Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All scans clean but Firefox redirects


  • This topic is locked This topic is locked
71 replies to this topic

#1 Capn Easy

Capn Easy

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 07 December 2008 - 01:19 PM

Last Thursday I ran a routine check with Ad-Aware. It complained that a program on my computer "Free Hi-Q Recorder" was a Trojan. I've had this program a year, but haven't used it in at least 8 months (and I'm a novice at Windows) so I didn't quarantine it -- I went online to see if anyone was reporting anything similar.

I then ran Malwarebytes Anti-Malware. I updated, and Spybot immediately warned me of a critical value being changed. I (foolishly) assumed it was MBAM, so I okayed it. I started a full scan with MBAM, and Avast! immediately started reporting Trojans and "too many identical emails" warnings. Spybot warned of critical values being changed -- I stopped the ones I could. Some Firefox windows opened for a couple rogue "antivirus" products -- Firefox warned they were attack sites and I closed the browser. I also got a window open saying that Firefox had found an update to one of my add-ons -- I'm sure I closed it (I had other things on my mind just then!) but some people over at the Mozilla forums are complaining of being redirected after getting an update notification.

This went on for more than an hour while MBAM scanned. After the scan I applied the fix and the most noticeable attacks stopped. I ran additional scans of MBAM, Spybot S&D, Ad-aware and Avast! -- all are now reporting "no infected files" but my Google searches are still being redirected.

At the "Am I Infected" forum I was instructed to run ATF Cleaner and SUPERAntiSpyware -- which I did.

SUPERAntiSpyware scans show no infected files, but they are behaving strangely. While scanning Registry entries, at around 6000 to 6300 in the file count, file names begin flying by too fast to read, but the file counter stops incrementing. If I try to "Pause" the scan to see a filename the "Pause" button changes to "Resume" but the operation does not pause. This behavior starts when the Registry is checking filenames that begin with:

"HKLM\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\ZoneMap\Domains ..."

and continues for 5 to 10 minutes. The names that flash by include some of the sites I've been redirected to, and also many sites beginning with sexually explicit names, "porno", "poker", etc.

When the Registry reaches "HKLM\System\ControlSet\001\Services ..." the files begin incrementing properly and the scan responds properly when I click the "Pause" button.


That's where I am now. All scans are coming up clean, but something is still redirecting my browser ... and I don't know if anything else is going on that I don't know about.

I tried to run a Kaspersky online scan, but it failed to load the applet (twice).

Here are my HJT logs. Thanks in advance for any help you can give me!



-----------------------------------------
info.txt
-----------------------------------------


info.txt logfile of random's system information tool 1.04 2008-12-07 12:44:21

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove

/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove

/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe"

/remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe"

/remove /l0x0009
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unmrw.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\setup.exe" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{869E0E63-21D4-4B71-ABB4-AA27D82E52F4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{869E0E63-21D4-4B71-ABB4-AA27D82E52F4}\setup.exe" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{86CE70AB-EE71-4B17-9458-8D3C7C9E77CF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{86CE70AB-EE71-4B17-9458-8D3C7C9E77CF}\setup.exe" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9

/remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{F12F9787-0081-41A2-BDD2-5654C6F40BAF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{49C9FA2A-2075-43F8-B766-28012002C66D}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{49C9FA2A-2075-43F8-B766-28012002C66D}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}

\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}

\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}

\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}

\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}

\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
A.F.5 Rename your files 1.1-->MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}
Access IBM Cleanup Utility-->MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Access IBM Message Center-->MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools-->C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Access IBM-->MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AsfTools 3.1 (remove only)-->C:\Program Files\AsfTools 3.1\Uninst.exe
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil

Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-

BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
BurnPlugin for Audible-->MsiExec.exe /I{301120E0-45A9-498C-8627-19E7E20EFA3A}
Calendar Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{AB73CF18-528A-4E18-83B2-380CD0BC8EA7}

\setup.exe" -l0x9 anything
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant SoftK56 Data Fax-->C:\Program

Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200214F1\HXFSETUP.EXE -U -

IVEN_14F1&DEV_2702&SUBSYS_200214F1
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-

AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-

8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01

\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-

82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-

848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Sleek Photo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A35086AC-0EB3-496D-

BC00-5CB856ED53A8}\SETUP.EXE" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-

963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Creative ZEN Vision M Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-

B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
CyberView X - SF v1.18a-->"C:\Program Files\InstallShield Installation Information\{D8FF6E29-36B4-

474F-A88F-973087650C00}\setup.exe" -runfromtemp -l0x0009 -removeonly
dBworx ver 3.6 (Freeware)-->C:\dbworx\unins000.exe
DC6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{06D9DBA0-6561-4225-A622-B08726886EE8}\Setup.exe" -l0x9
DC7-->MsiExec.exe /I{859F6F7D-7A17-480B-B509-CCA9B3EDCC69}
DCart32V4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Diamond Cut Productions\Uninst.isu"
ESBCalc v6.1.0-->"C:\Program Files\ESBCalc\unins000.exe"
exPressit S.E. 2.1-->"C:\Program Files\exPressit S.E. 2.1\UninstallerData\Uninstall exPressit S.E.

2.1.exe"
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
FREE Hi-Q Recorder 1.92-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
Free Video to Flash Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free Video to Flash

Converter\unins000.exe"
Free Video to Mp3 Converter version 2.8-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3

Converter\unins000.exe"
Free YouTube Download 2.1-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3

Converter\unins000.exe"
FreeRIP v2.944-->"C:\Program Files\FreeRIP2\unins000.exe"
Glary Registry Repair 2.8-->"C:\Program Files\Glary Registry Repair\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16

-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399

$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683

$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1

\IDriver.exe /M{A817B3CA-6DF3-4A21-A9BE-0C217E9673D1} /l1033
IBM Access Support-->wscript "C:\Program Files\Support.com\bin\uninstall.vbs" -uninstall -release1
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM Update Connector-->MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
IBM USB Enhanced Performance Keyboard-->SKUninst.exe LTON_HISUSBKeyboardProductivity
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx

PCI\VEN_8086&DEV_2572
Intel® PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-

A172-74842B764777}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
IZArc 3.81-->"C:\Program Files\IZArc\unins001.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kensington MouseWorks-->C:\Program Files\Kensington\MouseWorks\KMW_UN.EXE
LexarMedia ImageRescue Software-->MsiExec.exe /X{DE1A361F-31DC-4AC5-ABBA-2323BC505880}
LightScribe Applications-->MsiExec.exe /X{7373184D-8E8F-4308-912A-3901071FA1AD}
Lightscribe Extended Label Contrast Utility-->MsiExec.exe /X{519FCD20-AB3E-4A4F-AA30-2AAED80513A8}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LP Recorder-->C:\PROGRA~1\LPRECO~1\UNWISE.EXE C:\PROGRA~1\LPRECO~1\INSTALL.LOG
LP Ripper-->C:\PROGRA~1\LPRIPP~1\UNWISE.EXE C:\PROGRA~1\LPRIPP~1\INSTALL.LOG
MagicTune Premium-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-

9833-D3FAFE2AD24D}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366

\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1

$\spuninst\spuninst.exe"
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000

$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection

C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mkw Audio Compression Toolkit-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Michael K. Weise\mkw

Audio Compression Toolkit\Uninst.isu"
Mouse Suite-->PMUninst.exe MouseSuite98
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-

8CE5-2AF05A4A4CC9}\Setup.exe" -l0x9
MuVo Slim-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{F12F9787-0081-41A2-BDD2-5654C6F40BAF}\setup.exe" -l0x9

/remove
Nero 7 Essentials-->MsiExec.exe /I{07474E69-E9E4-4B03-AC0E-D24B04231033}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Net MD Simple Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}

\setup.exe" -l0x9 UNINSTALL
NOMAD Jukebox 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{8742360F-9348-11D6-85F3-00902722F429}

\SETUP.EXE" -l0x9
OpenMG Limited Patch 3.1-02-10-22-01-->C:\Program Files\Common Files\Sony

Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-01\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.1-02-10-22-02-->C:\Program Files\Common Files\Sony

Shared\OpenMG\HotFixes\HotFix3.1-02-10-22-02\HotFixSetup\setup.exe /u
OpenMG Limited Patch 3.1-02-12-04-01-->C:\Program Files\Common Files\Sony

Shared\OpenMG\HotFixes\HotFix3.1-02-12-04-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{117C01B5-9D68-4A15-

85E2-A7CDFA82CEB9}\setup.exe" -l0x9 UNINSTALL
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}

\SETUP.EXE"
PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1

\HXFSETUP.EXE -U -IPSCRCTR5K.INF
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PrintMaster 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}

\setup.exe" -l0x9 anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458

$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11

$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11

$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2

$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 1.5.06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup

"C:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}

\setup.exe" -l0x9 UNINSTALL
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Startup Optimizer 1.6-->"C:\Program Files\Startup Optimizer\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Support.com Software-->wscript "C:\Program Files\Support.com\bin\admins.vbs"
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
ThinkCentre Wallpaper-->MsiExec.exe /I{80380166-A872-4B78-B98A-33447A032BDF}
TrueDownloader 0.82-->"C:\Program Files\TrueDownloader\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - PIE Image 10/22/2002 1.1.1-->C:\WINDOWS\system32

\DRVSTORE\Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e\DpInst.exe /u

Pf1800lc_3d4d1e7469145e230b6f1f02e521cadf1bed999e
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32

\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-

90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081206-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for

Windows\services;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------



---------------------------------
log.txt
---------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Kevin at 2008-12-07 12:43:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 188 GB (39%) free of 477 GB
Total RAM: 1015 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:17 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kevin\Desktop\RSIT.exe
C:\Program Files\trend micro\Kevin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.almanac.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MacroWorks II.lnk = C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe
O4 - Global Startup: GammaTray.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.com/pc/support/access/asl...nt/IbmEgath.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

--
End of file - 10453 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-04-02 187512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-16 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-09-02 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-06-28 622592]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-06-29 77824]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-16 1164912]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-16 1941784]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-16 87584]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-25 1397760]
"Hot Key Kbd Daemon"=C:\WINDOWS\system32\SKDAEMON.EXE [2004-03-05 40960]
"kmw_run.exe"=C:\WINDOWS\system32\kmw_run.exe [2004-01-27 106496]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup
MacroWorks II.lnk - C:\Program Files\PI Engineering\MacroWorks II\MacroWorks.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-01 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-05-23 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0ttxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati0vgxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4ahxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0ttxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati0vgxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ati4ahxx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Documents and Settings\Kevin\Local Settings\Temp\{57764780-e33b-11d1-96ed-00a024a83a15}\k_update.exe"="C:\Documents and Settings\Kevin\Local Settings\Temp\{57764780-e33b-11d1-96ed-00a024a83a15}

\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\Program Files\Kensington\MouseWorks\k_update.exe"="C:\Program Files\Kensington\MouseWorks\k_update.exe:*:Enabled:Kensington Digital Update of installed software via the Web."
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2008-12-07 12:43:39 ----D---- C:\rsit
2008-12-07 12:43:39 ----D---- C:\Program Files\trend micro
2008-12-05 17:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-05 17:22:23 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-05 17:22:23 ----D---- C:\Documents and Settings\Kevin\Application Data\SUPERAntiSpyware.com
2008-12-04 21:57:19 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-04 20:41:21 ----A---- C:\WINDOWS\iibfhghj.txt
2008-12-04 19:41:06 ----N---- C:\WINDOWS\ufepediw.dll
2008-12-04 19:28:59 ----N---- C:\WINDOWS\Mkuha.dll
2008-11-27 22:23:36 ----D---- C:\Program Files\iPod
2008-11-27 22:23:33 ----D---- C:\Program Files\iTunes
2008-11-27 22:23:33 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-16 00:28:48 ----D---- C:\Program Files\Common Files\xing shared
2008-11-12 21:47:27 ----D---- C:\Program Files\ConvertHelper
2008-11-12 03:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-27 13:55:37 ----D---- C:\WINDOWS\system32\wbem
2008-12-07 12:43:39 ----RD---- C:\Program Files
2008-12-07 11:47:31 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 11:46:45 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-07 11:46:16 ----D---- C:\WINDOWS\Temp
2008-12-07 11:45:02 ----AD---- C:\WINDOWS
2008-12-07 11:45:02 ----A---- C:\WINDOWS\TMP0001.TMP
2008-12-07 04:15:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 04:06:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 17:22:26 ----SHD---- C:\WINDOWS\Installer
2008-12-05 17:22:26 ----D---- C:\Config.Msi
2008-12-05 17:21:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 16:28:55 ----D---- C:\WINDOWS\Prefetch
2008-12-05 12:52:01 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-04 21:34:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 21:33:09 ----D---- C:\WINDOWS\system32\drivers
2008-12-04 21:33:09 ----D---- C:\Program Files\FREE Hi-Q Recorder
2008-12-04 21:07:54 ----D---- C:\WINDOWS\Debug
2008-12-04 20:50:09 ----AD---- C:\WINDOWS\system32
2008-12-04 19:58:37 ----D---- C:\temp
2008-12-04 19:27:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-01 19:03:17 ----A---- C:\WINDOWS\win.ini
2008-12-01 04:04:42 ----A---- C:\WINDOWS\CTACD.INI
2008-11-30 19:01:55 ----D---- C:\Program Files\Mp3 My Mp3 2.0
2008-11-27 22:23:35 ----D---- C:\Program Files\Common Files\Apple
2008-11-27 22:22:03 ----D---- C:\Program Files\QuickTime
2008-11-27 14:02:42 ----D---- C:\dbworx
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-22 03:18:08 ----D---- C:\Program Files\FlashGet
2008-11-20 12:56:31 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-16 00:28:48 ----D---- C:\Program Files\Common Files
2008-11-16 00:28:37 ----D---- C:\Program Files\Common Files\Real
2008-11-16 00:28:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-11-16 00:28:16 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-11-16 00:28:16 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-11-16 00:28:11 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-11-12 03:01:08 ----HD---- C:\WINDOWS\inf
2008-11-12 03:01:04 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 03:00:33 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-25 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-25 28672]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-09-02 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-09-02 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-09-02 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-09-02 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-09-02 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-09-02 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-09-02 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-09-02 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-09-02 100603]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-04-19 39264]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-07-01 724221]
R3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys [2004-01-27 5248]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver; C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2004-01-27 90752]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-02-13 12544]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-25 101504]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-07-22 120062]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-07-22 96858]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2002-08-26 16944]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETMDUSB;Net MD; C:\WINDOWS\System32\Drivers\NETMDUSB.sys [2002-08-08 38951]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pelmouse;Mouse Suite Driver; C:\WINDOWS\System32\DRIVERS\pelmouse.sys [2003-01-10 16384]
S3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\System32\DRIVERS\pelusblf.sys [2003-02-11 9216]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-16 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-16 230944]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-10-03 102400]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-03-16 45056]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-25 876032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 SPTISRV;Sony SPTI Service; C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe [2002-07-23 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Edited by Capn Easy, 07 December 2008 - 01:40 PM.


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:38 PM

Posted 14 December 2008 - 03:07 PM

Hello Capn Easy :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


Please refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



I will need some time to look over your log but in the meantime I would like you to do a couple of things for me.


I need the last log from your run of MalwareBytes Anti-Malware. This can be accessed by launching the program and then selecting Logs tab. The log that we need which is the latest would the one on the bottom.


I would also like for you to try the Kaspersky scan again but this time let's try it with TeaTimer disabled. Instructions are below.



To disable SPYBOT TEATIMER

* Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
* On the left hand side, click on Tools, then click on the Resident Icon in the list.
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* Click on the "System Startup" icon in the List
* Uncheck the "TeaTimer" box and "OK" any prompts.
* If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
* Exit Spybot S&D when done.
* (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]






Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.





When completed please both both logs fromMBAM as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 14 December 2008 - 04:00 PM

Hi, thewall --

I will try the Kaspersky online scan again. Do I need to be running Internet Explorer for it to work? (I use Firefox.)

I have also copied the last MBAM scan. I was told not to make any changes to my computer, so I have not run a scan since being directed here. The scan looks clean, but I don't trust it since SUPERAntiSpyware is behaving very oddly when it checks my Registry.


PLEASE NOTE: After posting my HijackThis log, but before I got the notice not to make any changes, I deleted some folders of music files (MP3 and WAV). Also, on Tuesday, 12/9, my computer got (what appeared to be legit) Windows updates, including a Microsoft Malware removal tool. The computer attempted to process the updates when I shut it down -- I have no idea if it was successful or not -- but the next time I booted up my usual desktop background was gone, replaced by a warning screen saying that Windows had encountered an unexpected error and turned off my active desktop as a precaution.

I share a FiOS connection with 3 other computers, one of which (the kids' computer) was apparently infected before me. The kids just thought Google was acting funny and didn't tell us until I told them about my troubles. The other two computers are apparently not affected -- at least, no obvious symptoms. (The kids' computer is an almost 7 year old Gateway that we were planning on replacing anyway. We've taken it off the network and will not run it again.)

Thanks for your time -- I do appreciate how busy you folks are.

Please get back to me about the Kaspersky online scan.

Thanks.

================================



Malwarebytes' Anti-Malware 1.31
Database version: 1467
Windows 5.1.2600 Service Pack 3

12/7/2008 2:58:49 AM
mbam-log-2008-12-07 (02-58-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160305
Time elapsed: 58 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:38 PM

Posted 14 December 2008 - 04:19 PM

Yes, you should be able to run with Firefox.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 15 December 2008 - 02:40 AM

Hi, thewall --

Got the Kaspersky scan done. I got no prompt for an ActiveX component.

The setting selections were a little different, but I think I got the right ones. I did disable TeaTimer. The Kaspersky scan warned that it might not run if another antivirus program was running -- you didn't say to disable Avast! so I left it running and the scan apparently worked.

That did take quite a while, but it found something.

Here's the log:



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 23:15:03
Records in database: 1461430
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 121054
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:13:58


File name / Threat name / Threats count
C:\IBMTOOLS\APPS\RRPC\RRPC\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 2

The selected area was scanned.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:38 PM

Posted 15 December 2008 - 03:02 PM

...but my Google searches are still being redirected




Sorry, I should have asked. Are you get redirected to one particular site or various ones? And if it is one or several could you give me an idea what they are?

I'm running somewhat behind and I may not be able to get back before tomorrow. Just wanted to let you know.


Thanks!!
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 16 December 2008 - 01:21 AM

The redirections are to various sites, but there are some patterns.

First, the redirections are usually relevant to the search term and usually involve the first site returned by the search:

Okay, something survived ATF Cleaner, and possibly SUPERAntiSpyware.

First, Google searches are still being redirected, mostly to shopping sites. For instance, I just ran a pretty generic search as a test. I searched on "Digital Camera." The first entry on the Google list was:


http://www.dpreview.com/




but when I clicked on it I was redirected to


http://www.alibaba.com/showroom/Digital_Cameras.html?src=ibdm_d03p0020e02r37&ibdm_KW=digital+camera



The process usually goes through a site like

google.goored.com

Obviously, DO NOT GO TO THAT SITE!

#8 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 16 December 2008 - 01:28 AM

There is one other interesting characteristic to the redirections. When I Googled "goored" I came up with a few references to it in Mozilla's Firefox forum posts. When I tried to go to the appropriate post from Google I was redirected to a non-English version of the post. This redirection to a non-English language version of the forum has occurred whenever I search for this term and try to get from the search list to a Mozilla forum post. The proper post could be viewed in Google's cached page, and I was able to get to the forums through the address bar and then use the forum search feature to find the appropriate posts.

The pertinent posts start HERE. I post as cromag on those forums. My post is HERE.

Edited by Capn Easy, 16 December 2008 - 01:36 AM.


#9 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 16 December 2008 - 04:19 PM

Okay, here's a fresh one. I just did a Google search for "cassette tape" and the address bar briefly showed redirection through something that looked like "goougly.com" and I went to:

http://www.toseeka.com/search.php?q=cassette_tape&source=miva2_kw+001+001_cassette_tape&source=miva2_kw+001+001_cassette_tape&source=miva2_kw+001+001_cassette_tape





The first item on the list was a wikipedia entry and I got there without incident. The second item on the list was:

www.designboom.com/contemporary/cassettes.html

This was the one that got redirected.



Okay, I went to Firefox's history and got the redirect site:

http://goougly.com/c.php?url=http%3A%2F%2Fwww.designboom.com%2Fcontemporary%2Fcassettes.html&p=1




I hope this helps.

Thanks

Edited by Capn Easy, 16 December 2008 - 04:32 PM.


#10 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 16 December 2008 - 05:09 PM

I'm also getting a couple of "cookies" in Firefox, repeatedly, for numeric url's that seem to be connected to the redirects:

64.111.196.117

66.230.188.67

#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:38 PM

Posted 16 December 2008 - 07:34 PM

Hi, :thumbsup: I am still looking over your logs from here and when you first came on the site. I should have something up for you hopefully by tomorrow. Thanks for all the extra info.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 16 December 2008 - 08:00 PM

Thanks.

Let me know if you want me to re-run any of them.

#13 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 17 December 2008 - 12:17 PM

In going through my Firefox history I'm also finding evidence of some "silent" activity. In particular, after a visit here to BleepingComputer I was not aware of anything out of the ordinary, but the Firefox history shows some ... I don't know, side trips of some sort? I thought I went straight to the satellite TV site.

(I put in a blank line between the entries to improve readability.)


http://www.bleepingcomputer.com/forums/index.php?showtopic=184809&st=0&gopid=1049218&#entry1049218

http://64.111.196.117/c.php?s=eNodUsmSqjAA_CCrNAsk4TAHREFFUFABubwKJCiK4Apo5ePHedWHXo7dXSoIKdUURAQo7zTXvRL03mQKFBgCA2lfgppCADCIIIEEUWCoPbI_OYqAcHYH4dhdGvz8qCyHVELGdUwLWeiQUZZLkOOC6IIQpv_jGgG8oIZWcCgk54xDlhMGi1w3pMGgQkRBJf3G7sTzdTiZpulbI5ba2XzqLOLgljq5_5yXVvI0btY1DJsmWLsQP1bn1C3EDPSTGN9R9JlYofPMetk02SypB-jgD5AZdW51PNY0cHu73my3gzUrxzhCy5VoZnT_MVqzX7yi2rySSujVdRqICVqea3uRd7di_46TeeUfRcqDiM3fSAsi0Maj0QN67xGI8bRJwzLenye7xkLcTsv2M9htEgCNkK_vi1501z5wHInvo4cVJW410J5bRJ7n2rPK6cb1i3KSh5IjZ_U2z5o59waXlwi2deYga3OaTdvQtUdtZ5Kx3Lbe6e42d3ml1_R--HZP0ZCxIYJ0iIFSX8n0oYGHVH0dUgILvLz4rUjGbXaBrYh1sI-r11-W_U0H_kNhlSMbpHH_4ElYLZMQLesQKR1DiHEusKTfl1CNYG5wjeWGUWQ0k-AXhlK2Lw

http://64.111.197.82/c.php?re=1&r=eNodUsmSqjAA_CCrNAsk4TAHREFFUFABubwKJCiK4Apo5ePHedWHXo7dXSoIKdUURAQo7zTXvRL03mQKFBgCA2lfgppCADCIIIEEUWCoPbI_OYqAcHYH4dhdGvz8qCyHVELGdUwLWeiQUZZLkOOC6IIQpv_jGgG8oIZWcCgk54xDlhMGi1w3pMGgQkRBJf3G7sTzdTiZpulbI5ba2XzqLOLgljq5_5yXVvI0btY1DJsmWLsQP1bn1C3EDPSTGN9R9JlYofPMetk02SypB-jgD5AZdW51PNY0cHu73my3gzUrxzhCy5VoZnT_MVqzX7yi2rySSujVdRqICVqea3uRd7di_46TeeUfRcqDiM3fSAsi0Maj0QN67xGI8bRJwzLenye7xkLcTsv2M9htEgCNkK_vi1501z5wHInvo4cVJW410J5bRJ7n2rPK6cb1i3KSh5IjZ_U2z5o59waXlwi2deYga3OaTdvQtUdtZ5Kx3Lbe6e42d3ml1_R--HZP0ZCxIYJ0iIFSX8n0oYGHVH0dUgILvLz4rUjGbXaBrYh1sI-r11-W_U0H_kNhlSMbpHH_4ElYLZMQLesQKR1DiHEusKTfl1CNYG5wjeWGUWQ0k-AXhlK2Lw&u=0c1c4c062714318bfd3ce768f74335ac&cid=cdeefa4a9f762728e4e0d94138bc967e&rc=0&pa=&ref1=&ref2=

http://v10.xmlsearch.miva.com/bin/findwhat.dll?clickthrough&y=52594&x=d;d9QhYESAbY;FsjXQCnIk8:cQYaSZzYSvWyqx8c2TZAB0TXp0j8;UwO4T1WJcPodIttqvwh5ATAcxKsyqzRVy1jByrm2pK2WlFIWhjaQUPHRvaySLjzgpj4;ZtQSaXfqqTKMaazqU8idAzAphChq1SkLeKasUwfCZylcp;YcIBsVAcNdhWXWeZKK

http://atl.xmlsearch.miva.com/bin/findwhat.dll?clickthrough&y=52594&x=b:JBxFmOPg8lBqEyD3MhTVwkRbmEP:nlPHIjlQwXXmqJQQYaE5sTOAjonmTq664V0rLS9HjuATYJU5atrknpigTyQT;eXUaU5rSzWFsExA45hVtjPOsMjUscBSLvPMKN9kYKgatM9AwF0gnJEUMu9il1ScaEfkjNc:idUU6lRoZtyg:A0FIaZbaFW6XNGG$hi&c=F7DC42C7%2D5357%2D47EB%2D9AA2%2D47DDC81C3B06

http://satellite-tv.tv/index.php


#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:38 PM

Posted 17 December 2008 - 01:23 PM

It seems the problems you are experiencing have came to the attention of people who write programs to deal with certain infections. In this case it is a program aimed directly at those with google.goored issues.




Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.


When completed along with the Goored.txt please post a new HJT log.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 Capn Easy

Capn Easy
  • Topic Starter

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Location:New Jersey
  • Local time:08:38 PM

Posted 17 December 2008 - 03:38 PM

Thanks, thewall! I'm a stay-at-home dad and I'm doing homework with the kids right now. I should be able to run this later this afternoon or evening.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users