYS []
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-04-05 69472]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-04-09 305100]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-04-05 77277]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2002-11-21 197152]
R3 NaiFiltr;NaiFiltr; \??\C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys []
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2002-04-29 25434]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-11-21 418720]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2002-11-21 39348]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB Root Hub (usbport); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2002-11-21 1807568]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2002-11-21 161976]
S3 pmxscan;Visioneer USB Service; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2002-11-21 84720]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2004-11-07 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2004-11-07 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2004-11-07 137884]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2004-11-07 108003]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 V90drv;v90drv; C:\WINDOWS\System32\DRIVERS\v90drv.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 AvSynMgr;AVSync Manager; C:\Program Files\Network Associates\VirusScan\avsynmgr.exe [2001-11-26 155665]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-09-09 519936]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2004-01-26 2560]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 MySql;MySql; C:/Fireserv/mysql/bin/mysqld-nt.exe []
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2002-11-21 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-03-12 68096]
S3 McShield;McShield; C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe [2001-11-26 225403]

-----------------EOF-----------------



info.txt

info.txt logfile of random's system information tool 2008-09-09 21:34:28

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
56Kbps Internal Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AnalogX Vocal Remover (WinAmp)-->C:\Program Files\Winamp\Plugins\wavremu.exe
AOL Instant Messenger-->C:\Program Files\aim\uninstll.exe -LOG= C:\Program Files\aim\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Citrix ICA Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Cool Edit 2000-->C:\Program Files\Cool2000\ce2Kunin.exe
Corel Applications-->C:\WINDOWS\Corel\Uninstal.exe
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Daniusoft WMA MP3 Converter(Build 1.5.11)-->"C:\Program Files\Daniusoft\WMA MP3 Converter\unins000.exe"
dBpowerAMP Mp4 & AAC Decode Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 & AAC Decode Codec.dat
DivX 5.0.2 Bundle-->C:\WINDOWS\unvise32.exe C:\uninstal.log
DivX Codec-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
DivX Player 2.1-->C:\Program Files\DivX\DivX Player 2.1\uninstall.bat
EasyDivX v0.820 Standard-->C:\EasyDivX\uninstall.exe
Elecard MPEG2 Decoder Package 2.0-->"C:\Program Files\Elecard MPEG2 Decoder Package 2.0\Uninstall.exe" "C:\Program Files\Elecard MPEG2 Decoder Package 2.0\install.log"
FinePixViewer Ver.4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
Free M4a to MP3 Converter 5.9-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
gizmo3-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\gizmo3\ST5UNST.LOG"
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
Guidua (remove only)-->"C:\Program Files\Guidua 0.16\uninstall.exe"
Hex Workshop v5-->MsiExec.exe /I{4E6258E0-F48C-48D9-BB36-007D6C78EC82}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 940c series (Remove only)-->C:\Program Files\hp deskjet 940c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=940c -huninstall
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
Intel® Extreme Graphics Driver Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Last.fm 1.4.2.58376-->"C:\Program Files\Last.fm\unins000.exe"
Macromedia Dreamweaver 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Dreamweaver 3\Uninst.isu"
Macromedia Fireworks 3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Macromedia\Fireworks 3\Uninst.isu"
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan-->MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
MediaGateway-->C:\Program Files\MediaGateway\MediaGateway.exe /Remove
Memorex Solid State Digital Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBEC99F0-A1CD-47FD-8967-E2673FE897C2}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Press Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
MP3 Indexer 1.3.0.8-->C:\Program Files\MP3 Indexer\uninst.exe
mp3 List Maker De Luhe-->MsiExec.exe /X{4001C821-7B7C-413C-B848-29894D9EA883}
MP3Detective-->"C:\Program Files\MP3Detective\uninstall.exe"
MP3Detective-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\MP3Detective\ST5UNST.LOG"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pop-Up Stopper Free Edition-->C:\PROGRA~1\POPUPS~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\POPUPS~1\POP-UP~1\INSTALL.LOG
Protected Music Converter 1.0.0.9-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RightFTP 1.0-->"C:\Program Files\RightFTP\unins000.exe"
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Samsung USB Driver (MCCI 4.24 WHQL)-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{439E56F4-F8CC-4886-B7A4-E8024ED39C6C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoulSeek 157 test 8-->"C:\Program Files\Soulseek-Test\uninstall.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster v3.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SSH Communications Security\SSH Secure Shell\Uninst.isu"
Trojan Remover 6.3.9-->"C:\Program Files\Trojan Remover\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
VX2 Cleaner plug-in for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\INSTALL.LOG
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\YPSR\unwise32.exe /A C:\PROGRA~1\Yahoo!\YPSR\ypsrinst.log
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll
Yahoo! Photos Easy Upload Tool-->C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool-->C:\WINDOWS\unins000.exe
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File

127.0.0.1 localhost

Security center information

FW: COMODO Firewall Pro

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\SSH Communications Security\SSH Secure Shell;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users