Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Rootkit.Agent & others?


  • This topic is locked This topic is locked
12 replies to this topic

#1 mutant_hopeful

mutant_hopeful

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 30 November 2008 - 05:10 PM

Hello, I am trying to fix my wifes laptop for her. I have run Ad-Aware 2008 and RSIT. Ad-Aware seems to be unable to fix or quarintine something listed as Win32.Rootkit.Agent. When I try to run the other scan listed on this site the computer freezes. As soon as the computer is connected to the internet pop-ups start going crazy. Anti-virus 2009 is on of the pop-ups. Sometimes there is only audio from a pop-up, with nothing listed in the task manager as being open, but internet explorer is using about 45+% of the CPU.

Below are the two reports from RSIT. Please let me know if there is anything else you need, and thank you in advance for helping me with this.

Brian

-----------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Lisa Cloutier at 2008-11-30 14:12:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (78%) free of 76 GB
Total RAM: 1022 MB (2% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:07 PM, on 11/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DRoster\Firebird\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\MPC\jetty\NMWebSrv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\MPC\java\bin\java.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\MPC\system_monitor\agent\smaagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DRoster\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Lisa Cloutier\Desktop\RSIT.exe
C:\Program Files\trend micro\Lisa Cloutier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C526128-311B-4387-812E-4F2A38561DA9} - C:\WINDOWS\system32\geBronNf.dll (file missing)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXPhhhE.dll
O2 - BHO: mysidesearch search enhancer - {7027135e-46c2-c8f3-b499-37321f77fe7a} - C:\WINDOWS\system32\gmqtgpesawfbhx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {8F787A5D-01AE-F422-AD91-163A2B1964B1} - C:\WINDOWS\system32\tqqquffskwc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BCFCA218-11A2-6D2B-8B5F-4DE674860DE3} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll
O2 - BHO: {34aca685-8bc5-8ee8-f0b4-c25d332b062e} - {e260b233-d52c-4b0f-8ee8-5cb8586aca43} - C:\WINDOWS\system32\tahvfq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Remote Console] "C:\MPC\system_monitor\agent\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DBE7A8-2017-4326-BFB4-56B6A9B49CF2}: NameServer = 216.211.191.3,216.211.191.9
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL tahvfq.dll
O20 - Winlogon Notify: c004F3D6 - c004F3D6.mat (file missing)
O20 - Winlogon Notify: cbXPhhhE - C:\WINDOWS\SYSTEM32\cbXPhhhE.dll
O20 - Winlogon Notify: ljJCsTmN - ljJCsTmN.dll (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MPC Notebook System Manager Web Server (NMWebSrv) - Unknown owner - C:\MPC\jetty\NMWebSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MPC Notebook System Manager Agent (SMAgent) - SyAM Software, Inc. - C:\MPC\system_monitor\agent\smaagent.exe
O23 - Service: Remote Console (winvnc) - RealVNC Ltd. - C:\MPC\system_monitor\agent\winvnc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rtereme.html

--
End of file - 13853 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\fgqrqoxq.job
C:\WINDOWS\tasks\sxbjvofj.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C526128-311B-4387-812E-4F2A38561DA9}]
C:\WINDOWS\system32\geBronNf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll [2008-11-30 90624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7027135e-46c2-c8f3-b499-37321f77fe7a}]
mysidesearch search enhancer - C:\WINDOWS\system32\gmqtgpesawfbhx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F787A5D-01AE-F422-AD91-163A2B1964B1}]
agadoo browser enhancer - C:\WINDOWS\system32\tqqquffskwc.dll [2008-11-20 325120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCFCA218-11A2-6D2B-8B5F-4DE674860DE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll [2008-11-30 116224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e260b233-d52c-4b0f-8ee8-5cb8586aca43}]
C:\WINDOWS\system32\tahvfq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-14 88203]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-17 184320]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-07 761947]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-11 151552]
"DisplayManager"=C:\Program Files\Samsung\DisplayManager\DMLoader.exe [2005-11-16 356352]
"Remote Console"=C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-09 188416]
"MDNS"=C:\WINDOWS\system32\service.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-10 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-11-30 34816]
"gadcom"=C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe [2008-11-30 56320]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Lisa Cloutier\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\ncntmtdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL tahvfq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c004F3D6]
c004F3D6.mat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPhhhE]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJCsTmN]
ljJCsTmN.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32]
sys32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9E91EF7B-6846-45C3-A8AB-67CF7C900783}"=C:\WINDOWS\system32\ljJCsTmN.dll []
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBronNf

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce88dee-9a41-11dd-9df1-0019d2ad57f9}]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f5a54dc-d6e6-11dc-9d7d-0019d2ad57f9}]
shell\Auto\command - Ghost.pif
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b6b7e8-7de6-11dc-9d28-0019d2ad57f9}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-30 14:12:41 ----D---- C:\Program Files\trend micro
2008-11-30 14:12:38 ----D---- C:\rsit
2008-11-30 13:55:14 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\NI.GSCNS
2008-11-30 13:55:14 ----A---- C:\WINDOWS\system32\qoMdAPGa.dll
2008-11-30 13:54:39 ----A---- C:\WINDOWS\system32\ddcArRlL.dll
2008-11-30 13:54:35 ----A---- C:\WINDOWS\system32\cbXPhhhE.dll
2008-11-30 13:54:34 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-11-30 13:49:44 ----D---- C:\Program Files\Mjcore
2008-11-30 13:49:18 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom
2008-11-30 13:48:54 ----A---- C:\WINDOWS\system32\digeste.dll
2008-11-20 12:21:08 ----SH---- C:\WINDOWS\system32\jsqquqxn.ini
2008-11-10 17:07:01 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-09 00:34:06 ----AH---- C:\aaw7boot.cmd
2008-11-08 20:16:54 ----D---- C:\Program Files\Lavasoft
2008-11-08 20:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-08 20:16:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 11:15:41 ----SH---- C:\WINDOWS\system32\hiseggli.ini
2008-11-07 02:00:46 ----SH---- C:\WINDOWS\system32\pyembrot.ini
2008-11-06 14:36:32 ----SHD---- C:\WINDOWS\CSC
2008-11-06 14:28:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-06 13:46:09 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-06 13:38:38 ----D---- C:\Program Files\Webtools
2008-11-03 14:08:57 ----SH---- C:\WINDOWS\system32\rgkbjtkt.ini
2008-11-03 12:59:26 ----A---- C:\WINDOWS\system32\gmqtgpesawfbhx.dll-uninst.exe
2008-11-03 12:07:53 ----SH---- C:\WINDOWS\system32\eilfbtmc.ini
2008-11-03 12:07:21 ----A---- C:\WINDOWS\system32\6343cb23-.txt
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini2
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini
2008-11-03 11:59:20 ----A---- C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\vb
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\OT2
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\im
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\FPX
2008-11-03 11:58:05 ----D---- C:\WINDOWS\system32\QI19
2008-11-03 11:58:05 ----D---- C:\Temp
2008-11-01 04:38:44 ----A---- C:\WINDOWS\system32\tqqquffskwc.dll

======List of files/folders modified in the last 1 months======

2008-11-30 14:12:41 ----RD---- C:\Program Files
2008-11-30 14:07:15 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 14:06:11 ----D---- C:\WINDOWS
2008-11-30 14:05:55 ----D---- C:\WINDOWS\Temp
2008-11-30 13:56:13 ----RHD---- C:\$VAULT$.AVG
2008-11-30 13:55:14 ----D---- C:\WINDOWS\system32
2008-11-30 13:54:42 ----SD---- C:\WINDOWS\Tasks
2008-11-30 13:54:38 ----D---- C:\WINDOWS\Prefetch
2008-11-30 13:48:54 ----D---- C:\Documents and Settings
2008-11-30 11:11:27 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\AVG7
2008-11-29 18:51:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-29 16:48:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-14 10:44:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-10 17:09:05 ----SHD---- C:\System Volume Information
2008-11-10 17:09:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-10 16:54:02 ----A---- C:\WINDOWS\wininit.ini
2008-11-09 00:34:09 ----SHD---- C:\WINDOWS\TGlzYSBDbG91dGllcg
2008-11-09 00:34:09 ----D---- C:\Program Files\Common Files\?dobe
2008-11-08 20:17:45 ----SHD---- C:\WINDOWS\Installer
2008-11-08 20:17:45 ----HD---- C:\Config.Msi
2008-11-08 20:16:54 ----D---- C:\WINDOWS\system32\drivers
2008-11-08 20:16:09 ----D---- C:\Program Files\Common Files
2008-11-06 14:22:29 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-12-27 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-12-27 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-12-27 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-28 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 msgpcc;msgpcc; C:\WINDOWS\System32\drivers\msgpcc.sys [2008-11-03 86144]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-31 21275]
R2 caniodrvr;caniodrvr; \??\C:\MPC\system_monitor\agent\drivers\caniodrvr.sys []
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-10-24 8413]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-25 140288]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-29 1123200]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-30 117906]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-01 176640]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-07 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-20 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-20 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-20 21568]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-12-27 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-12-27 49664]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbguard.exe [2006-01-17 65536]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NMWebSrv;MPC Notebook System Manager Web Server; C:\MPC\jetty\NMWebSrv.exe [2004-01-02 110592]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-30 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SMAgent;MPC Notebook System Manager Agent; C:\MPC\system_monitor\agent\smaagent.exe [2006-06-24 139264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbserver.exe [2006-01-17 1527895]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-21 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 winvnc;Remote Console; C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-30 14:13:15

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ATI Catalyst Control Center-->MsiExec.exe /I{27F7494A-5521-4C95-959C-CD4B4D65FCEA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deewoo Network Manager removal-->C:\WINDOWS\system32\ncntmtdl.exe -UPop
Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DisplayManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
DRoster-->"C:\Program Files\DRoster\unins000.exe"
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{AD041E8E-51AD-437B-A36E-5475BD1ED49A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5550 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\setup.exe" -l0x9 Remove
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPC Notebook System Manager 3.11-->MsiExec.exe /X{01381BB8-2ABB-40CE-988F-49DBF392FE7D}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\gmqtgpesawfbhx.dll-uninst.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
QuickBooks Pro 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
QuickBooks Pro 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RON Tool Agadoo-->C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Office 2007 (KB934062)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SENS LT56ADW Modem-->agrsmdel
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Business 2007-->C:\Program Files\TurboTax\Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2007\Uninstall.log" -NoGui
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Office 2007 (KB932080)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 (KB937608)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Word 2007 (KB934173)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Softex\OmniPass;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 01 December 2008 - 01:59 AM

----EDITED----


Hi miekiemoes.. Sorry, I didn't realize you about to post to thread starter.. I'll leave it to you.. :thumbsup:


Regards
fenzodahl512

Edited by fenzodahl512, 01 December 2008 - 02:22 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 01 December 2008 - 02:09 AM

Hi,

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Uninstall MySidesearch Search Assistant Bfinding via software > add & remove programs.

Then, the version of AVG you are running is way outdated. That's why it is important that you update AVG to the latest version and perform a full scan with it.
Let it quarantine / delete everything it is finding.
Then reboot.

After reboot, scan with rsit again and post a new log in your next reply. Then we'll start from there.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 mutant_hopeful

mutant_hopeful
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 02 December 2008 - 07:39 PM

Miekiemoes,

Thanks for the help, I really appreciate this. I have backed everything up onto an external hard drive. It would be nice to be able to clean this without having to reformat the hard drive. However, if that is what I need to do to fix this problem for good, now would be as good a time as any. I installed the newest version of AVG and ran several scans. Below is the latest from the RSIT.

Once again, I really appreciate all the help!
Brian

--------------
info.txt logfile of random's system information tool 1.04 2008-11-30 14:13:15

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ATI Catalyst Control Center-->MsiExec.exe /I{27F7494A-5521-4C95-959C-CD4B4D65FCEA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deewoo Network Manager removal-->C:\WINDOWS\system32\ncntmtdl.exe -UPop
Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DisplayManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
DRoster-->"C:\Program Files\DRoster\unins000.exe"
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{AD041E8E-51AD-437B-A36E-5475BD1ED49A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5550 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\setup.exe" -l0x9 Remove
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPC Notebook System Manager 3.11-->MsiExec.exe /X{01381BB8-2ABB-40CE-988F-49DBF392FE7D}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\gmqtgpesawfbhx.dll-uninst.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
QuickBooks Pro 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
QuickBooks Pro 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RON Tool Agadoo-->C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Office 2007 (KB934062)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SENS LT56ADW Modem-->agrsmdel
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Business 2007-->C:\Program Files\TurboTax\Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2007\Uninstall.log" -NoGui
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Office 2007 (KB932080)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 (KB937608)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Word 2007 (KB934173)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Softex\OmniPass;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lisa Cloutier at 2008-12-02 19:19:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 1022 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:05 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DRoster\Firebird\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\MPC\jetty\NMWebSrv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\MPC\java\bin\java.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\MPC\system_monitor\agent\smaagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DRoster\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Lisa Cloutier\Desktop\RSIT.exe
C:\Program Files\trend micro\Lisa Cloutier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C526128-311B-4387-812E-4F2A38561DA9} - C:\WINDOWS\system32\geBronNf.dll (file missing)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXPhhhE.dll
O2 - BHO: mysidesearch search enhancer - {7027135e-46c2-c8f3-b499-37321f77fe7a} - C:\WINDOWS\system32\gmqtgpesawfbhx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {8F787A5D-01AE-F422-AD91-163A2B1964B1} - C:\WINDOWS\system32\tqqquffskwc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BCFCA218-11A2-6D2B-8B5F-4DE674860DE3} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll (file missing)
O2 - BHO: {34aca685-8bc5-8ee8-f0b4-c25d332b062e} - {e260b233-d52c-4b0f-8ee8-5cb8586aca43} - C:\WINDOWS\system32\tahvfq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Remote Console] "C:\MPC\system_monitor\agent\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [kiuyfzrpuxhrllrwi] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tqqquffskwc.dll"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Lisa Cloutier\Application Data\Twain\Twain.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Global Startup: Button Manager v1.874.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DBE7A8-2017-4326-BFB4-56B6A9B49CF2}: NameServer = 216.211.191.3,216.211.191.9
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,tahvfq.dll,avgrsstx.dll
O20 - Winlogon Notify: c004F3D6 - c004F3D6.mat (file missing)
O20 - Winlogon Notify: cbXPhhhE - C:\WINDOWS\SYSTEM32\cbXPhhhE.dll
O20 - Winlogon Notify: ljJCsTmN - ljJCsTmN.dll (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MPC Notebook System Manager Web Server (NMWebSrv) - Unknown owner - C:\MPC\jetty\NMWebSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MPC Notebook System Manager Agent (SMAgent) - SyAM Software, Inc. - C:\MPC\system_monitor\agent\smaagent.exe
O23 - Service: Remote Console (winvnc) - RealVNC Ltd. - C:\MPC\system_monitor\agent\winvnc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rtereme.html

--
End of file - 14204 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\fgqrqoxq.job
C:\WINDOWS\tasks\sxbjvofj.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C526128-311B-4387-812E-4F2A38561DA9}]
C:\WINDOWS\system32\geBronNf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-02 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7027135e-46c2-c8f3-b499-37321f77fe7a}]
mysidesearch search enhancer - C:\WINDOWS\system32\gmqtgpesawfbhx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F787A5D-01AE-F422-AD91-163A2B1964B1}]
agadoo browser enhancer - C:\WINDOWS\system32\tqqquffskwc.dll [2008-11-20 325120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCFCA218-11A2-6D2B-8B5F-4DE674860DE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e260b233-d52c-4b0f-8ee8-5cb8586aca43}]
C:\WINDOWS\system32\tahvfq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-14 88203]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-17 184320]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-07 761947]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-11 151552]
"DisplayManager"=C:\Program Files\Samsung\DisplayManager\DMLoader.exe [2005-11-16 356352]
"Remote Console"=C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-09 188416]
"MDNS"=C:\WINDOWS\system32\service.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-02 1261336]
"kiuyfzrpuxhrllrwi"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-10 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"gadcom"=C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A []
"Twain"=C:\Documents and Settings\Lisa Cloutier\Application Data\Twain\Twain.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Button Manager v1.874.lnk - C:\Program Files\INITIO\Button Manager v1.874\inihid.exe
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Documents and Settings\Lisa Cloutier\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\ncntmtdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,tahvfq.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c004F3D6]
c004F3D6.mat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPhhhE]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJCsTmN]
ljJCsTmN.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32]
sys32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9E91EF7B-6846-45C3-A8AB-67CF7C900783}"=C:\WINDOWS\system32\ljJCsTmN.dll []
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBronNf

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce88dee-9a41-11dd-9df1-0019d2ad57f9}]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f5a54dc-d6e6-11dc-9d7d-0019d2ad57f9}]
shell\Auto\command - Ghost.pif
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b6b7e8-7de6-11dc-9d28-0019d2ad57f9}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 2 months======

2008-12-02 19:10:20 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\SpeedRunner
2008-12-02 19:05:31 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\Twain
2008-12-02 19:04:39 ----A---- C:\WINDOWS\system32\digeste.dll
2008-12-02 17:30:58 ----HD---- C:\$AVG8.VAULT$
2008-12-02 17:27:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-02 17:27:10 ----D---- C:\Program Files\AVG
2008-12-02 17:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-02 13:17:41 ----A---- C:\WINDOWS\MusicRip.ini
2008-12-02 13:15:40 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\ArcSoft
2008-12-02 11:57:35 ----D---- C:\Program Files\INITIO
2008-12-02 11:57:35 ----A---- C:\Program Files\ReadMe.txt
2008-12-02 11:56:40 ----D---- C:\Program Files\Common Files\ArcSoft
2008-12-02 11:56:39 ----D---- C:\Program Files\ArcSoft
2008-12-02 11:56:39 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-11-30 14:12:41 ----D---- C:\Program Files\trend micro
2008-11-30 14:12:38 ----D---- C:\rsit
2008-11-30 13:55:14 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\NI.GSCNS
2008-11-30 13:55:14 ----A---- C:\WINDOWS\system32\qoMdAPGa.dll
2008-11-30 13:54:35 ----A---- C:\WINDOWS\system32\cbXPhhhE.dll
2008-11-30 13:49:44 ----D---- C:\Program Files\Mjcore
2008-11-20 12:21:08 ----SH---- C:\WINDOWS\system32\jsqquqxn.ini
2008-11-10 17:07:01 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-09 00:34:06 ----AH---- C:\aaw7boot.cmd
2008-11-08 20:16:54 ----D---- C:\Program Files\Lavasoft
2008-11-08 20:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-08 20:16:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 11:15:41 ----SH---- C:\WINDOWS\system32\hiseggli.ini
2008-11-07 02:00:46 ----SH---- C:\WINDOWS\system32\pyembrot.ini
2008-11-06 14:36:32 ----SHD---- C:\WINDOWS\CSC
2008-11-06 14:28:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-06 13:46:09 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-06 13:38:38 ----D---- C:\Program Files\Webtools
2008-11-03 14:08:57 ----SH---- C:\WINDOWS\system32\rgkbjtkt.ini
2008-11-03 12:07:53 ----SH---- C:\WINDOWS\system32\eilfbtmc.ini
2008-11-03 12:07:21 ----A---- C:\WINDOWS\system32\6343cb23-.txt
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini2
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini
2008-11-03 11:59:20 ----A---- C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\vb
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\OT2
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\im
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\FPX
2008-11-03 11:58:05 ----D---- C:\WINDOWS\system32\QI19
2008-11-03 11:58:05 ----D---- C:\Temp
2008-11-01 04:38:44 ----A---- C:\WINDOWS\system32\tqqquffskwc.dll
2008-10-24 22:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 16:34:02 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\U3
2008-10-16 09:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 09:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 09:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 09:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 09:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 2 months======

2008-12-02 19:20:05 ----D---- C:\WINDOWS\Temp
2008-12-02 19:19:25 ----D---- C:\WINDOWS\Prefetch
2008-12-02 19:17:33 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 19:14:49 ----D---- C:\WINDOWS
2008-12-02 19:12:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 19:05:02 ----D---- C:\WINDOWS\system32
2008-12-02 17:36:30 ----D---- C:\Documents and Settings
2008-12-02 17:27:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 17:27:10 ----RD---- C:\Program Files
2008-12-02 17:27:01 ----SHD---- C:\WINDOWS\Installer
2008-12-02 17:27:00 ----HD---- C:\Config.Msi
2008-12-02 17:26:58 ----D---- C:\WINDOWS\WinSxS
2008-12-02 17:26:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-02 17:08:46 ----D---- C:\WINDOWS\system
2008-12-02 13:23:11 ----D---- C:\WINDOWS\repair
2008-12-02 13:22:59 ----D---- C:\WINDOWS\Registration
2008-12-02 13:14:55 ----HD---- C:\WINDOWS\inf
2008-12-02 13:14:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 11:57:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 11:56:40 ----D---- C:\Program Files\Common Files
2008-11-30 13:54:42 ----SD---- C:\WINDOWS\Tasks
2008-11-14 10:44:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-10 17:09:05 ----SHD---- C:\System Volume Information
2008-11-10 17:09:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-10 16:54:02 ----A---- C:\WINDOWS\wininit.ini
2008-11-09 00:34:09 ----SHD---- C:\WINDOWS\TGlzYSBDbG91dGllcg
2008-11-09 00:34:09 ----D---- C:\Program Files\Common Files\?dobe
2008-11-06 14:22:29 ----SHD---- C:\RECYCLER
2008-10-24 22:20:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 22:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 09:36:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 09:34:17 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 09:48:42 ----D---- C:\Program Files\TurboTax
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-02 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 msgpcc;msgpcc; C:\WINDOWS\System32\drivers\msgpcc.sys [2008-11-03 86144]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-31 21275]
R2 caniodrvr;caniodrvr; \??\C:\MPC\system_monitor\agent\drivers\caniodrvr.sys []
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-10-24 8413]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-25 140288]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-29 1123200]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-30 117906]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-01 176640]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-07 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-20 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-20 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-20 21568]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbguard.exe [2006-01-17 65536]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NMWebSrv;MPC Notebook System Manager Web Server; C:\MPC\jetty\NMWebSrv.exe [2004-01-02 110592]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-30 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SMAgent;MPC Notebook System Manager Agent; C:\MPC\system_monitor\agent\smaagent.exe [2006-06-24 139264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbserver.exe [2006-01-17 1527895]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-21 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 winvnc;Remote Console; C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]

-----------------EOF-----------------

#5 mutant_hopeful

mutant_hopeful
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 02 December 2008 - 08:22 PM

Miekiemoes,

Thanks for the help, I really appreciate this. I have backed everything up onto an external hard drive. It would be nice to be able to clean this without having to reformat the hard drive. However, if that is what I need to do to fix this problem for good, now would be as good a time as any. I installed the newest version of AVG and ran several scans. Below is the latest from the RSIT.

Once again, I really appreciate all the help!
Brian

--------------
info.txt logfile of random's system information tool 1.04 2008-11-30 14:13:15

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ATI Catalyst Control Center-->MsiExec.exe /I{27F7494A-5521-4C95-959C-CD4B4D65FCEA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deewoo Network Manager removal-->C:\WINDOWS\system32\ncntmtdl.exe -UPop
Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DisplayManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
DRoster-->"C:\Program Files\DRoster\unins000.exe"
Fingerprint Sensor Minimum Install-->MsiExec.exe /I{AD041E8E-51AD-437B-A36E-5475BD1ED49A}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5550 series-->rundll32 hpzcon07.dll,VendorJettison hp deskjet 5550 series
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\setup.exe" -l0x9 Remove
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPC Notebook System Manager 3.11-->MsiExec.exe /X{01381BB8-2ABB-40CE-988F-49DBF392FE7D}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MySidesearch Search Assistant Bfinding-->C:\WINDOWS\system32\gmqtgpesawfbhx.dll-uninst.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
QuickBooks Pro 2002-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
QuickBooks Pro 2008-->msiexec.exe /I {8ED4E82B-8CEA-40DE-826C-37AC7B941F81} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2008" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{8ED4E82B-8CEA-40DE-826C-37AC7B941F81}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
RON Tool Agadoo-->C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Office 2007 (KB934062)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for the 2007 Microsoft Office System (KB936960)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SENS LT56ADW Modem-->agrsmdel
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TurboTax Business 2007-->C:\Program Files\TurboTax\Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2007\Uninstall.log" -NoGui
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Office 2007 (KB932080)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 (KB937608)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb943559)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Word 2007 (KB934173)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG 7.5.552

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Softex\OmniPass;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Lisa Cloutier at 2008-12-02 19:19:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 1022 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:05 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\DRoster\Firebird\bin\fbguard.exe
C:\WINDOWS\System32\svchost.exe
C:\MPC\jetty\NMWebSrv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\MPC\java\bin\java.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\MPC\system_monitor\agent\smaagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DRoster\Firebird\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\Lisa Cloutier\Desktop\RSIT.exe
C:\Program Files\trend micro\Lisa Cloutier.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C526128-311B-4387-812E-4F2A38561DA9} - C:\WINDOWS\system32\geBronNf.dll (file missing)
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Webtools\webtools.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\cbXPhhhE.dll
O2 - BHO: mysidesearch search enhancer - {7027135e-46c2-c8f3-b499-37321f77fe7a} - C:\WINDOWS\system32\gmqtgpesawfbhx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: agadoo browser enhancer - {8F787A5D-01AE-F422-AD91-163A2B1964B1} - C:\WINDOWS\system32\tqqquffskwc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BCFCA218-11A2-6D2B-8B5F-4DE674860DE3} - (no file)
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll (file missing)
O2 - BHO: {34aca685-8bc5-8ee8-f0b4-c25d332b062e} - {e260b233-d52c-4b0f-8ee8-5cb8586aca43} - C:\WINDOWS\system32\tahvfq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Remote Console] "C:\MPC\system_monitor\agent\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [kiuyfzrpuxhrllrwi] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tqqquffskwc.dll"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Lisa Cloutier\Application Data\Twain\Twain.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntmtdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Global Startup: Button Manager v1.874.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DBE7A8-2017-4326-BFB4-56B6A9B49CF2}: NameServer = 216.211.191.3,216.211.191.9
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,tahvfq.dll,avgrsstx.dll
O20 - Winlogon Notify: c004F3D6 - c004F3D6.mat (file missing)
O20 - Winlogon Notify: cbXPhhhE - C:\WINDOWS\SYSTEM32\cbXPhhhE.dll
O20 - Winlogon Notify: ljJCsTmN - ljJCsTmN.dll (file missing)
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\DRoster\Firebird\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MPC Notebook System Manager Web Server (NMWebSrv) - Unknown owner - C:\MPC\jetty\NMWebSrv.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: MPC Notebook System Manager Agent (SMAgent) - SyAM Software, Inc. - C:\MPC\system_monitor\agent\smaagent.exe
O23 - Service: Remote Console (winvnc) - RealVNC Ltd. - C:\MPC\system_monitor\agent\winvnc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\rtereme.html

--
End of file - 14204 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\fgqrqoxq.job
C:\WINDOWS\tasks\sxbjvofj.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C526128-311B-4387-812E-4F2A38561DA9}]
C:\WINDOWS\system32\geBronNf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
BHO Class - C:\Program Files\Webtools\webtools.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-02 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7027135e-46c2-c8f3-b499-37321f77fe7a}]
mysidesearch search enhancer - C:\WINDOWS\system32\gmqtgpesawfbhx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F787A5D-01AE-F422-AD91-163A2B1964B1}]
agadoo browser enhancer - C:\WINDOWS\system32\tqqquffskwc.dll [2008-11-20 325120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-19 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCFCA218-11A2-6D2B-8B5F-4DE674860DE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}]
Mjcore Class - C:\Program Files\Mjcore\Mjcore.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e260b233-d52c-4b0f-8ee8-5cb8586aca43}]
C:\WINDOWS\system32\tahvfq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-10-21 2403392]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-11-14 88203]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-17 184320]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-07-26 716800]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-07 761947]
"MagicKeyboard"=C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2005-04-11 151552]
"DisplayManager"=C:\Program Files\Samsung\DisplayManager\DMLoader.exe [2005-11-16 356352]
"Remote Console"=C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-12-28 569413]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-09 188416]
"MDNS"=C:\WINDOWS\system32\service.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-02 1261336]
"kiuyfzrpuxhrllrwi"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-20 1207080]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-10 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
"gadcom"=C:\Documents and Settings\Lisa Cloutier\Application Data\gadcom\gadcom.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A []
"Twain"=C:\Documents and Settings\Lisa Cloutier\Application Data\Twain\Twain.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Button Manager v1.874.lnk - C:\Program Files\INITIO\Button Manager v1.874\inihid.exe
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
QuickBooks 2002 Delivery Agent.lnk - C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
TotalMedia Backup Monitor.lnk - C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Documents and Settings\Lisa Cloutier\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\ncntmtdl.exe
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,tahvfq.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c004F3D6]
c004F3D6.mat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbXPhhhE]
C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJCsTmN]
ljJCsTmN.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32]
sys32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9E91EF7B-6846-45C3-A8AB-67CF7C900783}"=C:\WINDOWS\system32\ljJCsTmN.dll []
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\cbXPhhhE.dll [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBronNf

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce88dee-9a41-11dd-9df1-0019d2ad57f9}]
shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f5a54dc-d6e6-11dc-9d7d-0019d2ad57f9}]
shell\Auto\command - Ghost.pif
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b6b7e8-7de6-11dc-9d28-0019d2ad57f9}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 2 months======

2008-12-02 19:10:20 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\SpeedRunner
2008-12-02 19:05:31 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\Twain
2008-12-02 19:04:39 ----A---- C:\WINDOWS\system32\digeste.dll
2008-12-02 17:30:58 ----HD---- C:\$AVG8.VAULT$
2008-12-02 17:27:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-02 17:27:10 ----D---- C:\Program Files\AVG
2008-12-02 17:27:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-02 13:17:41 ----A---- C:\WINDOWS\MusicRip.ini
2008-12-02 13:15:40 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\ArcSoft
2008-12-02 11:57:35 ----D---- C:\Program Files\INITIO
2008-12-02 11:57:35 ----A---- C:\Program Files\ReadMe.txt
2008-12-02 11:56:40 ----D---- C:\Program Files\Common Files\ArcSoft
2008-12-02 11:56:39 ----D---- C:\Program Files\ArcSoft
2008-12-02 11:56:39 ----A---- C:\WINDOWS\PCDLIB32.DLL
2008-11-30 14:12:41 ----D---- C:\Program Files\trend micro
2008-11-30 14:12:38 ----D---- C:\rsit
2008-11-30 13:55:14 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\NI.GSCNS
2008-11-30 13:55:14 ----A---- C:\WINDOWS\system32\qoMdAPGa.dll
2008-11-30 13:54:35 ----A---- C:\WINDOWS\system32\cbXPhhhE.dll
2008-11-30 13:49:44 ----D---- C:\Program Files\Mjcore
2008-11-20 12:21:08 ----SH---- C:\WINDOWS\system32\jsqquqxn.ini
2008-11-10 17:07:01 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-09 00:34:06 ----AH---- C:\aaw7boot.cmd
2008-11-08 20:16:54 ----D---- C:\Program Files\Lavasoft
2008-11-08 20:16:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-08 20:16:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 11:15:41 ----SH---- C:\WINDOWS\system32\hiseggli.ini
2008-11-07 02:00:46 ----SH---- C:\WINDOWS\system32\pyembrot.ini
2008-11-06 14:36:32 ----SHD---- C:\WINDOWS\CSC
2008-11-06 14:28:29 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-06 13:46:09 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-11-06 13:38:38 ----D---- C:\Program Files\Webtools
2008-11-03 14:08:57 ----SH---- C:\WINDOWS\system32\rgkbjtkt.ini
2008-11-03 12:07:53 ----SH---- C:\WINDOWS\system32\eilfbtmc.ini
2008-11-03 12:07:21 ----A---- C:\WINDOWS\system32\6343cb23-.txt
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini2
2008-11-03 12:07:06 ----ASH---- C:\WINDOWS\system32\fNnorBeg.ini
2008-11-03 11:59:20 ----A---- C:\WINDOWS\system32\yrnmbfvdgxrixrfx.exe
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\vb
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\OT2
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\im
2008-11-03 11:58:14 ----D---- C:\WINDOWS\system32\FPX
2008-11-03 11:58:05 ----D---- C:\WINDOWS\system32\QI19
2008-11-03 11:58:05 ----D---- C:\Temp
2008-11-01 04:38:44 ----A---- C:\WINDOWS\system32\tqqquffskwc.dll
2008-10-24 22:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-18 16:34:02 ----D---- C:\Documents and Settings\Lisa Cloutier\Application Data\U3
2008-10-16 09:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 09:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 09:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 09:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 09:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 2 months======

2008-12-02 19:20:05 ----D---- C:\WINDOWS\Temp
2008-12-02 19:19:25 ----D---- C:\WINDOWS\Prefetch
2008-12-02 19:17:33 ----D---- C:\Program Files\Mozilla Firefox
2008-12-02 19:14:49 ----D---- C:\WINDOWS
2008-12-02 19:12:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-02 19:05:02 ----D---- C:\WINDOWS\system32
2008-12-02 17:36:30 ----D---- C:\Documents and Settings
2008-12-02 17:27:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 17:27:10 ----RD---- C:\Program Files
2008-12-02 17:27:01 ----SHD---- C:\WINDOWS\Installer
2008-12-02 17:27:00 ----HD---- C:\Config.Msi
2008-12-02 17:26:58 ----D---- C:\WINDOWS\WinSxS
2008-12-02 17:26:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-02 17:08:46 ----D---- C:\WINDOWS\system
2008-12-02 13:23:11 ----D---- C:\WINDOWS\repair
2008-12-02 13:22:59 ----D---- C:\WINDOWS\Registration
2008-12-02 13:14:55 ----HD---- C:\WINDOWS\inf
2008-12-02 13:14:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 11:57:35 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 11:56:40 ----D---- C:\Program Files\Common Files
2008-11-30 13:54:42 ----SD---- C:\WINDOWS\Tasks
2008-11-14 10:44:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-10 17:09:05 ----SHD---- C:\System Volume Information
2008-11-10 17:09:05 ----D---- C:\WINDOWS\system32\Restore
2008-11-10 16:54:02 ----A---- C:\WINDOWS\wininit.ini
2008-11-09 00:34:09 ----SHD---- C:\WINDOWS\TGlzYSBDbG91dGllcg
2008-11-09 00:34:09 ----D---- C:\Program Files\Common Files\?dobe
2008-11-06 14:22:29 ----SHD---- C:\RECYCLER
2008-10-24 22:20:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 22:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 09:36:13 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 09:34:17 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 09:48:42 ----D---- C:\Program Files\TurboTax
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-02 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-02 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 msgpcc;msgpcc; C:\WINDOWS\System32\drivers\msgpcc.sys [2008-11-03 86144]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-07-31 21275]
R2 caniodrvr;caniodrvr; \??\C:\MPC\system_monitor\agent\drivers\caniodrvr.sys []
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-10-24 8413]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-25 140288]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;SENS LT56ADW Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-29 1123200]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-11-30 117906]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-01 176640]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-09-17 28672]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-09-14 50560]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-07 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-20 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-20 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-20 21568]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-02 231704]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbguard.exe [2006-01-17 65536]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NMWebSrv;MPC Notebook System Manager Web Server; C:\MPC\jetty\NMWebSrv.exe [2004-01-02 110592]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2005-11-30 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-02-27 20480]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]
R2 SMAgent;MPC Notebook System Manager Agent; C:\MPC\system_monitor\agent\smaagent.exe [2006-06-24 139264]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\DRoster\Firebird\bin\fbserver.exe [2006-01-17 1527895]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-08 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-21 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2007-05-24 61440]
S3 winvnc;Remote Console; C:\MPC\system_monitor\agent\winvnc.exe [2007-07-31 368640]

-----------------EOF-----------------

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 03 December 2008 - 03:28 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 mutant_hopeful

mutant_hopeful
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 December 2008 - 12:37 PM

Here is the log....

ComboFix 08-12-02.02 - Lisa Cloutier 2008-12-03 12:11:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.563 [GMT -5:00]
Running from: c:\documents and settings\Lisa Cloutier\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Brian Anderson\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lisa Cloutier\Application Data\AntispywareBot
c:\documents and settings\Lisa Cloutier\Application Data\NI.GSCNS
c:\documents and settings\Lisa Cloutier\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Lisa Cloutier\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Lisa Cloutier\Application Data\SpeedRunner
c:\documents and settings\Lisa Cloutier\Application Data\SpeedRunner\config.cfg
c:\documents and settings\Lisa Cloutier\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Lisa Cloutier\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Lisa Cloutier\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\Lisa Cloutier\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\Common Files\dobe~1
c:\program files\Common Files\ystem~1
c:\program files\ComPlus Applications\rtereme.html
c:\program files\Mjcore
c:\program files\Temporary
c:\program files\tsks~1
c:\program files\tsks~1\T?sks\
c:\program files\WinAble
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\system32\bszip.dll
c:\windows\system32\digeste.dll
c:\windows\system32\drivers\core.cache.dsk
c:\windows\system32\eilfbtmc.ini
c:\windows\system32\fNnorBeg.ini
c:\windows\system32\fNnorBeg.ini2
c:\windows\system32\hiseggli.ini
c:\windows\system32\jsqquqxn.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\pac.txt
c:\windows\system32\pyembrot.ini
c:\windows\system32\rgkbjtkt.ini
c:\windows\system32\tqqquffskwc.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\wnstsicomsv32.exe
c:\windows\Tasks\fgqrqoxq.job
c:\windows\Tasks\sxbjvofj.job
c:\windows\wiaserviv.log

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 12:02 . 2008-12-03 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-02 19:05 . 2008-12-02 19:06 <DIR> d-------- c:\documents and settings\Lisa Cloutier\Application Data\Twain
2008-12-02 19:04 . 2008-12-02 19:04 32,256 --a------ c:\documents and settings\Lisa Cloutier\~.exe
2008-12-02 17:27 . 2008-12-02 17:27 <DIR> d-------- c:\program files\AVG
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\documents and settings\Brian Anderson\Application Data\ArcSoft
2008-12-02 13:17 . 2008-12-02 13:17 94 --a------ c:\windows\MusicRip.ini
2008-12-02 13:17 . 2008-12-02 13:17 20 --ahs---- C:\ArcDeviceInfo
2008-12-02 13:15 . 2008-12-02 13:17 <DIR> d-------- c:\documents and settings\Lisa Cloutier\Application Data\ArcSoft
2008-12-02 11:57 . 2008-12-02 11:57 <DIR> d-------- c:\program files\INITIO
2008-12-02 11:57 . 2004-05-10 00:59 13,696 --a------ c:\windows\system32\drivers\inigpio.sys
2008-12-02 11:57 . 2005-04-26 19:38 4,736 --a------ c:\windows\system32\drivers\UsbFi2K.sys
2008-12-02 11:56 . 2008-12-02 11:56 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-12-02 11:56 . 2008-12-02 11:56 <DIR> d-------- c:\program files\ArcSoft
2008-12-02 11:56 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-02 11:56 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2008-11-30 14:12 . 2008-11-30 14:13 <DIR> d-------- C:\rsit
2008-11-30 14:12 . 2008-12-02 19:19 <DIR> d-------- c:\program files\trend micro
2008-11-30 13:55 . 2008-11-30 13:55 32,768 --a------ c:\windows\system32\qoMdAPGa.dll
2008-11-30 13:54 . 2008-11-30 13:54 <DIR> d-------- c:\temp\DIV55
2008-11-30 13:54 . 2008-11-30 13:54 32,768 --a------ c:\windows\system32\cbXPhhhE.dll
2008-11-10 17:07 . 2008-11-10 17:08 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-09 00:34 . 2008-11-28 18:41 168 --ah----- C:\aaw7boot.cmd
2008-11-08 21:18 . 2008-11-08 21:18 <DIR> d-------- c:\documents and settings\Brian Anderson\Application Data\InterVideo
2008-11-08 20:16 . 2008-11-08 20:16 <DIR> d-------- c:\program files\Lavasoft
2008-11-08 20:16 . 2008-11-08 20:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 20:16 . 2008-11-08 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 14:54 . 2007-12-18 23:43 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-06 13:38 . 2008-12-02 18:01 <DIR> d-------- c:\program files\Webtools
2008-11-03 11:59 . 2008-11-20 12:19 47,584 --a------ c:\windows\system32\yrnmbfvdgxrixrfx.exe
2008-11-03 11:58 . 2008-11-03 11:59 <DIR> d-------- c:\windows\system32\vb
2008-11-03 11:58 . 2008-11-05 13:34 <DIR> d-------- c:\windows\system32\QI19
2008-11-03 11:58 . 2008-11-05 13:34 <DIR> d-------- c:\windows\system32\OT2
2008-11-03 11:58 . 2008-11-05 13:34 <DIR> d-------- c:\windows\system32\im
2008-11-03 11:58 . 2008-11-05 13:34 <DIR> d-------- c:\windows\system32\FPX
2008-11-03 11:58 . 2008-11-03 12:02 <DIR> d-------- c:\temp\NT32
2008-11-03 11:58 . 2008-12-03 12:12 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 17:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 16:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 22:30 --------- d-----w c:\documents and settings\Lisa Cloutier\Application Data\U3
2008-10-16 14:32 --------- d-----w c:\documents and settings\Other\Application Data\U3
2008-10-15 23:03 --------- d-----w c:\documents and settings\Other\Application Data\AdobeUM
2008-10-15 14:48 --------- d-----w c:\program files\TurboTax
2008-10-15 14:38 --------- d-----w c:\documents and settings\Other\Application Data\Intuit
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2005-05-26 19:35 1,422 ----a-w c:\program files\ReadMe.txt
2007-07-31 23:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-10-18 17:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-11-30 13:54 32768 --a------ c:\windows\system32\cbXPhhhE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352]
"Remote Console"="c:\mpc\system_monitor\agent\winvnc.exe" [2007-07-31 368640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 188416]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-14 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\cbXPhhhE.dll" [2008-11-30 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPhhhE]
2008-11-30 13:54 32768 c:\windows\system32\cbXPhhhE.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

R2 caniodrvr;caniodrvr;\??\c:\mpc\system_monitor\agent\drivers\caniodrvr.sys [2005-08-24 4096]
R2 DOSMEMIO;MEMIO;\??\c:\windows\system32\MEMIO.SYS [2007-07-31 4300]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbguard.exe -s []
R2 NMWebSrv;MPC Notebook System Manager Web Server;c:\mpc\jetty\NMWebSrv.exe -s c:\mpc\jetty\NMWebSrv.conf []
R2 SMAgent;MPC Notebook System Manager Agent;c:\mpc\system_monitor\agent\smaagent.exe NML 0 []
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbserver.exe -s []
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S1 msgpcc;msgpcc;c:\windows\system32\drivers\msgpcc.sys []
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-11 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce88dee-9a41-11dd-9df1-0019d2ad57f9}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b6b7e8-7de6-11dc-9d28-0019d2ad57f9}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0C526128-311B-4387-812E-4F2A38561DA9} - c:\windows\system32\geBronNf.dll
BHO-{58A9B975-D15D-4EAD-A72F-E68DA5BBC8F2} - (no file)
BHO-{7027135e-46c2-c8f3-b499-37321f77fe7a} - c:\windows\system32\gmqtgpesawfbhx.dll
BHO-{8F787A5D-01AE-F422-AD91-163A2B1964B1} - c:\windows\system32\tqqquffskwc.dll
BHO-{BCFCA218-11A2-6D2B-8B5F-4DE674860DE3} - (no file)
BHO-{e260b233-d52c-4b0f-8ee8-5cb8586aca43} - c:\windows\system32\tahvfq.dll
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
Notify-c004F3D6 - c004F3D6.mat
Notify-ljJCsTmN - ljJCsTmN.dll
Notify-sys32 - sys32.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Lisa Cloutier\Application Data\Mozilla\Firefox\Profiles\p6q9eira.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 12:18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cbXPhhhE.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\DRoster\Firebird\bin\fbguard.exe
c:\mpc\jetty\NMWebSrv.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\mpc\system_monitor\agent\smaagent.exe
c:\mpc\java\bin\java.exe
c:\program files\DRoster\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-12-03 12:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 17:22:32

Pre-Run: 61,792,391,168 bytes free
Post-Run: 62,057,488,384 bytes free

232 --- E O F --- 2008-10-25 03:20:51

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 03 December 2008 - 12:48 PM

Hi,

It looks like you were already infected for a while (at least one year since older malware was found here as well). Why did you wait so long?

Anyway... * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\system32\cbXPhhhE.dll
c:\documents and settings\Lisa Cloutier\~.exe
c:\windows\system32\qoMdAPGa.dll
c:\windows\system32\yrnmbfvdgxrixrfx.exe
Folder::
c:\windows\system32\vb
c:\windows\system32\QI19
c:\windows\system32\OT2
c:\windows\system32\im
c:\windows\system32\FPX
c:\program files\Webtools
c:\temp\DIV55
c:\temp\NT32
c:\documents and settings\Lisa Cloutier\Application Data\Twain
Driver::
msgpcc
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPhhhE]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 mutant_hopeful

mutant_hopeful
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 December 2008 - 01:16 PM

Hello,

This machine is my wife's, I bought it for her a little over a year ago. I have been traveling most of the year for work and have my own company laptop that I use. She didn't want to tell me about the problems she was having, didn't want to hassle me I guess. She says this has been going on for a long time. Thanks for the help.

Brian

ComboFix 08-12-02.02 - Lisa Cloutier 2008-12-03 12:59:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT -5:00]
Running from: c:\documents and settings\Lisa Cloutier\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Lisa Cloutier\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Lisa Cloutier\~.exe
c:\windows\system32\cbXPhhhE.dll
c:\windows\system32\qoMdAPGa.dll
c:\windows\system32\yrnmbfvdgxrixrfx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lisa Cloutier\~.exe
c:\documents and settings\Lisa Cloutier\Application Data\Twain
c:\program files\Webtools
c:\temp\DIV55
c:\temp\DIV55\xDb.log
c:\temp\NT32
c:\temp\NT32\zBV.log
c:\windows\system32\cbXPhhhE.dll
c:\windows\system32\FPX
c:\windows\system32\im
c:\windows\system32\OT2
c:\windows\system32\QI19
c:\windows\system32\qoMdAPGa.dll
c:\windows\system32\vb
c:\windows\system32\yrnmbfvdgxrixrfx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSGPCC
-------\Service_msgpcc


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 12:02 . 2008-12-03 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-02 17:27 . 2008-12-02 17:27 <DIR> d-------- c:\program files\AVG
2008-12-02 16:06 . 2008-12-02 16:06 <DIR> d-------- c:\documents and settings\Brian Anderson\Application Data\ArcSoft
2008-12-02 13:17 . 2008-12-02 13:17 94 --a------ c:\windows\MusicRip.ini
2008-12-02 13:17 . 2008-12-02 13:17 20 --ahs---- C:\ArcDeviceInfo
2008-12-02 13:15 . 2008-12-02 13:17 <DIR> d-------- c:\documents and settings\Lisa Cloutier\Application Data\ArcSoft
2008-12-02 11:57 . 2008-12-02 11:57 <DIR> d-------- c:\program files\INITIO
2008-12-02 11:57 . 2004-05-10 00:59 13,696 --a------ c:\windows\system32\drivers\inigpio.sys
2008-12-02 11:57 . 2005-04-26 19:38 4,736 --a------ c:\windows\system32\drivers\UsbFi2K.sys
2008-12-02 11:56 . 2008-12-02 11:56 <DIR> d-------- c:\program files\Common Files\ArcSoft
2008-12-02 11:56 . 2008-12-02 11:56 <DIR> d-------- c:\program files\ArcSoft
2008-12-02 11:56 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2008-12-02 11:56 . 2005-02-23 14:58 11,776 --a------ c:\windows\system32\drivers\afc.sys
2008-11-30 14:12 . 2008-11-30 14:13 <DIR> d-------- C:\rsit
2008-11-30 14:12 . 2008-12-02 19:19 <DIR> d-------- c:\program files\trend micro
2008-11-10 17:07 . 2008-11-10 17:08 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-09 00:34 . 2008-11-28 18:41 168 --ah----- C:\aaw7boot.cmd
2008-11-08 21:18 . 2008-11-08 21:18 <DIR> d-------- c:\documents and settings\Brian Anderson\Application Data\InterVideo
2008-11-08 20:16 . 2008-11-08 20:16 <DIR> d-------- c:\program files\Lavasoft
2008-11-08 20:16 . 2008-11-08 20:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 20:16 . 2008-11-08 20:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-06 14:54 . 2007-12-18 23:43 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-03 11:58 . 2008-12-03 13:00 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 17:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 16:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 22:30 --------- d-----w c:\documents and settings\Lisa Cloutier\Application Data\U3
2008-10-16 14:32 --------- d-----w c:\documents and settings\Other\Application Data\U3
2008-10-15 23:03 --------- d-----w c:\documents and settings\Other\Application Data\AdobeUM
2008-10-15 14:48 --------- d-----w c:\program files\TurboTax
2008-10-15 14:38 --------- d-----w c:\documents and settings\Other\Application Data\Intuit
2005-05-26 19:35 1,422 ----a-w c:\program files\ReadMe.txt
2007-07-31 23:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-10-18 17:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_12.21.53.82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 04:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 04:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 04:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 04:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 04:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 04:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 04:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-07-19 04:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2008-07-19 04:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-19 04:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 04:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 04:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 04:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 04:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 04:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 04:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-12-03 18:04:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_650.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2005-04-11 151552]
"DisplayManager"="c:\program files\Samsung\DisplayManager\DMLoader.exe" [2005-11-16 356352]
"Remote Console"="c:\mpc\system_monitor\agent\winvnc.exe" [2007-07-31 368640]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-08 29744]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-09 188416]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-14 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-10 68856]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

R2 caniodrvr;caniodrvr;\??\c:\mpc\system_monitor\agent\drivers\caniodrvr.sys [2005-08-24 4096]
R2 DOSMEMIO;MEMIO;\??\c:\windows\system32\MEMIO.SYS [2007-07-31 4300]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbguard.exe -s []
R2 NMWebSrv;MPC Notebook System Manager Web Server;c:\mpc\jetty\NMWebSrv.exe -s c:\mpc\jetty\NMWebSrv.conf []
R2 SMAgent;MPC Notebook System Manager Agent;c:\mpc\system_monitor\agent\smaagent.exe NML 0 []
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\DRoster\Firebird\bin\fbserver.exe -s []
R3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-11 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce88dee-9a41-11dd-9df1-0019d2ad57f9}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b6b7e8-7de6-11dc-9d28-0019d2ad57f9}]
\Shell\AutoRun\command - E:\setupSNK.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 13:07:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\DRoster\Firebird\bin\fbguard.exe
c:\mpc\jetty\NMWebSrv.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\mpc\system_monitor\agent\smaagent.exe
c:\mpc\java\bin\java.exe
c:\program files\DRoster\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-12-03 13:09:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 18:09:27
ComboFix2.txt 2008-12-03 17:22:47

Pre-Run: 61,997,944,832 bytes free
Post-Run: 61,988,184,064 bytes free

209 --- E O F --- 2008-10-25 03:20:51

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 03 December 2008 - 01:27 PM

Hi,

This looks OK again.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please change all the passwords afterwards, because this computer was also dealing with a passwordstealer.

Let me know in your next reply how things are now.

Edited by miekiemoes, 03 December 2008 - 01:27 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 mutant_hopeful

mutant_hopeful
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 03 December 2008 - 02:03 PM

Thank you very much, I'll let you know if anything pops back up. Everything seems to be running smooth now.

Brian

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 03 December 2008 - 02:30 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:54 PM

Posted 07 December 2008 - 04:39 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users