Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Theres adware/Malware on my computer.


  • This topic is locked This topic is locked
37 replies to this topic

#1 monkpart9

monkpart9

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 13 December 2008 - 10:36 AM

...And I know this

I was wondering if anyone out there might be able to help?

PLease
and thanks. :]

------------------------------------------------------
HIjack This log
-----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:59 AM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Seekeen\seekeen.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Seekeen\seekeen.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Nick\Desktop\Protection Applicatons(Spyware, Malware, Adware\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Smart-Shopper - {4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VoloMedia Service] "C:\Program Files\VoloMedia\VoloMedia Service\VoloMediaService.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Sidebar.lnk = C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\fun4im\bndhook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkJcYrs - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

--
End of file - 11915 bytes
If you do things right, then people won't know if you've done anything at all.

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 18 December 2008 - 07:51 PM

Hello monkpart9 :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.


I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.







Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 20 December 2008 - 02:59 PM

Aright below are the Kaspersky scan results as well as the RSIT logs.
-----------------------------------------------------
Kaspersky
----------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 13:51:06
Records in database: 1491680
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 121182
Threat name: 15
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 03:08:16


File name / Threat name / Threats count
C:\WINDOWS\system32\closeapp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\WINDOWS\system32\vimc.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
D:\Brenda\My Documents\My Videos\skatingpartyss.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Brenda\My Documents\My Videos\skatingpartyss.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
D:\Brenda\My Documents\My Videos\skatingpartyss.exe Infected: Trojan-Downloader.Win32.Small.bke 1
D:\Brenda\My Documents\My Videos\skatingpartyss.exe Infected: not-a-virus:AdWare.Win32.WebRebates.r 1
D:\Brenda\My Documents\My Videos\skatingpartyss.exe Infected: not-a-virus:AdWare.Win32.WebRebates.p 3
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 2
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 1
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 1
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer 2
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.370 1
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k 1
D:\Brenda\My Documents\My Videos\snowycottagefree.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1
D:\Michael\Desktop\Music\toon boom [fastest wyzo download].zip Infected: Trojan.Win32.Obfuscated.en 1
D:\Michael\My Documents\snes\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
D:\Michael\My Documents\snes\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1

The selected area was scanned.
--------------------------------------------------------
"Info" RSIT Log
-------------------------------------------------------
info.txt logfile of random's system information tool 1.05 2008-12-20 14:55:40

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware 2007-->MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Allok 3GP PSP MP4 iPod Video Converter 5.1.0821-->"C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
AP Guitar Tuner-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Audio Phonics, Inc.\AP Guitar Tuner\DeIsL1.isu" -c"C:\Program Files\Audio Phonics, Inc.\AP Guitar Tuner\_ISREG32.DLL"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Are You Smarter Than A 5th Grader (remove only)-->"C:\Program Files\iWin.com\Are You Smarter Than A 5th Grader\Uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BoontyBox 2.1-->"C:\WINDOWS\unins001.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cucusoft DVD to Zune + Zune Video Converter Suite 7.15.7.8-->"C:\Program Files\Cucusoft\zune-converter\unins000.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
Eazy VCD 1.15a-->C:\PROGRA~1\EAZYVC~1\UNWISE.EXE C:\PROGRA~1\EAZYVC~1\INSTALL.LOG
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
ffdshow [rev 1975] [2008-05-26]-->"C:\Program Files\ffdshow\unins000.exe"
Fizzball-->"C:\Program Files\Fizzball\ReflexiveArcade\unins000.exe"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
Fun4IM-->C:\Program Files\Fun4IM\PreUninstall.exe
FXhome VideoWrap! (remove only)-->"C:\Program Files\FXhome VideoWrap!\FXhome VideoWrap! Uninstall.exe"
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glyph-->"C:\Program Files\Glyph\ReflexiveArcade\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Guru Version 2.2.0-->"C:\Program Files\Musicnotes\GuitarGuru\unins000.exe"
Heavy Weapon Deluxe-->MsiExec.exe /I{9CD41435-0A34-4274-88BD-9A9A0E835C04}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Nick\Desktop\Protection Applicatons(Spyware, Malware, Adware\HijackThis.exe" /uninstall
Hotel Solitaire-->"C:\Program Files\Hotel Solitaire\ReflexiveArcade\unins000.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod Copy Expert 3.1.2-->"C:\Program Files\iPod Copy Expert\unins000.exe"
iTunes-->MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
iWin Toolbar-->C:\PROGRA~1\iWin\UNWISE.EXE C:\PROGRA~1\iWin\INSTALL.LOG
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Loco Christmas Edition (remove only)-->"C:\Program Files\Loco Christmas Edition\Uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Mahjong Fortuna 2 Deluxe-->"C:\Program Files\Mahjong Fortuna 2 Deluxe\ReflexiveArcade\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Loops-->"C:\Program Files\Memory Loops\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Premium 2007-->MsiExec.exe /I{07040081-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Mystery Case Files Prime Suspects-->"C:\Program Files\Mystery Case Files Prime Suspects\unins000.exe"
Mystery Solitaire Secret Island-->"C:\Program Files\Mystery Solitaire Secret Island\ReflexiveArcade\unins000.exe"
Newspaper Puzzle Challenge-->"C:\Program Files\Newspaper Puzzle Challenge\ReflexiveArcade\unins000.exe"
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
Norton Security Scan-->MsiExec.exe /I{DA15D535-5E1D-4076-B520-8571346D6238}
Ocean Express-->"C:\Program Files\Ocean Express\unins000.exe"
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Pandora's GUI-->MsiExec.exe /X{B63FAB20-EA87-4C20-AA28-32DC973D5751}
Pizza Frenzy-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Pizza Frenzy\irunin.ini"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
Protected Music Converter 1.0.0.10-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QBeez 2-->"C:\Program Files\QBeez 2\ReflexiveArcade\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe"
RelevantKnowledge-->C:\Program Files\RelevantKnowledge\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
SCRABBLE Deluxe-->C:\PROGRA~1\ZONE~1.COM\SCRABB~1\UNWISE.EXE C:\PROGRA~1\ZONE~1.COM\SCRABB~1\INSTALL.LOG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Seekeen 1.0 build 132-->C:\Program Files\Seekeen\uninstall.exe
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Slingo Quest-->"C:\Program Files\Slingo Quest\ReflexiveArcade\unins000.exe"
Snood Deluxe-->MsiExec.exe /I{7C594459-6829-420D-A773-041F64CBC330}
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Defender 3-->"C:\Program Files\Star Defender 3\ReflexiveArcade\unins000.exe"
Super Collapse 3-->"C:\Program Files\Super Collapse 3\ReflexiveArcade\unins000.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
The Da Vinci Code (remove only)-->C:\Program Files\The Da Vinci Code\Uninstall.exe
Thoosje Sidebar 2.2-->C:\Program Files\Thoosje Sidebar 2.2\Uninstal.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /X{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vista Transformation Pack 6.0-->C:\WINDOWS\System32\vimc.exe
VoloMedia iTunes Plug-in-->MsiExec.exe /X{97A013E9-D87A-47D1-8D7D-4D7D43301772}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Word Slinger-->"C:\Program Files\Word Slinger\unins000.exe"
Xilisoft PSP Video Converter-->C:\Program Files\Xilisoft\PSP Video Converter 3\Uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Zodiac Tower-->"C:\Program Files\Zodiac Tower\ReflexiveArcade\unins000.exe"
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

=====HijackThis Backups=====

O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKUS\S-1-5-21-1801674531-1645522239-1177238915-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Michael')
O4 - HKUS\S-1-5-21-1801674531-1645522239-1177238915-1006\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Michael')
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKUS\S-1-5-21-1801674531-1645522239-1177238915-1006\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" (User 'Michael')
O2 - BHO: (no name) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
O2 - BHO: (no name) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - (no file)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O3 - Toolbar: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolpro.com/redirect.php (file missing)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.552

System event log

Computer Name: VISTA2007
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 45525
Source Name: Service Control Manager
Time Written: 20081211224102.000000-300
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 45524
Source Name: Service Control Manager
Time Written: 20081211224102.000000-300
Event Type: information
User: VISTA2007\Michael

Computer Name: VISTA2007
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.

Record Number: 45523
Source Name: Service Control Manager
Time Written: 20081211223902.000000-300
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.

Record Number: 45522
Source Name: Service Control Manager
Time Written: 20081211223902.000000-300
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.

Record Number: 45521
Source Name: Service Control Manager
Time Written: 20081211223902.000000-300
Event Type: information
User: VISTA2007\Michael

Application event log

Computer Name: VISTA2007
Event Code: 103
Message: MsnMsgr (2044) \\.\C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Messenger\madwolf90@hotmail.com\SharingMetadata\Working\database_9C18_1DC8_181D_A1F6\dfsr.db: The database engine stopped the instance (0).

Record Number: 2139
Source Name: ESENT
Time Written: 20080930221621.000000-240
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 2138
Source Name: Application Error
Time Written: 20080930214507.000000-240
Event Type: error
User:

Computer Name: VISTA2007
Event Code: 102
Message: MsnMsgr (2044) \\.\C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Messenger\madwolf90@hotmail.com\SharingMetadata\Working\database_9C18_1DC8_181D_A1F6\dfsr.db: The database engine started a new instance (0).

Record Number: 2137
Source Name: ESENT
Time Written: 20080930214453.000000-240
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 100
Message: MsnMsgr (2044) The database engine 5.01.2600.5512 started.

Record Number: 2136
Source Name: ESENT
Time Written: 20080930214452.000000-240
Event Type: information
User:

Computer Name: VISTA2007
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 2135
Source Name: usnjsvc
Time Written: 20080930214448.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
----------------------------------------------
"log" RSIT log
---------------------------------------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by Nick at 2008-12-20 14:55:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (4%) free of 40 GB
Total RAM: 766 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:34 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nick\Desktop\Protection Applicatons(Spyware, Malware, Adware\RSIT.exe
C:\Documents and Settings\Nick\Desktop\Protection Applicatons(Spyware, Malware, Adware\Nick.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VoloMedia Service] "C:\Program Files\VoloMedia\VoloMedia Service\VoloMediaService.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Sidebar.lnk = C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\progra~1\fun4im\bndhook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkJcYrs - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

--
End of file - 11180 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
Encarta Web Companion Helper Object - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-12 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-10 256792]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{ce0c2586-da36-452b-acdb-320d9bcb19bf} - iWin Toolbar - C:\Program Files\iWin\tbiWin.dll [2008-08-20 1780248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-06-06 1404928]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-10-17 590848]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-06 50688]
"Styler"=C:\Program Files\Styler\Styler.exe [2006-05-03 307200]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-08-15 271672]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe []
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"VoloMedia Service"=C:\Program Files\VoloMedia\VoloMedia Service\VoloMediaService.exe [2008-10-23 3564240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AIM"=C:\Program Files\AIM\aim.exe -cnetwait.odl []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-29 68856]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Run Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe
Sidebar.lnk - C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe

C:\Documents and Settings\Nick\Start Menu\Programs\Startup
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\fun4im\bndhook.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkJcYrs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-07 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Nick\Desktop\nicks folder\[ PC Games ] - Age of Empires II(FULL)(2)\age2_x1.exe"="C:\Documents and Settings\Nick\Desktop\nicks folder\[ PC Games ] - Age of Empires II(FULL)(2)\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Michael\Desktop\utorrent.exe"="C:\Documents and Settings\Michael\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\iWin Games\iWinGames.exe"="C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application."
"C:\Program Files\iWin Games\WebUpdater.exe"="C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42c2538-79e4-11dc-bc75-000bdbb2d3d2}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-20 14:55:05 ----D---- C:\rsit
2008-12-19 01:41:33 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-12-19 01:40:52 ----D---- C:\Program Files\WorldOfGoo
2008-12-14 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 03:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-14 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-13 12:26:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-13 10:39:35 ----D---- C:\VundoFix Backups
2008-12-09 17:55:19 ----D---- C:\Documents and Settings\Nick\Application Data\iWinArcade
2008-12-08 15:19:02 ----D---- C:\Documents and Settings\Nick\Application Data\VoloMedia Service
2008-12-07 14:29:15 ----D---- C:\Program Files\Winferno
2008-12-07 14:29:05 ----D---- C:\Documents and Settings\All Users\Application Data\Bandoo
2008-12-07 14:28:42 ----D---- C:\Program Files\Fun4IM
2008-12-06 18:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-12-06 18:53:55 ----D---- C:\Program Files\Common Files\BOONTY Shared
2008-12-06 18:49:05 ----D---- C:\Program Files\My Downloaded Games
2008-12-06 18:49:05 ----D---- C:\Program Files\BoontyGames
2008-12-06 18:48:50 ----D---- C:\Program Files\Boonty
2008-12-06 18:48:50 ----A---- C:\WINDOWS\unins001.exe
2008-12-06 18:48:50 ----A---- C:\WINDOWS\system32\PandoraCtrl.dll
2008-12-06 18:47:13 ----D---- C:\Program Files\VoloMedia
2008-12-06 18:46:53 ----D---- C:\Program Files\RelevantKnowledge
2008-12-06 18:46:21 ----D---- C:\Program Files\Seekeen
2008-12-06 17:05:18 ----D---- C:\Program Files\iWin.com
2008-12-06 16:59:57 ----D---- C:\Program Files\Conduit
2008-12-06 16:59:54 ----D---- C:\Program Files\iWin
2008-12-06 16:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-12-06 16:59:39 ----D---- C:\Program Files\iWin Games
2008-12-05 13:45:15 ----D---- C:\WINDOWS\Cache
2008-11-27 23:57:26 ----D---- C:\Program Files\Paint.NET
2008-11-26 20:44:02 ----D---- C:\Program Files\Snood Deluxe
2008-11-23 17:59:00 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-11-23 15:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-11-23 15:04:01 ----D---- C:\Program Files\Common Files\HP
2008-11-23 15:01:31 ----D---- C:\Program Files\Hewlett-Packard
2008-11-23 15:00:14 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-11-23 14:56:22 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-11-23 14:54:36 ----D---- C:\Program Files\HP
2008-11-22 21:21:40 ----D---- C:\Program Files\Frets on Fire

======List of files/folders modified in the last 1 months======

2008-12-20 14:55:04 ----D---- C:\WINDOWS\Prefetch
2008-12-20 10:31:53 ----D---- C:\WINDOWS\temp
2008-12-20 10:31:52 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-20 08:01:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-20 02:04:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-19 20:42:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 15:57:46 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 02:59:23 ----D---- C:\WINDOWS\system32
2008-12-19 01:40:52 ----RD---- C:\Program Files
2008-12-18 14:49:50 ----D---- C:\WINDOWS
2008-12-18 02:49:44 ----HD---- C:\WINDOWS\inf
2008-12-18 02:49:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 02:49:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 20:05:12 ----A---- C:\WINDOWS\win.ini
2008-12-14 03:15:45 ----D---- C:\Program Files\Internet Explorer
2008-12-14 03:09:11 ----SHD---- C:\WINDOWS\Installer
2008-12-14 03:09:11 ----SHD---- C:\Config.Msi
2008-12-14 03:09:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-14 03:07:53 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 12:27:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-13 12:25:33 ----D---- C:\Program Files\Windows Media Player
2008-12-13 11:59:01 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 11:39:19 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-12-13 11:06:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-13 10:47:26 ----A---- C:\VundoFix.txt
2008-12-13 07:32:05 ----D---- C:\Program Files\Yahoo!
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-13 00:51:36 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-12 18:56:05 ----A---- C:\YServer.txt
2008-12-12 18:55:54 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-12 18:55:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-12 18:52:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-12 18:51:31 ----D---- C:\Program Files\Datel
2008-12-12 18:48:06 ----D---- C:\Program Files\AIM
2008-12-11 17:52:42 ----D---- C:\Program Files\Shareaza
2008-12-11 17:52:41 ----D---- C:\Documents and Settings\Nick\Application Data\Shareaza
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 17:58:19 ----D---- C:\Program Files\Common Files
2008-12-09 17:54:49 ----SD---- C:\WINDOWS\Tasks
2008-12-06 18:47:13 ----D---- C:\Program Files\iTunes
2008-12-06 17:08:39 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-12-06 17:05:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-05 13:45:15 ----D---- C:\Program Files\Coupons
2008-12-04 19:33:04 ----D---- C:\Program Files\DVDVideoSoft
2008-12-04 19:33:03 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-12-03 18:20:05 ----D---- C:\Documents and Settings\Nick\Application Data\uTorrent
2008-12-03 13:10:56 ----D---- C:\WINDOWS\system32\Restore
2008-11-30 15:41:22 ----D---- C:\WINDOWS\system32\Macromed
2008-11-27 23:58:30 ----RSD---- C:\WINDOWS\assembly
2008-11-27 23:57:35 ----D---- C:\WINDOWS\WinSxS
2008-11-23 18:36:13 ----D---- C:\Program Files\Audacity
2008-11-23 17:36:28 ----A---- C:\WINDOWS\system32\hpzjrd01.dll
2008-11-23 15:00:48 ----D---- C:\WINDOWS\twain_32
2008-11-23 14:58:14 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 18:25:21 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-21 18:16:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-21 18:16:36 ----D---- C:\Program Files\Zune
2008-11-21 15:00:23 ----D---- C:\Program Files\Norton Security Scan

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-08-26 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-08-26 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-08-26 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-06-26 62336]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-11 490776]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-06-07 607576]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-23 418816]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-20 406528]
R2 Bandoo Coordinator;Bandoo Coordinator; C:\PROGRA~1\Fun4IM\Bandoo.exe [2008-10-26 1281984]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 168432]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-08-26 49664]
S2 iWinGamesInstaller;iWinGamesInstaller; C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-09-09 78104]
S2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 Seekeen Service;Seekeen Service; C:\Program Files\Seekeen\seekeen.exe [2008-12-09 4608]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-12-06 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-08-15 501048]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------



Sorry it took so long to reply back btw.

Much appreciation as well.
If you do things right, then people won't know if you've done anything at all.

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 21 December 2008 - 03:13 PM

I see from your log that you have Vundofix on your computer. Could you give me a rundown on what you have tried to do to solve the problems you are experiencing before posting the initial HJT log? Things like any other tools you have used or corrective measures you may have tried.





Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.




Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".



Please provide both the ComboFix.txt and a new HJT log in your next post along with answers you may have to the questions I posed.



Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 22 December 2008 - 04:48 PM

Aright, the reason I have Vundofix on my computer is because I've had problems with this computer before and as part of the solution one of the moderators on here told me to install it to fix the problem. I suppose I just never got around to deleting it.

What I used to try and get rid of the problems before posting on here were:

-Running Malwarebyte's Anti-Malware
-Running Spybot search and destroy

...and thats about it.

Below is the Combofix log, thanks again for everything.
-------------------------------------------------
Combofix log
-------------------------------------------------

ComboFix 08-12-21.04 - Nick 2008-12-22 16:27:40.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.308 [GMT -5:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IWINGAMESINSTALLER
-------\Service_Boonty Games
-------\Service_iWinGamesInstaller


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-20 14:55 . 2008-12-20 14:55 <DIR> d-------- C:\rsit
2008-12-19 01:41 . 2008-12-19 01:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-12-19 01:40 . 2008-12-19 01:41 <DIR> d-------- c:\program files\WorldOfGoo
2008-12-13 10:39 . 2008-12-13 10:39 <DIR> d-------- C:\VundoFix Backups
2008-12-11 17:20 . 2008-10-23 07:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
2008-12-11 17:13 . 2008-10-03 05:02 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\documents and settings\Nick\Application Data\iWinArcade
2008-12-08 15:19 . 2008-12-08 15:19 <DIR> d-------- c:\documents and settings\Nick\Application Data\VoloMedia Service
2008-12-07 14:29 . 2008-12-09 17:54 <DIR> d-------- c:\program files\Winferno
2008-12-07 14:29 . 2008-12-07 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bandoo
2008-12-07 14:29 . 2006-07-24 08:56 212,240 --a------ c:\windows\system32\Richtx32.ocx
2008-12-07 14:28 . 2008-12-07 14:29 <DIR> d-------- c:\program files\Fun4IM
2008-12-06 23:00 . 2008-12-12 15:37 <DIR> d-------- c:\documents and settings\Michael\Application Data\Smart-Shopper
2008-12-06 22:58 . 2008-12-06 22:58 <DIR> d-------- c:\documents and settings\Michael\Application Data\VoloMedia Service
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\program files\Common Files\BOONTY Shared
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\BOONTY
2008-12-06 18:49 . 2008-12-06 18:53 <DIR> d-------- c:\program files\My Downloaded Games
2008-12-06 18:49 . 2008-12-09 16:15 <DIR> d-------- c:\program files\BoontyGames
2008-12-06 18:48 . 2008-12-06 18:51 <DIR> d-------- c:\program files\Boonty
2008-12-06 18:48 . 2008-12-06 18:47 708,426 --a------ c:\windows\unins001.exe
2008-12-06 18:48 . 2005-03-11 18:06 102,400 --a------ c:\windows\system32\PandoraCtrl.dll
2008-12-06 18:48 . 2008-12-06 18:48 72,401 --a------ c:\windows\unins001.dat
2008-12-06 18:47 . 2008-12-06 18:47 <DIR> d-------- c:\program files\VoloMedia
2008-12-06 18:46 . 2008-12-10 21:10 <DIR> d-------- c:\program files\Seekeen
2008-12-06 18:46 . 2008-12-06 21:30 <DIR> d-------- c:\program files\RelevantKnowledge
2008-12-06 17:05 . 2008-12-06 17:05 <DIR> d-------- c:\program files\iWin.com
2008-12-06 16:59 . 2008-12-06 18:08 <DIR> d-------- c:\program files\iWin Games
2008-12-06 16:59 . 2008-12-06 16:59 <DIR> d-------- c:\program files\iWin
2008-12-06 16:59 . 2008-12-06 16:59 <DIR> d-------- c:\program files\Conduit
2008-12-06 16:59 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2008-12-05 13:45 . 2008-12-05 13:45 <DIR> d-------- c:\windows\Cache
2008-12-02 23:21 . 2008-12-02 23:21 <DIR> d-------- c:\documents and settings\Michael\Application Data\Teeworlds
2008-11-27 23:57 . 2008-11-27 23:57 <DIR> d-------- c:\program files\Paint.NET
2008-11-26 20:44 . 2008-11-26 20:57 <DIR> d-------- c:\program files\Snood Deluxe
2008-11-23 17:59 . 2008-11-23 17:59 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\program files\Common Files\HP
2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-23 15:01 . 2008-11-23 15:01 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-23 15:00 . 2008-11-23 15:00 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-23 14:58 . 2005-03-07 23:43 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-23 14:58 . 2005-03-07 23:43 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-23 14:57 . 2005-03-07 23:43 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-23 14:56 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2008-11-23 14:56 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2008-11-23 14:56 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2008-11-23 14:56 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2008-11-23 14:56 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2008-11-23 14:56 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2008-11-23 14:54 . 2008-11-23 15:04 <DIR> d-------- c:\program files\HP
2008-11-23 14:51 . 2008-11-23 15:07 112,886 --a------ c:\windows\hpoins07.dat
2008-11-23 14:51 . 2005-05-24 01:52 21,124 --------- c:\windows\hpomdl07.dat
2008-11-22 21:21 . 2008-12-12 18:51 <DIR> d-------- c:\program files\Frets on Fire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 17:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-22 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-21 21:05 31 ----a-w c:\documents and settings\Chris\jagex_runescape_preferences.dat
2008-12-21 01:24 --------- d-----w c:\documents and settings\Michael\Application Data\uTorrent
2008-12-14 08:09 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-13 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-13 16:39 --------- d-----w c:\program files\Free Offers from Freeze.com
2008-12-13 16:06 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-13 12:32 --------- d-----w c:\program files\Yahoo!
2008-12-13 05:51 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-12 23:55 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 23:55 --------- d-----w c:\documents and settings\Michael\Application Data\Yahoo!
2008-12-12 23:55 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-12 23:51 --------- d-----w c:\program files\Datel
2008-12-12 23:48 --------- d-----w c:\program files\AIM
2008-12-12 23:48 --------- d-----w c:\documents and settings\Michael\Application Data\Aim
2008-12-11 22:52 --------- d-----w c:\program files\Shareaza
2008-12-11 22:52 --------- d-----w c:\documents and settings\Nick\Application Data\Shareaza
2008-12-06 23:47 --------- d-----w c:\program files\iTunes
2008-12-06 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-05 18:45 --------- d-----w c:\program files\Coupons
2008-12-05 00:33 --------- d--h--w c:\documents and settings\Michael\Application Data\ijjigame
2008-12-05 00:33 --------- d-----w c:\program files\DVDVideoSoft
2008-12-05 00:33 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-12-03 23:20 --------- d-----w c:\documents and settings\Nick\Application Data\uTorrent
2008-11-23 23:36 --------- d-----w c:\program files\Audacity
2008-11-23 22:36 139,264 ----a-w c:\windows\system32\hpzjrd01.dll
2008-11-21 23:16 --------- d-----w c:\program files\Zune
2008-11-21 20:00 --------- d-----w c:\program files\Norton Security Scan
2008-11-20 21:30 --------- d-----w c:\documents and settings\Nick\Application Data\MySpace
2008-11-20 11:42 --------- d-----w c:\program files\NCH Swift Sound
2008-11-20 11:42 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-18 18:31 --------- d-----w c:\program files\WiFiConnector
2008-11-18 04:53 --------- d-----w c:\program files\Audio Phonics, Inc
2008-11-10 17:23 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-11-10 17:23 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 17:09 73,728 ----a-w c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 17:09 57,344 ----a-w c:\windows\system32\ZuneRegUtil.dll
2008-11-10 17:09 310,272 ----a-w c:\windows\system32\ZuneNetProxy.dll
2008-11-10 17:09 18,944 ----a-w c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 17:09 145,920 ----a-w c:\windows\system32\ZuneMTPZ.dll
2008-11-10 17:09 12,800 ----a-w c:\windows\system32\ZunePTDNS.dll
2008-11-08 00:24 --------- d-----w c:\program files\Snood
2008-10-30 22:20 --------- d-----w c:\documents and settings\Nick\Application Data\Viewpoint
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 17:38 --------- d-----w c:\documents and settings\NetworkService\Application Data\AVG7
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-14 23:18 24 -c--a-w c:\documents and settings\Michael\jagex_runescape_preferences.dat
2008-08-23 00:27 23 -c--a-w c:\documents and settings\Nick\jagex_runescape_preferences.dat
2008-06-06 04:56 0 -c--a-w c:\program files\uninstall.dat
2007-12-21 02:58 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-08-27 14:22 380 -c--a-w c:\program files\Recycle Bin.reg
2008-11-09 20:54 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-09 20:54 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-09 20:54 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-09 20:54 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-09 20:54 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-10-20 19:28 848 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 05:07 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

------- Sigcheck -------

2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-07-09 18:00 360960 3ad4958b8a895e1e14f5c3cf92683d02 c:\windows\$NtServicePackUninstall$\tcpip.sys
2007-11-07 06:11 360704 e304e53371c3e3821b10c961b3d9bfd2 c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-01-17 19:05 360064 b1d637a5585af8932c635976ff9d8981 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-09-14 11:54 361600 7ee936a57b5901d6b1c4af9a9e6c500a c:\windows\system32\dllcache\TCPIP.SYS
2008-09-14 11:54 361600 7ee936a57b5901d6b1c4af9a9e6c500a c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWin.dll" [2008-08-20 1780248]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-06-06 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-06 50688]
"Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"VoloMedia Service"="c:\program files\VoloMedia\VoloMedia Service\VoloMediaService.exe" [2008-10-23 3564240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
BoontyBox Play Toad.lnk - c:\program files\Boonty\BoontyBox\BoontyBox.exe [2008-12-06 816736]
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-12-06 108032]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-12-06 108032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-29 67128]
Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-11-18 1175552]
Sidebar.lnk - c:\program files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe [2007-08-10 524288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidrv32.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Nick\\Desktop\\nicks folder\\[ PC Games ] - Age of Empires II(FULL)(2)\\age2_x1.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 Bandoo Coordinator;Bandoo Coordinator;"c:\progra~1\Fun4IM\Bandoo.exe" [2008-12-07 1281984]
R2 Seekeen Service;Seekeen Service;"c:\program files\Seekeen\seekeen.exe" "c:\program files\Seekeen\seekeen.dll" Service []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e42c2538-79e4-11dc-bc75-000bdbb2d3d2}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-11-23 15:03]

2008-12-22 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []

2008-11-07 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-AIM - c:\program files\AIM\aim.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
Notify-jkkJcYrs - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
IE: Download with GetRight
IE: Download with GetRight Pro - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser
IE: Open with GetRight Pro Browser - c:\program files\GetRight\GRbrowse.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\3i9p6vvg.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 16:35:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Seekeen\seekeen.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Seekeen\seekeen.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-22 16:39:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 21:39:20
ComboFix2.txt 2008-08-05 18:37:18

Pre-Run: 1,571,049,472 bytes free
Post-Run: 1,699,049,472 bytes free

318 --- E O F --- 2008-12-18 07:49:44
If you do things right, then people won't know if you've done anything at all.

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 22 December 2008 - 05:16 PM

Thanks for the info. :thumbsup: I will need another HJT log also.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 22 December 2008 - 06:08 PM

Oh not at all, thank you for all the help. I mean Honestly if it werent for people like yourself I'd be spending all sorts of money on computer repairs and such. I mean: Thank you personally as well as the whole HJT staff, you truly are what makes this site as helpful as it is. :]

-----------------------
HiJack This Log
-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:32 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Seekeen\seekeen.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\Seekeen\seekeen.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Nick\Desktop\Protection Applicatons(Spyware, Malware, Adware\HiJackThis.exe
c:\program files\aim6\anotify.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.wikipedia.org/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VoloMedia Service] "C:\Program Files\VoloMedia\VoloMedia Service\VoloMediaService.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: Sidebar.lnk = C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHos...ronGameHost.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Fun4IM\Bandoo.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

--
End of file - 10898 bytes
If you do things right, then people won't know if you've done anything at all.

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 23 December 2008 - 07:48 PM

You're welcome for any help we have been able to give you. :thumbsup: It is a pleasure to help others clean up the junk that you can pick up on any given day.


I need some information on the following files. What we have is a lot of games and associated programs which were downloaded over a period of around 3-4 days. If you look at the dates and times in the far left hand column you can see where a lot of them came together and then a little bit of a hiatus followed by more being downloaded. I need to know if you downloaded part or all of these.

The problem is there are both good and bad all interspersed together and I have a feeling although I don't know it for a fact that these may all have been brought in by a Trojan and some could be bad and some OK. At the bottom I will give you some links to the ones I know that are malicious.

What I really want to know is do you definitely want to keep some of the other programs of which I have not found any problems with or would it be alright with you if I cleared out all of the ones I have listed.






2008-12-09 17:55 . 2008-12-09 17:55 <DIR> d-------- c:\documents and settings\Nick\Application Data\iWinArcade
2008-12-08 15:19 . 2008-12-08 15:19 <DIR> d-------- c:\documents and settings\Nick\Application Data\VoloMedia Service
2008-12-07 14:29 . 2008-12-09 17:54 <DIR> d-------- c:\program files\Winferno
2008-12-07 14:29 . 2008-12-07 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bandoo
2008-12-07 14:29 . 2006-07-24 08:56 212,240 --a------ c:\windows\system32\Richtx32.ocx
2008-12-07 14:28 . 2008-12-07 14:29 <DIR> d-------- c:\program files\Fun4IM
2008-12-06 23:00 . 2008-12-12 15:37 <DIR> d-------- c:\documents and settings\Michael\Application Data\Smart-Shopper
2008-12-06 22:58 . 2008-12-06 22:58 <DIR> d-------- c:\documents and settings\Michael\Application Data\VoloMedia Service
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\program files\Common Files\BOONTY Shared
2008-12-06 18:53 . 2008-12-06 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\BOONTY
2008-12-06 18:49 . 2008-12-06 18:53 <DIR> d-------- c:\program files\My Downloaded Games
2008-12-06 18:49 . 2008-12-09 16:15 <DIR> d-------- c:\program files\BoontyGames
2008-12-06 18:48 . 2008-12-06 18:51 <DIR> d-------- c:\program files\Boonty
2008-12-06 18:48 . 2008-12-06 18:47 708,426 --a------ c:\windows\unins001.exe
2008-12-06 18:48 . 2005-03-11 18:06 102,400 --a------ c:\windows\system32\PandoraCtrl.dll
2008-12-06 18:48 . 2008-12-06 18:48 72,401 --a------ c:\windows\unins001.dat
2008-12-06 18:47 . 2008-12-06 18:47 <DIR> d-------- c:\program files\VoloMedia
2008-12-06 18:46 . 2008-12-10 21:10 <DIR> d-------- c:\program files\Seekeen
2008-12-06 18:46 . 2008-12-06 21:30 <DIR> d-------- c:\program files\RelevantKnowledge
2008-12-06 17:05 . 2008-12-06 17:05 <DIR> d-------- c:\program files\iWin.com
2008-12-06 16:59 . 2008-12-06 18:08 <DIR> d-------- c:\program files\iWin Games
2008-12-06 16:59 . 2008-12-06 16:59 <DIR> d-------- c:\program files\iWin
2008-12-06 16:59 . 2008-12-06 16:59 <DIR> d-------- c:\program files\Conduit
2008-12-06 16:59 . 2008-12-06 17:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games


Info on Boonty

http://www.castlecops.com/o23list-1744.html


unins001.dat

http://www.spywareremove.com/removeunins001dat.html


unins001.exe


http://www.spywareremove.com/removeunins001exe.html


Seeken


http://www.prevx.com/filenames/X2504856626...EKEEN2EEXE.html
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 25 December 2008 - 02:48 PM

You can delete everything and anything you see fit for deletion.

If it seems malicious or potentially harmful feel free to deal with it any way you see fit.

Exceptions being with the following:

-Volo-Media (my brother's not mine)
-I win Games and all things associated (Ditto)


I just want to know if either of these are malicious, if not then Id love to keep em around otherwise just say the word.
If you do things right, then people won't know if you've done anything at all.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 25 December 2008 - 06:34 PM

I will try to save everything you want. I do need to know though if you downloaded them yourselves. Judging by your post I would think you did but I need to make sure.

Thanks!!
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 26 December 2008 - 04:47 PM

Sorry about that, the following are the only programs that I or anyone else has recollection of downloading.

-Volo Media
-IWin Games
-Boonty Games


Everything else is trash-ware, or un-needed as far as I'm concerned.

Hope this helps, Thanks again!
If you do things right, then people won't know if you've done anything at all.

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 27 December 2008 - 09:48 AM

I need to know if all of the games we are dealing with in the list I provided are freeware? Let me know in your next reply after completing the instructions below.


We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\windows\unins001.exe
    c:\windows\system32\PandoraCtrl.dll
    c:\windows\unins001.dat
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm






In your next reply please provide the following:
  • Log from OTMOveit3
  • SmitfraudFix report
  • Answer to question about games


Thanks!!
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 28 December 2008 - 09:39 PM

Hey, I Tried downloading the "OTMoveIt3" file you provided but was stopped by the following error message.

-Oh and Yes, all the games in the previous list were free-ware.

Attached Files


If you do things right, then people won't know if you've done anything at all.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:32 PM

Posted 30 December 2008 - 10:33 AM

Sorry for the delay we were checking on some things. Let's just go with the Smitfraudfix right now:



Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm




Just provide us with the text from running this when completed.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 monkpart9

monkpart9
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:32 PM

Posted 30 December 2008 - 04:08 PM

Aright, here's the Smitfraud report.

------------------------------------------------------------
SmitFraudFix v2.387

Scan done at 16:05:41.29, Tue 12/30/2008
Run from C:\Documents and Settings\Nick\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\VoloMedia\VoloMedia Service\VoloMediaService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Seekeen\seekeen.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Fun4IM\Bandoo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AIM Lite\aimlite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seekeen\seekeen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nick


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nick\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nick\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nick\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\fun4im\\bndhook.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.254.254
DNS Server Search Order: 192.168.254.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6AC6C9F-BE05-45BB-8DCA-950CE0D3FD1B}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6AC6C9F-BE05-45BB-8DCA-950CE0D3FD1B}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6AC6C9F-BE05-45BB-8DCA-950CE0D3FD1B}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.254.254 192.168.254.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


--------------------------------------------------------------------

Thanks again!
If you do things right, then people won't know if you've done anything at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users