Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?


  • This topic is locked This topic is locked
43 replies to this topic

#1 Kelvin in Oregon

Kelvin in Oregon

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 27 November 2008 - 06:31 PM

I'm a first-time poster, so I apologize in advance for any mistakes I make.

Problems started when AVG Free 8.0 found Downloader.Generic3.SZP and Generic12.LHS. I used AVG to remove them.

My AVG scan that night found 18 infections (multiples of several):
SHeur2.CRJ
SHeur2.HK
SHeur.CRBJ
Vundo.AV
Generic12.LHS
IUpd721 (reference to)

AVG cleaned them, but said 2 instaces of Vundo.AV (in lsass.exe and hlJDwTLD.dll) would be fixed on the next reboot. My next reboot failed. Tried to restore to recovery point, but that failed (nothing happened when I clicked on Next to do the restore). Eventually was able to run HijackThis (with a friend's help) and clean up enough things that my reboots now work (at least most of the time). Eventually ran Vundo Fix and VirtumundoBegoneand at that point AVG scans (when they worked) showed no issues.

It appears that there's still leftover issues because of the following:
  • IE (7.0) gets "cannot display the webpage" at many websites, especially those for AntiVirus/AntiSpyware, including AVG, Kaspersky, BleepingComputer (I'm running this on another computer)
  • AVG Update fails with either "Update Manager: control file is missing" or "Connection failed"
  • Running an AVG scan gets Avgwdsvc.exe encountered a problem. Sometimes the scan continues, sometimes it doesn't.
  • I'm still getting some popups, including www.registrydefender.com, Searchme, Scan.scannerantispyware.com and 85.12.43.70
  • Google Results page shows larger font than it used to.
  • Clicking on Google Result link often goes to a completely different page.
  • I've gotten "Windows Explorer has encounted a problem (then shuts down)" a couple of times.
I tried to follow your recommended steps as much as possible. This included:
  • Clearing IE Temporary Files
  • Renamed C:windows\system32\drivers\etc\hosts to hosts.spybot
  • Installed WindowsDefender. Removed prunnet.exe (2), gadcom.exe, and several less-signifcant items. Several of the less-significant items have come back.
  • Validated Firewall was turned on.
  • Installed current JRE (6 Update 10)
Your instructions said to remove my oder JRE, but the names were dissimilar, so I wanted to make sure that was correct before I did. Add/Remove programs shows my old Java as Java 2 Runtime Environment SE 1.3.1. As mentioned above, I installed JRE 6 Update 10. Is that the right update, so I should remove my old 1.3.1 version?

I was then ready to collect the information you requested. Unfortunately, I can't run Kaspersky's Online Scan, because I get IE cannot display the webpage.

I then downloaded RSIT from this computer, copied it to the failing computer and ran it. The first time I got AutoIt Error Line -1: Error: Variable used without being declared.

I tried it again and I got a log.txt, but no info.txt. log.txt has:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Kelvin Romrell at 2008-11-27 14:46:44
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 25 GB (42%) free of 59 GB
Total RAM: 479 MB (26% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{001CB64B-74E4-45A9-B897-9F1D9A2EE901}]
C:\WINDOWS\system32\mlJDwTLD.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-12 2554944]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [2001-12-14 32768]
"WCOLOREAL"=C:\Program Files\COMPAQ\Coloreal\coloreal.exe [2002-02-20 143360]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"IPInSightLAN 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe [2002-03-18 364544]
"IPInSightMonitor 01"=C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe [2002-03-18 102400]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-01 1234712]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Compaq_RBA"=C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-07 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup
Internet Explorer.lnk -
ToDo List.lnk - C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc
Windows Explorer.lnk - C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{73259091-9574-4ED8-A40F-7F65AFC28634}"= []
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJDwTLD

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Netscape\Netscape 6\Netscp.exe"="C:\Program Files\Netscape\Netscape 6\Netscp.exe:*:Enabled:Netscape"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe"="C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Replay AV 8\Tuner.exe"="C:\Program Files\Replay AV 8\Tuner.exe:*:Enabled:Replay Tuner"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion"
"C:\Sierra\Empire Earth\Empire Earth.exe"="C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7653464-9639-11db-9048-0010dc79a17c}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-11-27 14:17:31 ----D---- C:\Program Files\trend micro
2008-11-27 14:17:29 ----D---- C:\rsit
2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\java.exe
2008-11-27 14:04:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-27 14:04:19 ----D---- C:\Program Files\Java
2008-11-27 14:03:57 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun
2008-11-27 10:47:32 ----D---- C:\Program Files\Windows Defender
2008-11-27 00:05:36 ----D---- C:\WINDOWS\pss
2008-11-25 20:51:01 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-25 19:58:00 ----D---- C:\VundoFix Backups
2008-11-25 19:58:00 ----A---- C:\VundoFix.txt
2008-11-25 17:16:32 ----D---- C:\Program Files\HijackThis
2008-11-25 16:54:17 ----D---- C:\Program Files\XoftSpySE
2008-11-25 16:18:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 18:13:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-24 17:20:02 ----SH---- C:\WINDOWS\system32\wigbiwnx.ini
2008-11-23 21:47:03 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\IUpd721
2008-11-23 20:57:06 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini2
2008-11-23 20:57:01 ----ASH---- C:\WINDOWS\system32\YJkRqBeg.ini
2008-11-23 17:21:43 ----SH---- C:\WINDOWS\system32\efaipknj.ini
2008-11-23 17:16:37 ----A---- C:\WINDOWS\system32\a77327a0-.txt
2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini2
2008-11-23 17:15:32 ----ASH---- C:\WINDOWS\system32\DLTwDJlm.ini
2008-11-23 16:46:46 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-11-21 22:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-21 22:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-07 17:02:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-05 18:06:20 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL

======List of files/folders modified in the last 1 months======

2008-11-27 14:27:58 ----AD---- C:\WINDOWS
2008-11-27 14:27:58 ----A---- C:\WINDOWS\.compaq.bak
2008-11-27 14:17:31 ----AD---- C:\Program Files
2008-11-27 14:05:17 ----SHD---- C:\WINDOWS\Installer
2008-11-27 14:04:58 ----D---- C:\WINDOWS\system32
2008-11-27 14:03:39 ----D---- C:\My Temp
2008-11-27 13:24:08 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\U3
2008-11-27 12:28:43 ----SD---- C:\WINDOWS\Tasks
2008-11-27 12:27:33 ----D---- C:\WINDOWS\Temp
2008-11-27 12:27:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 12:26:28 ----A---- C:\WINDOWS\ModemLog_Conexant HSFi V90 V92 56K PCI Modem.txt
2008-11-27 12:23:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 12:15:40 ----D---- C:\Program Files\Replay AV 8
2008-11-27 10:49:04 ----D---- C:\WINDOWS\Prefetch
2008-11-27 10:47:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-27 10:47:32 ----HD---- C:\WINDOWS\inf
2008-11-27 00:33:58 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\Skype
2008-11-26 23:45:59 ----HD---- C:\$AVG8.VAULT$
2008-11-26 22:34:19 ----D---- C:\WINDOWS\Help
2008-11-26 06:39:26 ----D---- C:\WINDOWS\Minidump
2008-11-25 17:37:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-25 17:37:24 ----D---- C:\Program Files\Virtools Web Player 3.5
2008-11-25 17:37:21 ----HD---- C:\Documents and Settings\All Users\Application Data\Move Networks
2008-11-24 18:30:16 ----D---- C:\WINDOWS\system32\drivers
2008-11-24 18:29:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-24 18:17:17 ----D---- C:\Documents and Settings
2008-11-23 17:06:56 ----D---- C:\Temp
2008-11-23 16:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-21 22:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-21 22:21:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-21 22:19:17 ----A---- C:\WINDOWS\imsins.BAK
2008-11-21 22:09:03 ----D---- C:\WINDOWS\WinSxS
2008-11-05 18:09:36 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-05 18:09:30 ----D---- C:\Program Files\PDFCreator
2008-11-05 17:24:42 ----D---- C:\Documents and Settings\Kelvin Romrell\Application Data\PDFcreator
2008-11-04 19:22:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 19:14:23 ----D---- C:\WINDOWS\system32\Macromed
2008-11-04 16:58:50 ----D---- C:\Program Files\Musicnotes
2008-11-04 16:58:42 ----RSD---- C:\WINDOWS\Fonts
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-31 17:26:24 ----D---- C:\Program Files\QUICKENW
2008-10-31 17:26:24 ----A---- C:\WINDOWS\Quicken.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-05-17 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-05-17 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-06-19 237568]
R1 EAWDMFD;EAWDMFD; C:\WINDOWS\system32\drivers\EAWDMFD.sys [1999-10-29 24348]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-06-19 127026]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-06-19 206336]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-07-08 33548]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
R3 eaps2kbd;Compaq Easy Access PS2 Internet Keyboard (Win2K); C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [2001-12-28 24035]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-06-19 29446]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-03-19 96768]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-01-16 415400]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2006-11-28 28224]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2002-01-02 84786]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-06-19 25226]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2002-02-15 50960]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2002-03-21 16112]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2002-03-08 22512]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-12-27 16694]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wandrv;WAN Network Driver; C:\WINDOWS\System32\DRIVERS\wandrv.sys [2001-08-09 22608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-03 611664]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 Compaq_RBA;Compaq Advisor; C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe [2002-05-16 262144]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 StatusAgent4;Epson Printer Status Agent4; C:\WINDOWS\system32\SAgent4.exe [2004-04-29 122880]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S4 msCMTSrvc;Content Monitoring Tool; C:\WINDOWS\system32\msCMTSrvc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2002-03-15 81920]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

Let me know what additional information you need.

BC AdBot (Login to Remove)

 


#2 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 28 November 2008 - 02:42 PM

I don't know if this is considered "bumping", but I have some additional information to add.

I tried to run RSIT again. I still only got a log.txt file. However, I tried a Save As from there and saw that my prior run of RSIT had saved an info.txt log in the rst directory. Its contents are:
info.txt logfile of random's system information tool 1.04 2008-11-27 14:17:41

======Uninstall list======

-->C:\PROGRA~1\VERIZO~1\SUPPOR~1\Uninstall.exe Verizon
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{854A5F01-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{945E2519-C2B9-11D3-9D56-0060B0A4823E}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD47EFC1-D692-11D4-A984-009027EC0A9C}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActiveDolls - Radiant-->G:\Fire and Rifle Pics\Radiant\Uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
ADP / XR8.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E31E722-B317-11D4-A292-006097D8A11D}\setup.exe"
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Calendar Creator 10-->MsiExec.exe /I{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Clear Cache feature for Internet Explorer-->MsiExec.exe /I{4E901875-0F15-44BA-89DE-94AA41A7F507}
Coloreal-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}\setup.exe"
Compaq Advisor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}\Setup.exe" UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Business Applications-->E:\Corel\AppMan\Setup\remove.exe
Diet + Exercise Assistant Desktop-->MsiExec.exe /X{158DC053-8BFA-4991-9B85-7AC5F7CA60A0}
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Documents To Go-->MsiExec.exe /X{BDFE199D-E889-4BB6-BECB-C4BDF5700849}
Easy Access Button Support-->C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EPSON CX 3800 Guide-->C:\Program Files\epson\guide\cx3800_e\uninstall.exe
EPSON PhotoCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}\Setup.exe" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Excel 2000 Quattro Pro 7.0 Converter-->MsiExec.exe /X{011FDFFF-67D5-11D3-8CF4-0050048383FE}
Game Maker 6 Resource Pack 1-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR1.log" "/APPNAME=Game Maker 6 Resource Pack 1"
Game Maker 6 Resource Pack 3-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInst.log" "/APPNAME=Game Maker 6 Resource Pack 3"
Game Maker 6 Resource Pack 4-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Game_Maker6\UnInstR4.log" "/APPNAME=Game Maker 6 Resource Pack 4"
Game Maker 6.1-->C:\Documents and Settings\Camille Romrell\Desktop\Uninstal.exe
Game Maker 7.0-->F:\Game Maker\Uninstal.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HandmarkŪ Magic Dogs™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\Magic Dogs for Palm OS\uninstal.log
HandmarkŪ MobileDB™ for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\MobileDB for Palm OS\uninstal.log
HandmarkŪ PDA Money for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\PDA Money for Palm OS\uninstal.log
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1-->C:\Program Files\HijackThis\HijackThis.exe /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp instant support-->C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.0 - PSC 2000 Series Drivers-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
HP Photo and Imaging 1.0 - PSC 2000 Series-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - PSC 2000 Series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
JumpStart 2nd Grade v1.1-->C:\WINDOWS\IsUninst.exe -fC:\KA\2G\DeIsL1.isu
JumpStart Advanced 2nd Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UNJSA2G.exe
JumpStart Field Trip Adventure-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSFTAdvUn.exe
JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_460007_25c6b7\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Kublox-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {01862C0C-3330-47DB-83D1-9E88D1D8DCE4}
Line Rider-->G:\Line Rider\Uninstall.exe
Math 2-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8032\uninstal.log
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Digital Image Suite 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Learning and Research Plus Support Files-->MsiExec.exe /I{00000000-3976-4267-9F39-1DC4745090B7}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Converter Pack-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\convpack.isu
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
ModemXpert-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CB4FEE2-7F47-11D4-B6AD-00A0CC624550}\setup.exe" AnyText
MSN Internet Software-->C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Mystery Club Detective Academy-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\DetAcademyUn.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape (7.1)-->C:\WINDOWS\NSUninst.exe /ua "7.1b1 (en)"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" ControlPanelAnyText
NetZero-->"C:\Program Files\NetZero\uninst.exe"
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
palmOne-->MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1937.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
Phonics 2-3-->C:\WINDOWS\unvise32.exe C:\Program Files\sz8064\uninstal.log
powerOne Personal v2.1.1 for Handhelds-->C:\PROGRA~1\INFINI~1\POWERO~1\UNWISE.EXE C:\PROGRA~1\INFINI~1\POWERO~1\INSTALL.LOG
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
Quicken WillMaker Plus 2008-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2008\uninstal.log
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Readiris 7.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reflection for UNIX and Digital 8.0.2-->MsiExec.exe /I{2ACB03C1-4D55-11D4-8272-00C04F72E405}
Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstallRAV8.ini"
Replay Converter 2.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\iruninRCV.ini"
RiskII (remove only)-->"C:\Program Files\RiskII\Uninstall.exe"
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9
Search Enhancements (remove only)-->"C:\Program Files\nzsearch\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe"
Verizon High Speed Internet-->"C:\WINDOWS\DSL\unins000.exe"
Verizon Online Control Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00A3-F17B-11D6-88EA-000476CD2443}\iSetup.exe" -l0x9 UNINSTALL
Verizon Online Support Center-->C:\WINDOWS\Motive\Verizon\MCCUninst.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Visual IP InSight(Verizon Online)-->C:\Program Files\InstallShield Installation Information\{25EF00A0-F17B-11D6-88EA-000476CD2443}Verizon Online\setup.exe Verizon Online UNINSTALL
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wal-Mart Music Downloads Store-->MsiExec.exe /I{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885523-->C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Word Munchers Deluxe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Learning Company\WMuncher\DeIsL1.isu"
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Essentials-->C:\Program Files\Yahoo!\Common\unwise.exe C:\progra~1\yahoo!\common\install.log
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\ymmapi.dll
Yahoo! Login-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ylogin.dll
Yahoo! Messenger Explorer Bar-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
Yahoo! Messenger-->C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Ten Pin Championship Bowling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}\Setup.exe" -l0x9 -uninst
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouSendIt Application Plug-in SDK-->C:\Program Files\InstallShield Installation Information\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\setup.exe -runfromtemp -l0x0409
YouSendIt Express-->C:\Program Files\InstallShield Installation Information\{9F611A4B-1307-4F48-A538-BF6361264C4F}\setup.exe -runfromtemp -l0x0409

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c02&lc=0409
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presario.net/scripts/redirect...c02&lc=0409
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.amaena.com (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} (Upgrade Class) - http://qmedia.xlontech.net/100348/qm/lates...ull06061501.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

Hosts File Missing

*** End of info.txt file ***

I've also noticed that if I leave my computer untouched long enough (e.g. over night), it appears to suspend or shutdown. Moving the mouse or touching a key (or pressing Ctl-Alt-Del) does nothing. When I press the power button, sometimes it brings me right back to Login screen. Other times it goes through normal system startup. Many times it hangs (e.g. at a black screen, or “Windows is starting up”). This morning it took me 3 tries before I got to the logon screen.

Thanks in advance for your help!!!

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 03 December 2008 - 04:53 AM

Hi Kelvin in Oregon,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Note: You can download SDFix, extract it, then transfer extracted SDFix folder (C:\SDFix) to the infected computer and put it on the root of C drive (start > My Computer > open c drive and put the SDFix folder there)

    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks

    Note: you can download the installer and transfer it to the infected computer. Put the installer on C drive and run it from there.
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log after running it and removing what it finds, or removing files after reboot.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please download OTViewIt by OldTimer.
    • Save it to your desktop.
    • Double click on the OTViewIt icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Set File age to 60 days.
    • Type in the Custom Scans section: hijackthisbackups
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please copy/paste in your next reply:
  • The log of SDFix.
  • The log of MBAM.
  • The OTViewIt logs.
  • Feedback on how it went and the current condition of your computer.


#4 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 04 December 2008 - 01:08 AM

SDFix Log:

SDFix: Version 1.240
Run by Administrator on Wed 12/03/2008 at 05:26 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\TDSSxehr.dll - Deleted
C:\WINDOWS\system32\TDSSweat.dat - Deleted
C:\WINDOWS\system32\TDSSqrde.log - Deleted


Could Not Remove C:\WINDOWS\system32\TDSSkfkl.dll
Could Not Remove C:\WINDOWS\system32\TDSSurob.dll
Could Not Remove C:\WINDOWS\system32\TDSSoaba.dll
Could Not Remove C:\WINDOWS\system32\TDSSoxum.dll



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 17:43:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Work\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSyncr Manager Application"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"="C:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe:*:Enabled:Netscape"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"="C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Replay AV 8\\Tuner.exe"="C:\\Program Files\\Replay AV 8\\Tuner.exe:*:Enabled:Replay Tuner"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Disabled:Empire Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :

C:\WINDOWS\system32\TDSSkfkl.dll Found
C:\WINDOWS\system32\TDSSurob.dll Found
C:\WINDOWS\system32\TDSSoaba.dll Found
C:\WINDOWS\system32\TDSSoxum.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay AV 8\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay AV 8\cygz.dll"
Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay AV 8\drv13260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay AV 8\drv23260.dll"
Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay AV 8\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay AV 8\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay AV 8\dspr3260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay AV 8\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay AV 8\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay AV 8\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay AV 8\rnco3260.dll"
Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay AV 8\rnlt3260.dll"
Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay AV 8\rv103260.dll"
Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay AV 8\rv203260.dll"
Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay AV 8\rv303260.dll"
Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay AV 8\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay AV 8\tokr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 30 Nov 2008 91,136 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc1.tmp"
Sat 22 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc11.tmp"
Mon 1 Dec 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc12.tmp"
Mon 1 Dec 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc13.tmp"
Mon 1 Dec 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc14.tmp"
Mon 1 Dec 2008 91,136 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc15.tmp"
Sun 30 Nov 2008 91,136 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc16.tmp"
Sun 30 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc17.tmp"
Sat 22 Nov 2008 119,296 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc18.tmp"
Sat 22 Nov 2008 119,808 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc19.tmp"
Sun 30 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc2.tmp"
Sat 22 Nov 2008 119,808 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc20.tmp"
Sat 22 Nov 2008 119,296 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc22.tmp"
Sat 22 Nov 2008 119,296 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc23.tmp"
Sat 22 Nov 2008 119,296 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc24.tmp"
Sun 30 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc3.tmp"
Sat 29 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc4.tmp"
Fri 28 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc5.tmp"
Sun 23 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc6.tmp"
Sat 22 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc7.tmp"
Sat 22 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc8.tmp"
Sat 22 Nov 2008 91,648 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1007\Dc9.tmp"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Thu 9 Aug 2001 64,512 A..H. --- "C:\WINDOWS\system32\PackethSvc.exe"
Tue 2 Dec 2008 119,808 ...H. --- "C:\Documents and Settings\All Users\Documents\~WRL0118.tmp"
Sat 13 Aug 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 1 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 9 Jul 2008 27,136 ...H. --- "C:\Documents and Settings\Camille Romrell\My Documents\Family Letters, Records\~WRL0001.tmp"
Fri 7 Mar 2008 27,648 ...H. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\Support\~WRL0066.tmp"
Fri 7 Mar 2008 28,160 ...H. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\Support\~WRL0625.tmp"
Fri 9 May 2008 30,720 ...H. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\Support\~WRL0748.tmp"
Fri 4 May 2007 1,958,910 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1010\Dc1\ResourcePacks\reousrcepack2.zip"
Fri 4 May 2007 1,233,252 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1010\Dc1\ResourcePacks\resourcepack1.zip"
Sun 24 Jun 2007 1,426,891 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1010\Dc1\ResourcePacks\resourcepack3.zip"
Sun 24 Jun 2007 1,587,982 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1010\Dc1\ResourcePacks\resourcepack4.zip"
Sun 24 Jun 2007 794,405 A..H. --- "C:\RECYCLER\S-1-5-21-869365757-346832259-4021508746-1010\Dc1\ResourcePacks\resourcepack5.zip"
Wed 21 Mar 2007 280,064 ...H. --- "C:\Documents and Settings\Camille Romrell\My Documents\Laura & Eric's Schoolwork\Laura\~WRL0636.tmp"
Thu 22 Mar 2007 279,040 ...H. --- "C:\Documents and Settings\Camille Romrell\My Documents\Laura & Eric's Schoolwork\Laura\~WRL1418.tmp"
Fri 26 Sep 2008 27,648 ...H. --- "C:\Documents and Settings\Camille Romrell\My Documents\RS Work\RS Leadership\~WRL0001.tmp"
Sun 30 Nov 2008 189,440 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL0222.tmp"
Mon 1 Dec 2008 189,952 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL0636.tmp"
Fri 21 Dec 2007 128,512 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL0925.tmp"
Fri 11 Jul 2008 161,792 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL1523.tmp"
Tue 2 Dec 2008 190,976 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL2597.tmp"
Sat 14 Apr 2007 153,600 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL2613.tmp"
Sun 4 Feb 2007 50,688 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL2847.tmp"
Fri 28 Nov 2008 187,392 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL2871.tmp"
Sat 22 Nov 2008 181,248 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL2964.tmp"
Sat 30 Aug 2008 167,936 ...H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL3100.tmp"
Thu 12 Dec 2002 31,232 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL3179.tmp"
Sat 14 Apr 2007 71,680 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL3723.tmp"
Sat 14 Apr 2007 88,064 A..H. --- "C:\Documents and Settings\Kelvin Romrell\Application Data\Microsoft\Word\~WRL4024.tmp"
Sat 13 Aug 2005 4,348 A..H. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\My Music\License Backup\drmv1key.bak"
Fri 27 Jan 2006 20 A..H. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\My Music\License Backup\drmv1lic.bak"
Thu 15 Jul 2004 400 A.SH. --- "C:\Documents and Settings\Kelvin Romrell\My Documents\My Music\License Backup\drmv2key.bak"

Finished!
********** End SDFix Log **********

Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

12/3/2008 6:26:25 PM
mbam-log-2008-12-03 (18-26-25).txt

Scan type: Quick Scan
Objects scanned: 70634
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{73259091-9574-4ed8-a40f-7f65afc28634} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Camille Romrell\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille Romrell\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\TDSSkfkl.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoaba.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoxum.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSurob.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSrvdc.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\TDSS836a.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8be5.tmp (Trojan.TDSS) -> Delete on reboot.
C:\Documents and Settings\Camille Romrell\Local Settings\Temp\winasnet.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille Romrell\Local Settings\Temp\TDSSb196.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille Romrell\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille Romrell\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelvin Romrell\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Camille Romrell\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
********** End of Malwarebytes' Anti-Malware Log **********

OTViewIt Log:
OTViewIt logfile created on: 12/3/2008 9:28:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Kelvin Romrell\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.39 Mb Total Physical Memory | 75.52 Mb Available Physical Memory | 15.75% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.27 Gb Total Space | 24.47 Gb Free Space | 42.74% Space Free | Partition Type: NTFS
Drive D: | 418.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 369.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 483.56 Mb Total Space | 284.67 Mb Free Space | 58.87% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DAD-OFFICE
Current User Name: Kelvin Romrell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2008/07/03 21:10:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/08/28 19:37:27 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2002/05/16 17:30:12 | 00,262,144 | ---- | M] (NeoPlanet) -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
[2008/10/27 13:35:36 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/11/27 14:04:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/07/03 19:07:22 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2004/04/29 10:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2001/12/14 15:01:24 | 00,032,768 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\STARTEAK.exe
[2002/07/24 16:47:04 | 00,090,112 | ---- | M] (Compaq) -- C:\Compaq\eakdrv\EAUSBKBD.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2002/03/18 05:34:42 | 00,364,544 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
[2002/03/18 05:34:42 | 00,102,400 | ---- | M] (Visual Networks) -- C:\Program Files\Verizon Online\Visual IP InSight\ipmon32.exe
[2004/08/03 23:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/12/03 17:38:47 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007/06/07 15:53:19 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2004/06/09 14:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
[2008/08/22 21:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/06/30 13:21:54 | 10,740,744 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
[2001/08/18 07:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
[2002/04/13 21:29:58 | 00,438,272 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe
[2001/03/23 12:34:10 | 00,122,880 | ---- | M] (Compaq Computer Corporation) -- C:\Program Files\COMPAQ\Easy Access Button Support\BttnServ.exe
[1997/05/09 00:00:00 | 04,108,800 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\WP Suite\Programs\WPWIN8.EXE
[1997/05/09 00:00:00 | 00,306,176 | ---- | M] (Corel Corporation Limited) -- C:\Program Files\WP Suite\Programs\PFPPOP80.EXE
[2008/12/03 21:27:23 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelvin Romrell\Desktop\OTViewIt.exe
[2008/05/26 21:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchprotocolhost.exe
[2008/05/26 21:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchfilterhost.exe

========== (O23) Win32 Services ==========

[2008/07/03 21:10:09 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/07/22 19:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/28 19:37:27 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2002/05/16 17:30:12 | 00,262,144 | ---- | M] (NeoPlanet) -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/27 13:35:36 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
[2008/11/27 14:04:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
File not found -- -- (KodakCCS [On_Demand | Stopped])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
File not found -- -- (msCMTSrvc [Disabled | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006/10/22 12:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2002/03/15 12:37:46 | 00,081,920 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Disabled | Stopped])
[2007/01/25 09:31:34 | 00,093,048 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2004/04/29 10:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4 [Auto | Running])
[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Disabled | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2004/10/07 17:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2006/11/28 21:46:24 | 00,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\APLMp50.sys -- (APLMp50 [On_Demand | Stopped])
[2008/08/28 19:37:25 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 19:07:21 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2002/01/02 17:59:16 | 00,084,786 | R--- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2 [On_Demand | Stopped])
[2002/07/08 18:32:42 | 00,084,788 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_BSC2.sys -- (C4C_BSC2 [On_Demand | Running])
[2008/05/17 12:20:43 | 00,066,992 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008/05/17 12:20:42 | 00,024,698 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2002/06/19 01:09:04 | 00,237,568 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2002/06/19 01:14:20 | 00,025,226 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2001/12/28 14:55:46 | 00,024,035 | ---- | M] (Compaq Computer Corp.) -- C:\WINDOWS\system32\drivers\eaps2kbd.sys -- (eaps2kbd [On_Demand | Running])
[1999/10/29 15:35:08 | 00,024,348 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (EAWDMFD [System | Running])
[2002/07/08 18:34:20 | 00,303,171 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_FALL.sys -- (Fallback [Auto | Running])
[2002/07/08 18:35:44 | 00,124,703 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_FSKS.sys -- (Fsks [Auto | Running])
[2001/03/08 02:15:10 | 00,019,677 | R--- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\system32\drivers\gbalink.sys -- (gbalink [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2002/02/15 10:26:22 | 00,050,960 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])
[2002/03/21 09:37:52 | 00,016,112 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2002/03/08 02:49:26 | 00,022,512 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2004/08/03 21:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/03 21:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 21:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 21:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 21:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 21:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 21:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 21:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 21:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 21:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2002/07/08 18:36:04 | 00,428,578 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_K56K.sys -- (K56 [Auto | Running])
[2001/09/17 11:00:16 | 00,017,744 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2002/06/19 01:14:14 | 00,029,446 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Running])
[2004/08/03 21:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2007/01/25 09:31:34 | 00,042,000 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2006/10/22 12:22:00 | 03,994,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2002/03/19 09:08:00 | 00,096,768 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Running])
[2001/12/07 14:26:00 | 00,013,502 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2004/08/03 22:03:35 | 00,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx [Auto | Stopped])
[2001/08/18 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb [Auto | Running])
[2001/08/18 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
[2006/12/27 13:35:26 | 00,016,694 | ---- | M] (PalmSource, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
[2003/09/19 14:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2001/08/18 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2002/06/19 01:14:08 | 00,127,026 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2004/09/23 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2002/07/08 18:32:28 | 00,062,422 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_SAMP.sys -- (Rksample [On_Demand | Running])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2002/01/16 10:43:54 | 00,415,400 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2002/07/08 18:35:10 | 00,212,494 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_FAXX.sys -- (SoftFax [Auto | Running])
[2002/07/08 18:37:48 | 00,033,548 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher [Auto | Running])
[2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2002/07/08 18:34:36 | 00,059,664 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_TONE.sys -- (Tones [Auto | Running])
[2002/06/19 01:07:42 | 00,206,336 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2004/08/03 22:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2004/08/03 22:04:32 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2002/07/08 18:32:16 | 00,542,223 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\C4C_V124.sys -- (V124 [Auto | Running])
[2001/08/09 18:26:02 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv [On_Demand | Stopped])
[2002/07/08 18:37:20 | 00,591,520 | ---- | M] (Conexant Systems) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"CustomSearch"=http://rd.yahoo.com/customize/yessentials_cq/defaults/cs/*http://www.yahoo.com/search/ie.html
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;localhost

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"First Home Page"=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
"Local Page"=C:\WINDOWS\System32\blank.htm
"Search Page"=http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
"Start Page"=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=YAHO

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=about:blank

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;localhost

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{001CB64B-74E4-45A9-B897-9F1D9A2EE901} (HKLM) -- C:\WINDOWS\system32\mlJDwTLD.dll File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" (HKLM) -- C:\Program Files\NetZero\Toolbar.dll ()

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" (HKLM) -- C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F5735C15-1FB2-41FE-BA12-242757E69DDE}" (HKLM) -- C:\Program Files\NetZero\Toolbar.dll ()

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CPQEASYACC"=C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe (Compaq Computer Corporation)
"IPInSightLAN 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l (Visual Networks)
"IPInSightMonitor 01"="C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe" (Visual Networks)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"srmclean"=C:\Cpqs\Scom\srmclean.exe ()
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" ()
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2004/06/09 14:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Media Player.lnk = C:\Program Files\Windows Media Player\wmplayer.exe
[2006/01/05 10:57:00 | 00,114,688 | ---- | M] (SanDisk) -- C:\Documents and Settings\Camille Romrell\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
[2002/06/11 10:32:22 | 00,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Camille Romrell\Start Menu\Programs\Startup\officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
[2007/12/05 17:21:46 | 00,789,504 | ---- | M] (Applian Technologies Inc.) -- C:\Documents and Settings\Camille Romrell\Start Menu\Programs\Startup\Replay AV 8.lnk = C:\Program Files\Replay AV 8\ReplayAV.exe
File not found -- C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup\Internet Explorer.lnk =
[2008/12/03 16:33:05 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup\ToDo List.lnk = C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc
[2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Kelvin Romrell\Start Menu\Programs\Startup\Windows Explorer.lnk = C:\WINDOWS\explorer.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [2008/08/19 08:15:34 | 09,364,480 | R--- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC}: Button: Control Pad -- %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)
{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC}: Menu: Control Pad -- %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> [2001/10/23 02:14:34 | 00,090,112 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} [HKLM] -> %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [Control Pad] -> [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> [2001/12/03 12:02:38 | 00,262,144 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> [2001/10/23 02:14:34 | 00,090,112 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} [HKLM] -> %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [Control Pad] -> [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> [2001/12/03 12:02:38 | 00,262,144 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> [2001/10/23 02:14:34 | 00,090,112 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} [HKLM] -> %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [Control Pad] -> [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> [2001/12/03 12:02:38 | 00,262,144 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKLM] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> [2001/10/23 02:14:34 | 00,090,112 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} [HKLM] -> %ProgramFiles%\Verizon Online\Verizon Online Control Pad\VerizonControlPad.exe [Control Pad] -> [2003/08/14 12:12:00 | 00,151,641 | ---- | M] (Verizon Internet Solutions)
CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> [2001/12/03 12:02:38 | 00,262,144 | ---- | M] (Yahoo! Inc.)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
32 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
adp.com\www.flexdirect: https in My Computer
34 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
102 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
33 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
adp.com\www.flexdirect: https in My Computer
34 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: https://activatemyfios.verizon.net/sdcCommo...IOS/tgctlcm.cab -- Support.com Configuration Class
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnotes.com/download/mnviewer.cab -- Musicnotes Viewer
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shock...director/sw.cab -- Shockwave ActiveX Control
{352797A0-EFD0-4FA6-B229-145120EA4B8A}: https://disneyblast.go.com/v3/setup/activex...wareControl.cab -- Walt Disney Internet Group Hardware Control
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish.com/SnapfishActivia.cab -- Snapfish Activia
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://bl118fd.blu118.hotmail.msn.com/resources/MsnPUpld.cab -- MSN Photo Upload Tool
{62475759-9E84-458E-A1AB-5D2C442ADFDE}: http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1134239353984 -- MUWebControl Class
{74C861A1-D548-4916-BC8A-FDE92EDFF62C}: http://mediaplayer.walmart.com/installer/install.cab -- Reg Error: Key does not exist or could not be opened.
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}: http://a.download.toontown.com/sv1.0.20.19/ttinst.cab -- Toontown Installer ActiveX Control
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}: http://esis6.nwpartnership.org:7777/forms/...iator/jinit.exe -- JInitiator 1.3.1.22
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab -- Shockwave Flash Object
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}: http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe -- Virtools WebPlayer Class
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}: http://download.mcafee.com/molbin/iss-loc/...352/mcfscan.cab -- McFreeScan Class
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{13988718-B284-4184-9FB6-57CE4D6FD92E} (Servers: | Description: 1394 Net Adapter)
{24DFB7C3-01FB-4912-A847-32D548CAB706} (Servers: | Description: NVIDIA nForce MCP Networking Adapter)
{67AC6B64-9DCC-4103-BFE7-F9C5D6CEE326} (Servers: | Description: Westell WireSpeed Dual Connect Modem)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 19:07:22 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\mlJDwTLD,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTORUN.INF [[autorun] | open=support\autorun\autorun.exe | icon=support\w32\2g.exe | shell\help\command=winhelp 2g.hlp | shell\help=&Help | ]
[1997/10/11 02:01:00 | 00,000,123 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]

AUTORUN.INF [[autorun] | OPEN=start.exe | ICON=WDRICON.ico | ]
[2007/05/20 17:10:50 | 00,000,043 | RH-- | M] () -- E:\AUTORUN.INF -- [ CDFS ]

autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=1 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.1.0.2&brand=cruzer | | | [Comment] | brand=cruzer | ]
[2006/05/11 14:13:39 | 00,000,279 | R--- | M] () -- G:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/12/03 21:27:17 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kelvin Romrell\Desktop\OTViewIt.exe
[2008/12/03 19:45:17 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Kelvin Romrell\My Documents\~$Do List.doc
[2008/12/03 19:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelvin Romrell\Application Data\Malwarebytes
[2008/12/03 18:29:03 | 00,000,000 | ---D | C] -- C:\Avenger
[2008/12/03 18:13:24 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 18:13:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 18:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/03 18:13:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/03 17:11:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/12/03 16:59:26 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/12/03 16:33:47 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\SDFix.exe
[2008/11/29 14:27:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/29 14:23:44 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\NTREGOPT.lnk
[2008/11/29 14:23:44 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\ERUNT.lnk
[2008/11/29 14:23:43 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/11/27 14:17:31 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2008/11/27 14:17:29 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/27 14:16:23 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\RSIT.exe
[2008/11/27 14:04:19 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/11/27 14:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelvin Romrell\Application Data\Sun
[2008/11/27 10:50:47 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/11/27 10:47:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2008/11/27 00:05:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/11/25 19:58:00 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/25 17:16:32 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2008/11/25 16:54:17 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2008/11/25 16:18:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2008/11/24 17:20:02 | 01,651,434 | -HS- | C] () -- C:\WINDOWS\System32\wigbiwnx.ini
[2008/11/23 21:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kelvin Romrell\Application Data\IUpd721
[2008/11/23 20:57:06 | 00,000,343 | -HS- | C] () -- C:\WINDOWS\System32\YJkRqBeg.ini2
[2008/11/23 20:57:01 | 00,882,624 | -HS- | C] () -- C:\WINDOWS\System32\YJkRqBeg.ini
[2008/11/23 17:21:43 | 01,641,330 | -HS- | C] () -- C:\WINDOWS\System32\efaipknj.ini
[2008/11/23 17:15:32 | 00,891,799 | -HS- | C] () -- C:\WINDOWS\System32\DLTwDJlm.ini
[2008/11/23 17:15:32 | 00,891,621 | -HS- | C] () -- C:\WINDOWS\System32\DLTwDJlm.ini2
[2008/11/23 16:46:59 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/23 16:46:59 | 00,002,407 | ---- | C] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/07 17:02:18 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/11/05 18:06:48 | 00,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2008/11/05 18:06:20 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL

========== Files - Modified Within 60 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files]
[2008/12/03 21:28:00 | 00,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job
[2008/12/03 21:27:23 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kelvin Romrell\Desktop\OTViewIt.exe
[2008/12/03 21:19:08 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 19:45:17 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Kelvin Romrell\My Documents\~$Do List.doc
[2008/12/03 19:38:31 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/12/03 19:36:58 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/03 19:34:55 | 00,005,068 | ---- | M] () -- C:\WINDOWS\compaq.reg
[2008/12/03 19:34:13 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/03 19:33:06 | 00,005,009 | ---- | M] () -- C:\WINDOWS\.compaq.bak
[2008/12/03 19:32:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/03 19:32:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/03 18:23:57 | 00,118,784 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Library Info.doc
[2008/12/03 17:40:00 | 30,533,510 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/03 17:40:00 | 00,077,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/03 17:29:19 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/12/03 16:33:05 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\My Documents\ToDo List.doc
[2008/12/03 16:31:58 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\SDFix.exe
[2008/11/29 14:23:44 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\NTREGOPT.lnk
[2008/11/29 14:23:44 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\ERUNT.lnk
[2008/11/27 14:14:06 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\Desktop\RSIT.exe
[2008/11/26 00:31:25 | 00,891,799 | -HS- | M] () -- C:\WINDOWS\System32\DLTwDJlm.ini
[2008/11/26 00:30:45 | 00,891,621 | -HS- | M] () -- C:\WINDOWS\System32\DLTwDJlm.ini2
[2008/11/25 21:30:59 | 00,042,078 | ---- | M] () -- C:\WINDOWS\PFP80JPR.{PB
[2008/11/25 21:30:59 | 00,008,438 | ---- | M] () -- C:\WINDOWS\PFP80JCM.{PB
[2008/11/24 17:22:19 | 01,651,434 | -HS- | M] () -- C:\WINDOWS\System32\wigbiwnx.ini
[2008/11/23 23:14:08 | 01,641,330 | -HS- | M] () -- C:\WINDOWS\System32\efaipknj.ini
[2008/11/23 21:00:51 | 00,882,624 | -HS- | M] () -- C:\WINDOWS\System32\YJkRqBeg.ini
[2008/11/23 20:57:06 | 00,000,343 | -HS- | M] () -- C:\WINDOWS\System32\YJkRqBeg.ini2
[2008/11/23 16:46:59 | 00,115,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2008/11/23 16:46:59 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\MSINET.oca
[2008/11/23 16:46:59 | 00,002,407 | ---- | M] () -- C:\WINDOWS\System32\MSINET.DEP
[2008/11/21 22:19:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/11/19 13:34:44 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Kelvin Romrell\My Documents\Medical Tests.xls
[2008/11/05 18:02:11 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/11/04 19:22:55 | 00,464,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/04 19:22:55 | 00,079,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/04 19:22:52 | 00,554,002 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/31 17:26:24 | 00,000,166 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2008/10/24 21:17:49 | 00,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/24 03:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 03:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/10/15 08:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 08:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

========== Custom Scans ==========


========== HijackThis Backups ==========

C:\Program Files\HijackThis\backups\backup-20081125-173616-252
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_...//www.yahoo.com

C:\Program Files\HijackThis\backups\backup-20081125-173616-795
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html

C:\Program Files\HijackThis\backups\backup-20081125-173616-889
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirect...c02&lc=0409

C:\Program Files\HijackThis\backups\backup-20081125-173617-162
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

C:\Program Files\HijackThis\backups\backup-20081125-173617-209
O4 - HKLM\..\Run: [CARPService] carpserv.exe

C:\Program Files\HijackThis\backups\backup-20081125-173617-404
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"

C:\Program Files\HijackThis\backups\backup-20081125-173617-472
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

C:\Program Files\HijackThis\backups\backup-20081125-173617-616
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

C:\Program Files\HijackThis\backups\backup-20081125-173617-717
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll

C:\Program Files\HijackThis\backups\backup-20081125-173617-724
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://store.presario.net/scripts/redirect...c02&lc=0409

C:\Program Files\HijackThis\backups\backup-20081125-173617-732
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

C:\Program Files\HijackThis\backups\backup-20081125-173617-856
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_.../search/ie.html

C:\Program Files\HijackThis\backups\backup-20081125-173619-613
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

C:\Program Files\HijackThis\backups\backup-20081125-173619-909
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll

C:\Program Files\HijackThis\backups\backup-20081125-173620-549
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

C:\Program Files\HijackThis\backups\backup-20081125-173620-684
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

C:\Program Files\HijackThis\backups\backup-20081125-173621-265
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

C:\Program Files\HijackThis\backups\backup-20081125-173621-592
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

C:\Program Files\HijackThis\backups\backup-20081125-173622-676
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

C:\Program Files\HijackThis\backups\backup-20081125-173623-237
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\backups\backup-20081125-173623-700
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HijackThis\backups\backup-20081125-173624-341
O15 - Trusted Zone: *.avsystemcare.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-379
O15 - Trusted Zone: *.safetydownload.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-454
O15 - Trusted Zone: *.onerateld.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-603
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-604
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-868
O15 - Trusted Zone: *.amaena.com (HKLM)

C:\Program Files\HijackThis\backups\backup-20081125-173624-887
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab

C:\Program Files\HijackThis\backups\backup-20081125-173624-887.osd
<?XML version="1.0"?>
<!DOCTYPE SOFTPKG SYSTEM "http://www.microsoft.com/standards/osd/osd.dtd">
<?XML::namespace href="http://www.microsoft.com/standards/osd/msicd.dtd" as="MSICD"?>
<SOFTPKG NAME="Yahoo! Pool 2" VERSION="0,0,0,1816">
<!-- created by DUBuild version 5.00.3229 -->
<TITLE>Yahoo! Pool 2</TITLE>
<MSICD::JAVA>
<NAMESPACE>yahoogamespo2</NAMESPACE>
<PACKAGE NAME="com.sun.jimi.core.decoder.builtin" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
<PACKAGE NAME="com.sun.jimi.core.decoder.gif" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
<PACKAGE NAME="com.sun.jimi.core.encoder.jpg" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
<PACKAGE NAME="com.yahoo.games.client.common.remotetable" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
<PACKAGE NAME="com.yahoo.games.client.pool" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
<PACKAGE NAME="y" VERSION="0,0,0,1816">
<IMPLEMENTATION/>
</PACKAGE>
</MSICD::JAVA>
</SOFTPKG>

C:\Program Files\HijackThis\backups\backup-20081125-173625-935
O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} (Upgrade Class) - http://qmedia.xlontech.net/100348/qm/lates...ull06061501.cab

C:\Program Files\HijackThis\backups\backup-20081125-173625-935.dll
MZ

C:\Program Files\HijackThis\backups\backup-20081125-173625-935.inf
[Setup Hooks]
hook1=hook1
[hook1]
run=%EXTRACT_DIR%\install.bat /Q
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.0


C:\Program Files\HijackThis\backups\backup-20081125-173626-666
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

C:\Program Files\HijackThis\backups\backup-20081125-173626-666.dll
MZ

C:\Program Files\HijackThis\backups\backup-20081125-173628-927
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://www.rockyou.com/RockYouImageUploader.cab

C:\Program Files\HijackThis\backups\backup-20081125-173628-927.dll
MZ

C:\Program Files\HijackThis\backups\backup-20081125-173628-927.inf
[version]
signature="$CHICAGO$"
AdvancedINF=2.0
[Add.Code]
RockYouImageUploader.ocx=ImageUploader4.ocx
unicows.dll=unicows.dll
[RockYouImageUploader.ocx]
file-win32-x86=thiscab
clsid={D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F}
FileVersion=4,5,38,0
RegisterServer=yes
[unicows.dll]
file-win32-x86=thiscab
FileVersion=1,0,4018,0
DestDir=11

C:\Program Files\HijackThis\backups\backup-20081125-173631-900
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]
@="WPDShServiceObj Class"
[HKEY_CLASSES_ROOT\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\WPDShServiceObj.dll"
"ThreadingModel"="Both"

C:\Program Files\HijackThis\backups\backup-20081125-173632-116
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\HijackThis\backups\backup-20081125-173632-256
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\HijackThis\backups\backup-20081125-173632-311
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HijackThis\backups\backup-20081125-173632-319
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

C:\Program Files\HijackThis\backups\backup-20081125-173632-428
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

C:\Program Files\HijackThis\backups\backup-20081125-173632-671
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)

C:\Program Files\HijackThis\backups\backup-20081125-173632-822
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

======= End HijackThis Backups =========

< End of report >
********** End of OTViewIt Log **********

OTViewIt Extras Log:
OTViewIt Extras logfile created on: 12/3/2008 9:28:17 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Kelvin Romrell\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.39 Mb Total Physical Memory | 75.52 Mb Available Physical Memory | 15.75% Memory free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 57.27 Gb Total Space | 24.47 Gb Free Space | 42.74% Space Free | Partition Type: NTFS
Drive D: | 418.05 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 369.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 483.56 Mb Total Space | 284.67 Mb Free Space | 58.87% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DAD-OFFICE
Current User Name: Kelvin Romrell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/03 23:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/03 23:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/06/09 14:16:08 | 00,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSyncŪ Manager Application
[2004/08/03 23:56:49 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console
[2004/08/03 23:56:48 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2003/06/24 12:09:00 | 00,568,096 | ---- | M] (Mozilla, Netscape) -- C:\Program Files\Netscape\Netscape 6\Netscp.exe:*:Enabled:Netscape
[2004/08/03 23:56:48 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2004/08/03 23:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
[2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater
[2005/11/01 02:57:40 | 00,176,128 | ---- | M] () -- C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
[2004/09/18 22:44:24 | 00,204,845 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealPlayer
[2003/08/26 09:26:54 | 11,045,889 | ---- | M] (Skyworks Technologies, Inc.) -- C:\Program Files\Yahoo! Games\Yahoo! Ten Pin Championship Bowling\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling
[2006/10/10 04:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/11/06 02:34:13 | 00,335,872 | ---- | M] () -- C:\Program Files\Replay AV 8\Tuner.exe:*:Enabled:Replay Tuner
[2008/08/28 19:34:35 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/10/13 17:20:08 | 20,058,152 | ---- | M] () -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
File not found -- C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Disabled:Age of Empires II
File not found -- C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Disabled:Age of Empires II Expansion
[2001/10/12 19:36:42 | 04,102,275 | ---- | M] () -- C:\Sierra\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -- C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 06:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 19:07:28 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 06:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2004/01/29 06:08:23 | 01,130,496 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/24 14:22:56 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}"=Microsoft Learning and Research Plus Support Files
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}"=PDFCreator
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}"=Notifier
"{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"{011FDFFF-67D5-11D3-8CF4-0050048383FE}"=Excel 2000 Quattro Pro 7.0 Converter
"{01862C0C-3330-47DB-83D1-9E88D1D8DCE4}"=Kublox
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}"=ESSPCD
"{158DC053-8BFA-4991-9B85-7AC5F7CA60A0}"=Diet + Exercise Assistant Desktop
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}"=Wal-Mart Music Downloads Store
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}"=Empire Earth
"{25EF00A0-F17B-11D6-88EA-000476CD2443}(Verizon Online)"=Visual IP InSight(Verizon Online)
"{25EF00A3-F17B-11D6-88EA-000476CD2443}"=Verizon Online Control Pad
"{2ACB03C1-4D55-11D4-8272-00C04F72E405}"=Reflection for UNIX and Digital 8.0.2
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}"=essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}"=Microsoft Picture It! Express 7.0
"{38441BE7-79B0-42B8-8297-833704F949FE}"=HLPIndex
"{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}"=YouSendIt Application Plug-in SDK
"{3B0F52AC-EF5C-4831-B221-06C782E41280}"=Quicken 2008
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}"=OTtBPSDK
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}"=Microsoft Digital Image Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{42756145-9997-4D28-809B-8756BFD00109}"=Microsoft Digital Image Pro 10
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}"=ESSvpot
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support
"{4E31E722-B317-11D4-A292-006097D8A11D}"=ADP / XR8.01
"{4E901875-0F15-44BA-89DE-94AA41A7F507}"=Clear Cache feature for Internet Explorer
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}"=ESSSONIC
"{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}"=SanDisk TransferMate
"{605A4E39-613C-4A12-B56F-DEFBE6757237}"=SHASTA
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{643EAE81-920C-4931-9F0B-4B343B225CA6}"=ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6c651250-2eb2-11d5-8e33-0050dad72ac2}"=NetZero
"{6DE14135-AC19-459A-8A1F-C2AA0AD2D9F7}"=Yahoo! Ten Pin Championship Bowling
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}"=HP Photo and Imaging 1.0 - PSC 2000 Series
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}"=DING!
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}"=ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}"=ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}"=ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}"=HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}"=ESSini
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Small Business
"{91517631-A9F3-4B7C-B482-43E0068FD55A}"=ESSgui
"{93539D60-1817-11D1-9504-00805F26A89C}"=Easy Access Button Support
"{999D43F4-9709-4887-9B1A-83EBB15A8370}"=VPRINTOL
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}"=Readiris 7.5
"{9CB4FEE2-7F47-11D4-B6AD-00A0CC624550}"=ModemXpert
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}"=ESScore
"{9F611A4B-1307-4F48-A538-BF6361264C4F}"=YouSendIt Express
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}"=ESSvpaht
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}"=ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}"=OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}"=CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}"=KSU
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}"=Coloreal
"{BDFE199D-E889-4BB6-BECB-C4BDF5700849}"=Documents To Go
"{C1939820-A945-11D4-86F6-0001031E5712}"=InterVideo WinDVD
"{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}"=Compaq Advisor
"{C8CE30F9-CBD0-43B1-BFD3-B18F55A48827}"=Calendar Creator 10
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}"=Oracle JInitiator 1.3.1.22
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}"=essvcpt
"{D21553E9-2EC5-4E8C-AB71-07AC07D50BBC}"=EPSON PhotoCenter
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}"=Kodak EasyShare software
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}"=ArcSoft PhotoImpression 5
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}"=SFR
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}"=AnswerWorks 5.0 English Runtime
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}"=HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}"=SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}"=OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}"=WIRELESS
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}"=HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}"=SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}"=ESSEMAIL
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}"=palmOne
"2G_1.1"=JumpStart 2nd Grade v1.1
"Adobe Atmosphere Player"=Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"AVG8Uninstall"=AVG Free 8.0
"Corel Remove Program"=Corel Business Applications
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Scanner"=EPSON Scan
"ERUNT_is1"=ERUNT 1.1j
"Game Maker 6 Resource Pack 1"=Game Maker 6 Resource Pack 1
"Game Maker 6 Resource Pack 3"=Game Maker 6 Resource Pack 3
"Game Maker 6 Resource Pack 4"=Game Maker 6 Resource Pack 4
"Game Maker 6.1"=Game Maker 6.1
"Game Maker 7.0"=Game Maker 7.0
"Google Updater"=Google Updater
"HandmarkŪ Magic Dogs™ for Palm OS"=HandmarkŪ Magic Dogs™ for Palm OS
"HandmarkŪ MobileDB™ for Palm OS"=HandmarkŪ MobileDB™ for Palm OS
"HandmarkŪ PDA Money for Palm OS"=HandmarkŪ PDA Money for Palm OS
"HijackThis"=HijackThis 1.99.1
"hp instant support"=hp instant support
"hp psc 2200 series_Driver"=hp psc 2200 series
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}"=SlingPlayer
"InstallShield_{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}"=YouSendIt Application Plug-in SDK
"InstallShield_{9F611A4B-1307-4F48-A538-BF6361264C4F}"=YouSendIt Express
"JRE 1.3.1"=Java 2 Runtime Environment Standard Edition v1.3.1
"JumpStart Advanced 2nd Grade"=JumpStart Advanced 2nd Grade
"JumpStart Field Trip Adventure"=JumpStart Field Trip Adventure
"JumpStart World Presents Pet Playground"=JumpStart World Presents Pet Playground
"Line Rider"=Line Rider
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Math 2"=Math 2
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Office Converter Pack"=Microsoft Office Converter Pack
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSNMS"=MSN Internet Software
"Musicnotes Player_is1"=Musicnotes Player V1.23.1
"Mystery Club Detective Academy"=Mystery Club Detective Academy
"Netscape (7.1)"=Netscape (7.1)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Phonics 2-3"=Phonics 2-3
"PictureItSuite_v10"=Microsoft Digital Image Suite 10
"Pineapple Works - Radiant"=ActiveDolls - Radiant
"powerOne Personal v2.1.1 for Handhelds"=powerOne Personal v2.1.1 for Handhelds
"prunnet"=Advertisement Service
"PSC 2000 Series"=HP Photo and Imaging 1.0 - PSC 2000 Series
"Quicken WillMaker Plus 2008"=Quicken WillMaker Plus 2008
"RealPlayer 6.0"=RealPlayer
"Replay_AV_807"=Replay AV 8
"Replay_Converter_1"=Replay Converter 2.8
"RiskII"=RiskII (remove only)
"Search Enhancements"=Search Enhancements (remove only)
"Shockwave"=Shockwave
"Silent Package Run-Time Sample"=EPSON CX 3800 Guide
"Skype_is1"=Skype 2.5
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Tweak-XP Pro 4"=Tweak-XP Pro 4
"Verizon FiOS Activation_is1"=Verizon FiOS Activation
"Verizon High Speed Internet_is1"=Verizon High Speed Internet
"Verizon.MCCInstall"=Verizon Online Support Center
"Viewpoint Manager"=Viewpoint Manager (Remove Only)
"WebPost"=Microsoft Web Publishing Wizard 1.52
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinPcapInst"=WinPcap 4.0
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Word Munchers Deluxe"=Word Munchers Deluxe
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XoftSpySE"=XoftSpySE
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar
"Yahoo! Essentials"=Yahoo! Essentials
"Yahoo! Login"=Yahoo! Login
"Yahoo! Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger
"Yahoo! Messenger Explorer Bar"=Yahoo! Messenger Explorer Bar
"Yahoo! Toolbar"=Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS"=Adobe Reader for Palm OS, 3.05

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-869365757-346832259-4021508746-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS"=Adobe Reader for Palm OS, 3.05

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/3/2008 4:41:13 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:41:39 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:44:25 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:45:22 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:47:08 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:47:40 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:48:52 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:53:11 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:53:43 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:57:52 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

[ Application Events ]
Error - 12/3/2008 4:41:13 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:41:39 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:44:25 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:45:22 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:47:08 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:47:40 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:48:52 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:53:11 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x0002e223.

Error - 12/3/2008 4:53:43 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

Error - 12/3/2008 4:57:52 PM | Computer Name = DAD-OFFICE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module avgtoo~1.dll, version 5.0.2.400, fault address 0x00010ff0.

[ System Events ]
Error - 12/3/2008 9:04:41 PM | Computer Name = DAD-OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 12/3/2008 9:04:48 PM | Computer Name = DAD-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/3/2008 9:05:09 PM | Computer Name = DAD-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/3/2008 9:09:53 PM | Computer Name = DAD-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/3/2008 9:10:10 PM | Computer Name = DAD-OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/3/2008 9:35:54 PM | Computer Name = DAD-OFFICE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/3/2008 9:36:51 PM | Computer Name = DAD-OFFICE | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 12/3/2008 9:36:51 PM | Computer Name = DAD-OFFICE | Source = Service Control Manager | ID = 7001
Description = The SAP Agent service depends on the NWLink IPX/SPX/NetBIOS Compatible
Transport Protocol service which failed to start because of the following error:
%%87

Error - 12/3/2008 11:34:10 PM | Computer Name = DAD-OFFICE | Source = Service Control Manager | ID = 7000
Description = The NWLink IPX/SPX/NetBIOS Compatible Transport Protocol service failed
to start due to the following error: %%87

Error - 12/3/2008 11:34:10 PM | Computer Name = DAD-OFFICE | Source = Service Control Manager | ID = 7001
Description = The SAP Agent service depends on the NWLink IPX/SPX/NetBIOS Compatible
Transport Protocol service which failed to start because of the following error:
%%87


< End of report >
********** End of OTViewIt Extras Log **********

My comments:
Thanks so much for your help!!!!!!!!!!
I tried to run SDFix.exe on the infected computer, but nothing happened. I ran it on my good computer and then moved the SDFix directory over. I was able to boot in Safe Mode and run "RunThis".
I had tried to install MBAM once before and it failed. This time when I tried, it worked (presumably because of the SDFixes).
Once I finished OTViewIt, I tried everything I could think of that was failing before, and it seems to be working now. The last few nights it has been locking up every night, then I would have to power-cycle 2-3 times before it would reboot. I'll need to check for the next few days to make sure that is OK. I'll also want to validate that I don't get any fake AntiVirus popups.

I do have a few leftover questions:
1. I saw references to not running multiple AntiVirus programs at the same time. Is Windows Defender considered an AntiVirus program? I have AVG Free running its Resident Shield, along with a nightly scan. I didn't have Windows Defender before, but I installed it as part of this exercise. Should I leave it running?
2. Beside AVG Free, I run AdAware weekly to remove Spyware, etc. What else should I be doing to make sure this doesn't happen again?
3. I've got a lot of leftover AntiVirus programs on my desktop. Should I leave them there, delete them, or move them somewhere else?

Let me know what else I need to do. I'll post back in a day or two to validate that I'm not locking and that I don't get any popups.

Thanks again for all of your help!!!!!!

Kelvin

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 04 December 2008 - 02:02 PM

Hi Kelvin,

First you are welcome.

But the job is not done. How about calling it a day when I give you the clean sign?

I'll answer all your questions but lets proceed with disinfection.
  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Click Start > Programs > Windows Defender or launch from the system tray icon.
    • Click on Tools, General Settings.
    • Scroll down and uncheck Turn on real-time protection (recommended).
    • After you uncheck this, click on the Save button and close Windows Defender.
    • Go to Start > Control Panel > Security Center > Windows Defender, at the bottom of the Window Defender's page, under Administrator Options uncheck "use Windows Defender" and then Save.
    • Exit the program.
    Note:Please keep Windows Defender disabled as long as we are not done. When everything is done and your log is clean again, you can enable it again.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


#6 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 04 December 2008 - 11:14 PM

Farbar,

My apologies. I guess I got so excited about having a working computer again that I got carried away.

FYI, my Windows Defender prompts were a little different that you described. I am running V1.1.1593.0, if that makes any difference. I found (and unchecked) "Use real-time protection (recommended)" under Tools> Options.

I then tried to make the Windows Defender changes you suggested under the Control Panel, but was not able to do so. I went to Start> Control Panel> Security Center. This screen has Resources on the left, and Security essentials on the right. Under Security essentials are: Firewall, Automatic Updates and Virus Protection. Under that is "Manager security settings for:", followed by Internet Options, Windows Firewall and Automatic Updates. I couldn't find any reference to Windows Defender. I looked for Administrator Options, but couldn't find that either.

Please let me know what I need to do next.

Thanks again!

Kelvin

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 05 December 2008 - 04:41 AM

My bad. This is the right one:
  • Open Windows Defender.
  • Click on Tools, Options.
  • Scroll down the list of options to select "Real-time Protection Options."
  • Uncheck "Use Real-Time Protection (Recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

#8 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 05 December 2008 - 10:50 AM

OK, that part I was able to figure out before. Your prior steps also referenced turning off something under Control Panel. I just want to make sure that there's nothing else I need to do. I'm at work now. If I don't hear back anything by the time I get home (about 9 hours from now), then I will continue on with the next step (ComboFix).

Thanks again!

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 05 December 2008 - 11:33 AM

Thanks for asking I apriciate it.

The lost part is for Window Vista, my mistake I didn't mention or remove that you don't need it. Please proceed.

#10 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 06 December 2008 - 01:04 AM

Here is the CombFix log. My computer did reboot, so I presume that means that it found some things that it cleaned up.

ComboFix 08-12-05.02 - Kelvin Romrell 2008-12-05 21:34:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.76 [GMT -8:00]
Running from: c:\documents and settings\Kelvin Romrell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Camille Romrell\Application Data\IUpd721
c:\documents and settings\Camille Romrell\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Camille Romrell\Local Settings\Temporary Internet Files\Tvm.log
c:\documents and settings\Kelvin Romrell\Application Data\IUpd721
c:\documents and settings\Kelvin Romrell\Application Data\IUpd721\Logs\scns.log
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\DLTwDJlm.ini
c:\windows\system32\DLTwDJlm.ini2
c:\windows\system32\YJkRqBeg.ini
c:\windows\system32\YJkRqBeg.ini2
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-03 19:34 . 2008-12-03 19:34 <DIR> d-------- c:\documents and settings\Kelvin Romrell\Application Data\Malwarebytes
2008-12-03 18:13 . 2008-12-03 18:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\Work\Application Data\Malwarebytes
2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-03 18:13 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:13 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\windows\ERUNT
2008-12-03 16:59 . 2008-12-03 17:43 <DIR> d-------- C:\SDFix
2008-11-29 14:23 . 2008-11-29 14:26 <DIR> d-------- c:\program files\ERUNT
2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- C:\rsit
2008-11-27 14:17 . 2008-11-27 14:17 <DIR> d-------- c:\program files\trend micro
2008-11-27 14:04 . 2008-11-27 14:04 <DIR> d-------- c:\program files\Java
2008-11-27 14:04 . 2008-11-27 14:04 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-27 14:04 . 2008-11-27 14:04 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-27 10:47 . 2008-11-27 10:47 <DIR> d-------- c:\program files\Windows Defender
2008-11-25 20:50 . 2008-12-03 18:00 <DIR> d-------- c:\documents and settings\Work\Application Data\U3
2008-11-25 19:58 . 2008-11-25 19:58 <DIR> d-------- C:\VundoFix Backups
2008-11-25 16:54 . 2008-11-25 16:54 <DIR> d-------- c:\program files\XoftSpySE
2008-11-25 16:26 . 2008-11-25 16:26 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Desktop Search
2008-11-25 16:23 . 2008-11-25 16:23 <DIR> d-------- c:\documents and settings\Work\Application Data\Windows Search
2008-11-25 16:18 . 2008-11-25 16:18 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-11-24 18:17 . 2008-11-25 22:05 <DIR> d-------- c:\documents and settings\Administrator
2008-11-24 17:20 . 2008-11-24 17:22 1,651,434 ---hs---- c:\windows\system32\wigbiwnx.ini
2008-11-23 17:21 . 2008-11-23 23:14 1,641,330 ---hs---- c:\windows\system32\efaipknj.ini
2008-11-23 16:46 . 2008-11-23 16:46 29,184 --a------ c:\windows\system32\MSINET.oca
2008-11-23 16:46 . 2008-11-23 16:46 2,407 --a------ c:\windows\system32\MSINET.DEP
2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- c:\documents and settings\Camille Romrell\Application Data\Snapfish
2008-11-07 17:02 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 05:47 5,068 ----a-w c:\windows\compaq.reg
2008-12-05 15:49 --------- d-----w c:\program files\Replay AV 8
2008-12-05 06:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-29 22:06 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\U3
2008-11-27 08:33 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\Skype
2008-11-26 01:37 --------- d--h--w c:\documents and settings\All Users\Application Data\Move Networks
2008-11-26 01:37 --------- d-----w c:\program files\Virtools Web Player 3.5
2008-11-25 02:29 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-24 04:37 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Skype
2008-11-06 02:09 --------- d-----w c:\program files\PDFCreator
2008-11-06 01:24 --------- d-----w c:\documents and settings\Kelvin Romrell\Application Data\PDFcreator
2008-11-06 00:32 --------- d-----w c:\documents and settings\Work\Application Data\PDFcreator
2008-11-05 00:59 --------- d-----w c:\documents and settings\Camille Romrell\Application Data\Sibelius Software
2008-11-05 00:58 --------- d-----w c:\program files\Musicnotes
2008-11-01 01:26 --------- d-----w c:\program files\QUICKENW
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-06-13 03:01 124,568 ----a-w c:\documents and settings\Kelvin Romrell\Application Data\GDIPFONTCACHEV1.DAT
2008-05-15 18:07 124,568 ----a-w c:\documents and settings\Camille Romrell\Application Data\GDIPFONTCACHEV1.DAT
2007-01-05 02:46 60,928 ----a-w c:\documents and settings\Camille Romrell\jbfmod.dll
2007-01-05 02:46 161,280 ----a-w c:\documents and settings\Camille Romrell\fmod.dll
2005-02-11 01:26 118,496 ----a-w c:\documents and settings\Guest\Application Data\GDIPFONTCACHEV1.DAT
2004-09-28 01:00 26,240 ----a-w c:\windows\inf\RAMDSK.SYS
2007-03-09 08:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="c:\program files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 32768]
"WCOLOREAL"="c:\program files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 143360]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"IPInSightLAN 01"="c:\program files\Verizon Online\Visual IP InSight\IPClient.exe" [2002-03-18 364544]
"IPInSightMonitor 01"="c:\program files\Verizon Online\Visual IP InSight\IPMon32.exe" [2002-03-18 102400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-03 1261336]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\Camille Romrell\Start Menu\Programs\Startup\
Monitor.lnk - c:\program files\SanDisk\SanDisk TransferMate\SD Monitor.exe [2006-11-11 114688]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456]
Replay AV 8.lnk - c:\program files\Replay AV 8\ReplayAV.exe [2007-08-19 789504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
Windows Media Player.lnk - c:\program files\Windows Media Player\wmplayer.exe [2004-08-11 64000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= c:\progra~1\REPLAY~1\iac25_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DDCM"="c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"Smapp"=c:\program files\Analog Devices\SoundMAX\Smtray.exe
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Netscape\\Netscape 6\\Netscp.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Replay AV 8\\Tuner.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-17 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 231704]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 C4C_BSC2;C4C_BSC2;c:\windows\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
S0 oroc;oroc;c:\windows\system32\drivers\wole.sys []
S2 NwSapAgent;SAP Agent;c:\windows\System32\svchost.exe -k netsvcs [2001-08-18 14336]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\Drivers\gbalink.sys [2004-12-06 19677]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;c:\windows\system32\DRIVERS\usb8023.sys [2001-08-18 12672]
S4 msCMTSrvc;Content Monitoring Tool;c:\windows\system32\msCMTSrvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2003-04-16 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1041827745.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-11 10:56]

2008-12-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{9C45F3F9-82C9-43B6-A419-EDD06286B92E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{001CB64B-74E4-45A9-B897-9F1D9A2EE901} - c:\windows\system32\mlJDwTLD.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\DIGHardwareControl.ocx - O16 -: {352797A0-EFD0-4FA6-B229-145120EA4B8A}
hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
c:\windows\Downloaded Program Files\DIGHardwareControl.inf

O16 -: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://esis6.nwpartnership.org:7777/forms/jinitiator/jinit.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-05 21:47:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SAgent4.exe
c:\windows\system32\fxssvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\COMPAQ\Easy Access Button Support\CPQEADM.exe
c:\compaq\eakdrv\EAUSBKBD.exe
c:\progra~1\COMPAQ\EASYAC~1\BttnServ.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Microsoft Office\Office10\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2008-12-05 21:58:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 05:58:04

Pre-Run: 25,989,996,544 bytes free
Post-Run: 26,300,416,000 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

226 --- E O F --- 2008-11-22 07:02:47

#11 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 06 December 2008 - 01:08 AM

Also, I turned my AVG Resident Shield back on, because I didn't want to leave myself exposed overnight. Let me know if I need to turn it back off before the next step. I left Windows Defender Real-time protection turned off, because you said at one point that I should leave it off until everything was complete.

Thanks again for your assistance!

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 06 December 2008 - 07:15 AM

Also, I turned my AVG Resident Shield back on, because I didn't want to leave myself exposed overnight. Let me know if I need to turn it back off before the next step. I left Windows Defender Real-time protection turned off, because you said at one point that I should leave it off until everything was complete.

Thanks again for your assistance!


Yes both the actions are required. The AVG Resident Schild should be turned off again after a temporary disabling but the Windows defender should be kept disabled until the log is clean.

And you are welcome!

++++++++++++++++++++++++++++++++

Yes ComboFix removed most of the remaining malware.
  • You have removed a couple of legit entries with Hijackthis. HJT doesn't read 09 entries very well and listing them as (file missing) doesn't mean the file is missing. These entries are related to Network Diagnostic and are needed by connection problems.
    Open HijackThis, and click on "View the list of Backups".
    Place a check mark next to the following:

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


    Click Restore then click Yes.
    Reboot your computer, this is an important step.
    More information can be found here.

  • Open notepad and copy/paste the text in the code box below into it:

    http://www.bleepingcomputer.com/forums/index.php?showtopic=182460&hl=kelvin
    
    Collect::[4]
    C:\WINDOWS\System32\wigbiwnx.ini
    C:\WINDOWS\System32\efaipknj.ini
    
    Driver::
    oroc

    Save this as CFScript.txt


    Posted Image


    Referring to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Important Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.
  • The first time you run RSIT the malware didn't let it to download and run Hijackthis. Please delete your copy of RSIT from your desktop. Download a fresh copy, run it and post the log.txt. The info.txt is not needed.


#13 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 06 December 2008 - 01:49 PM

Farbar,

I ran HijackThis and clicked on "View the list of Backups". The Configuration screen was displayed, saying "This is your ilst of items that were backed up...". The white area below there was empty.

What should I do next?

Kelvin

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:01 PM

Posted 06 December 2008 - 09:09 PM

Please perform this recovery registry fix instead of step# 1 and proceed with the second step:


Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in code box into it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}]
"CLSID"="{1FBA04EE-3024-11d2-8F1F-0000F87ABD16}"
"MenuText"="@xpsp3res.dll,-20001"
"Exec"="%windir%\\Network Diagnostic\\xpnetdiag.exe"
  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate network.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that network.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.

#15 Kelvin in Oregon

Kelvin in Oregon
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 07 December 2008 - 12:24 AM

OK. I did the recovery registry fix. The instructions said to save it as regfix.reg, but said to double-click on network.reg. I presumed this meant regfix.reg. That's what I did and got the popups you described.

I then tried to go on with step 2. I created CFScript.txt just fine. I then dragged it and dropped it on the ComboFix.exe icon. It looked like it started out OK. I then got a Error box saying "You canot rename ComboFix as ComboFix. Please use another name, preferbaly made up of alphanumeric charcters." A blue DOS window then appeared with a title of '.' Nothing showed up in it. I then got an Update box saying "There's a newer version of ComboFix available. Would you like to update ComboFix?"

Do I have some problem? Or should I just click OK on the Error box, and then either Yes or No on the Update box?

Sorry to keep bothering you, but I want to make sure I do it correctly.

Thanks as always!

Kelvin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users