Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 StarLion

StarLion

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 14 December 2008 - 11:17 PM

Symptoms: Ad popups while browsing the web.

Steps attempted already:
AdAware scan (supposedly removed 4 malware infections and 1 worm).
System runs AVG (no detection from AVG).
HJT removed some objects/startup items.

Kapernsky Output:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 20:58:20
Records in database: 1461208
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Marc\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 72757
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:52:20


File name / Threat name / Threats count
E:\mIRC\mirc.exe/E:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\WINDOWS\system32\jkkkHxvu.dll Infected: Trojan-Downloader.Win32.Agent.aubk 1

The selected area was scanned.

RSI Output:
info.txt logfile of random's system information tool 1.04 2008-12-14 23:08:32

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
-->MsiExec.exe /X{EE43210C-266E-4101-8FBC-04378D5E9D42}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Port Scanner v1.3-->E:\Program Files\Advanced Port Scanner\uninstal.exe
Agatha Christie - And Then There Were None-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4628D0D-5DC8-49EC-985A-F0C12EDBF1D2}\setup.exe" -l0x9 -uninst
AGEIA PhysX v7.07.24-->MsiExec.exe /X{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Altova DatabaseSpy 2008 -->MsiExec.exe /I{BF665682-62E4-417F-9534-9D2085A2C580}
Anarchy Online-->"D:\Program Files\Funcom\Anarchy Online\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apache HTTP Server 2.2.10-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Ares 2.0.9-->"D:\Program Files\Ares\uninstall.exe"
ArtMoney SE v7.28-->"D:\Program Files\ArtMoney\Uninstall\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atomic Clock Sync-->C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BellSouth® FastAccess® Connection Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC71D6E9-7E45-4809-A0B4-339DE69EC17C}\Setup.exe" Remove
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BlackWidow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67E8AD0F-700F-49A3-9927-53C72CECA412}\setup.exe" -l0x9 -removeonly
BrainHotel-->MsiExec.exe /I{A8C867D4-1A7D-49CE-A01D-06BD5399DFC1}
BroadJump PPPoE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2260632D-9998-4ADC-8D81-D228FEA8F9FE}\Setup.exe" Remove
Build-a-lot 2 - Town of the Year [h33t] [oi812heet]-->"C:\WINDOWS\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]\uninstall.exe" "/U:D:\Program Files\Build-a-lot 2 - Town of the Year [h33t] [oi812heet]\Uninstall\uninstall.xml"
Clue-->C:\WINDOWS\IsUninst.exe -f"D:\Program Files\Hasbro Interactive\Clue\Uninst.isu"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
ConceptDraw 7 Professional-->MsiExec.exe /I{FBCDE9B9-8AD3-4EC9-91AB-63CD7F189224}
CyD FTP Client XP-->C:\Program Files\CyD\CyD FTP Client XP\Install.exe u
Detective Stories Hollywood-->"C:\WINDOWS\Detective Stories Hollywood\uninstall.exe" "/U:D:\Program Files\Detective Stories Hollywood\Uninstall\uninstall.xml"
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EDraw Flowchart 3-->"C:\Program Files\EDraw Flowchart\unins000.exe"
Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
eMule-->"D:\Program Files\eMule\Uninstall.exe"
Eusing Free Registry Cleaner-->D:\PROGRA~1\EUSING~1\UNWISE.EXE D:\PROGRA~1\EUSING~1\INSTALL.LOG
EVEMon-->D:\Program Files\EVEMon\uninstall.exe
EVE-ONLINE (remove only)-->D:\Program Files\CCP\EVE\Uninstall.exe
ExamDiff 1.7-->"C:\Program Files\ExamDiff\unins000.exe"
FileZilla Client 3.1.6-->D:\Program Files\FileZilla FTP Client\uninstall.exe
Flash Decompiler Trillix-->"C:\Program Files\Eltima Software\Flash Decompiler Trillix\unins000.exe"
Flash Renamer 5.3-->"D:\Program Files\Flash Renamer\unins000.exe"
GameHack 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GameHack\Uninst.isu"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0303B6A-C675-4102-95DA-C013625BFA99}\setup.exe" -l0x9 -removeonly
Hellgate: London-->MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp officejet 7100 series-->C:\WINDOWS\system32\hpocon09.exe /u 1214451102 /d "hp officejet 7100 series"
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Java Application Platform SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java Launcher 3.201 (Standard edition)-->"C:\Program Files\Java Launcher\unins000.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Jetico Personal Firewall 2.0-->"C:\WINDOWS\BCUnInstall.exe" E:\Program Files\Jetico\Jetico Personal Firewall\UnInstall.log
JGsoft PowerGREP 3 DEMO 3.5.0-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\PowerGREP3\Deploy.log"
LucasArts' Star Wars Rebellion-->C:\WINDOWS\uninst.exe -f"D:\Program Files\LucasArts\Star Wars Rebellion\DeIsL1.isu"
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C# 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition - ENU-->MsiExec.exe /X{2D07422C-CA35-375A-A3A8-3631AB85BFE5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
mIRC-->E:\mIRC\uninstall.exe _?=E:\mIRC
MishBuddy-->C:\WINDOWS\iun507.exe D:\Program Files\MMOToolbox\MishBuddy\irunin.ini
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nancy Drew: The Phantom of Venice-->C:\Program Files\InstallShield Installation Information\{1505D9B1-6037-4310-815A-4D8A212C5075}\setup.exe -runfromtemp -l0x0009 -removeonly
Nero 7-->MsiExec.exe /X{26D3E377-1DCA-4043-9410-B4A9BACF1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PC SpeedScan Pro-->C:\Program Files\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Performance Center-->C:\Program Files\InstallShield Installation Information\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}\setup.exe -runfromtemp -l0x0009 -removeonly
PHP 5.2.6-->MsiExec.exe /I{6E1205BF-25BC-44A5-B10E-34402BFF5D45}
Pirates of the Burning Sea-->"C:\Program Files\InstallShield Installation Information\{EF934638-0711-4123-AA92-1512B72C660A}\setup.exe" -runfromtemp -l0x0009 -removeonly
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Pop-Up Sentry! Anti-Spyware-->MsiExec.exe /X{D93F052A-325F-4D08-9785-F276F28B820A}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PremiumSoft Navicat 8.0 for MySQL-->"C:\Program Files\PremiumSoft\Navicat 8.0 MySQL\unins000.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
ProntoEdit 4-->MsiExec.exe /I{2C7F7830-E66E-40D8-8E26-28FAFF288A29}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RCT3 Soaked-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RebEd v0.26-->"C:\WINDOWS\UNISTB32.EXE" /U "D:\Program Files\RebEd\UNINST0.000" "D:\Program Files\RebEd\UNINST1.000"
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Richard Garriott's Tabula Rasa-->C:\Program Files\InstallShield Installation Information\{E6561365-F0CB-496F-864A-A3CB445FB25A}\Setup.exe -runfromtemp -l0x0009 -removeonly
RollerCoaster Tycoon® 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Room Arranger-->"C:\Program Files\Room Arranger\uninstall.exe"
Scanmetender Standard 2.3-->"D:\Program Files\Levenfus products\Scanmetender Standard\unins000.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Solid State ION Internet Explorer Plugin-->C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
Spyware Process Detector v3.11-->"D:\Program Files\Spyware Process Detector\Uninstall\unins000.exe"
Star Wars® Knights of the Old Republic® II: The Sith Lords™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
StuffIt 12-->MsiExec.exe /X{9ED3C484-D002-4D4D-9BF3-C3DF9048EE7D}
Super Ad Blocker-->MsiExec.exe /X{F8BA8B13-856D-4DFB-A28F-7EC868142453}
The Goat In The Grey Fedora-->MsiExec.exe /I{166ADB53-ABA6-4CAB-B297-A188869D465A}
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54-->"D:\Program Files\Turbine\The Lord of the Rings Online\unins000.exe"
TibEd 1.63-->"D:\Program Files\TibEd\nsuninst.exe"
TibEd 2-->D:\Program Files\TibEd 2\uninst-tibed2.exe
Trillian-->D:\Program Files\Trillian\trillian.exe /uninstall
TurboTax Basic 2007-->C:\Program Files\TurboTax\Basic 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Basic 2007\Uninstall.log" -NoGui
UltraEdit-32-->"C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraEdit-32\ueinstall.log" -u
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Vampire - The Masquerade Bloodlines-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87} /l1033 /x
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6f-->D:\Program Files\VideoLAN\VLC\uninstall.exe
VidiotMaps Map Overlay-->C:\Program Files\InstallShield Installation Information\{4FF6405B-0B00-402F-B64F-5C31A9228D8B}\setup.exe -runfromtemp -l0x0009
VidiotMaps Map Overlay-->C:\Program Files\InstallShield Installation Information\{F129FE67-0C57-4417-8584-88159E61EAD3}\setup.exe -runfromtemp -l0x0009
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebSite eXtractor-->D:\Program Files\WebSite eXtractor\uninstall.exe
Winamp-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinHTTrack Website Copier 3.42-3-->"D:\Program Files\WinHTTrack\unins000.exe"
WinPcap 4.0.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Worms 4 Mayhem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}\setup.exe" -l0x9 -removeonly
X3 Reunion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9838EAFF-B13B-4A03-AEAE-6D508136545D}\setup.exe" -l0x9 -removeonly
Xfire (remove only)-->"D:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"E:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE

=====HijackThis Backups=====

O4 - HKLM\..\Run: [08835488] rundll32.exe "C:\WINDOWS\system32\kewlfopt.dll",b
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Marc\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187550732140
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187552899781
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab72909.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - E:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe
O20 - AppInit_DLLs: avgrsstx.dll klhfem.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: Jetico Personal Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PHP\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;E:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\IDM Computer Solutions\UltraEdit-32
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"INCLUDE"=D:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\include\
"LIB"=D:\Program Files\Microsoft Visual Studio .NET\FrameworkSDK\Lib\
"VSCOMNTOOLS"="D:\Program Files\Microsoft Visual Studio .NET\Common7\Tools\"
"HellgateEnv"=D:\Program Files\Flagship Studios\Hellgate London\
"PHPRC"=C:\Program Files\PHP\

-----------------EOF-----------------

HJT:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Marc at 2008-12-14 23:08:21
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (13%) free of 40 GB
Total RAM: 1535 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:29 PM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe
D:\Program Files\FileZilla FTP Client\filezilla.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe
C:\WINDOWS\system32\rundll32.exe
E:\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Marc\Desktop\putty.exe
C:\Documents and Settings\Marc\Desktop\putty.exe
C:\Documents and Settings\Marc\Desktop\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Marc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {f7c286c6-d5a8-b7fa-99f4-1c560867faa0} - {0aaf7680-65c1-4f99-af7b-8a5d6c682c7f} - C:\WINDOWS\system32\klhfem.dll
O2 - BHO: (no name) - {1723750E-FBC5-48FF-B5BC-534F9C63B30A} - C:\WINDOWS\system32\fccdBrPF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [JeticoPFStartup] "E:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: xxyvwXRj - xxyvwXRj.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE

--
End of file - 7133 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ybrheqzp.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0aaf7680-65c1-4f99-af7b-8a5d6c682c7f}]
C:\WINDOWS\system32\klhfem.dll [2008-12-13 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1723750E-FBC5-48FF-B5BC-534F9C63B30A}]
C:\WINDOWS\system32\fccdBrPF.dll [2008-12-13 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-05-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-05 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-22 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-05-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-05 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JeticoPFStartup"=E:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe [2007-05-31 406520]
"QuickTime Task"=E:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-17 185896]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-05-12 136600]
"Microsoft WinUpdate"=C:\WINDOWS\system32\msupdte.exe [2008-06-24 4050]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-11 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
D:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe [2008-08-21 2093056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL [2007-08-01 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-07-27 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyvwXRj]
xxyvwXRj.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D8}"=C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABSEHPS.DLL [2007-12-30 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccdBrPF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ExSearchOptions"=170864

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\mIRC\mirc.exe"="E:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"E:\WS_FTP\WS_FTP95.exe"="E:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"D:\Program Files\Xfire\xfire.exe"="D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"E:\Program Files\Azureus\Azureus.exe"="E:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\CyD\CyD FTP Client XP\CyDFTP.exe"="C:\Program Files\CyD\CyD FTP Client XP\CyDFTP.exe:*:Enabled:CyDFTP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe"="D:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"D:\Program Files\FileZilla FTP Client\filezilla.exe"="D:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"E:\Program Files\Uplink\mIRC\mirc.exe"="E:\Program Files\Uplink\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\Marc\Local Settings\Temp\java_app_platform_sdk-5_05-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Marc\Local Settings\Temp\java_app_platform_sdk-5_05-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Sun\SDK\jdk\bin\java.exe"="C:\Sun\SDK\jdk\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Documents and Settings\Marc\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe"="C:\Documents and Settings\Marc\Desktop\WoW-BurningCrusade-Trial-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Program Files\Flagship Studios\Hellgate London\Launcher.exe"="D:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London"
"D:\Program Files\CCP\EVE\bin\ExeFile.exe"="D:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\Program Files\Activision Value\WSOP 2008\WSOPBFTB.exe"="D:\Program Files\Activision Value\WSOP 2008\WSOPBFTB.exe:*:Enabled:WSOPBFTB"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Documents and Settings\Marc\My Documents\VhaBot 0.7.6 CE\VhaBot.exe"="C:\Documents and Settings\Marc\My Documents\VhaBot 0.7.6 CE\VhaBot.exe:*:Enabled:VhaBot"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"D:\Program Files\World of Warcraft\BackgroundDownloader.exe"="D:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Program Files\Hasbro Interactive\Clue\Clue.exe"="D:\Program Files\Hasbro Interactive\Clue\Clue.exe:*:Enabled:Clue"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-14 23:08:21 ----D---- C:\rsit
2008-12-14 11:23:47 ----D---- C:\VundoFix Backups
2008-12-14 11:02:03 ----SH---- C:\WINDOWS\system32\nwaaiehg.ini
2008-12-14 11:02:02 ----A---- C:\WINDOWS\system32\gheiaawn.dll
2008-12-14 11:01:50 ----A---- C:\WINDOWS\system32\uuqdjf.dll
2008-12-14 11:01:48 ----A---- C:\WINDOWS\system32\gsavskhj.dll
2008-12-14 10:58:55 ----SH---- C:\WINDOWS\system32\vbsofcqj.ini
2008-12-14 10:58:51 ----N---- C:\WINDOWS\system32\jqcfosbv.dll
2008-12-14 10:58:49 ----A---- C:\WINDOWS\system32\wedvrnbh.dll
2008-12-14 10:58:49 ----A---- C:\WINDOWS\system32\hdkjja.dll
2008-12-13 10:57:35 ----A---- C:\WINDOWS\system32\klhfem.dll
2008-12-13 10:57:33 ----A---- C:\WINDOWS\system32\osvlgglq.dll
2008-12-13 10:57:29 ----SH---- C:\WINDOWS\system32\tpoflwek.ini
2008-12-13 10:56:52 ----A---- C:\WINDOWS\system32\03a090f6-.txt
2008-12-13 10:55:58 ----ASH---- C:\WINDOWS\system32\FPrBdccf.ini2
2008-12-13 10:55:55 ----ASH---- C:\WINDOWS\system32\FPrBdccf.ini
2008-12-13 10:55:48 ----A---- C:\WINDOWS\system32\fccdBrPF.dll
2008-12-13 10:50:59 ----D---- C:\Documents and Settings\Marc\Application Data\gadcom
2008-12-13 10:50:43 ----A---- C:\WINDOWS\system32\jkkkHxvu.dll
2008-12-13 10:50:23 ----A---- C:\WINDOWS\system32\~.exe
2008-12-12 03:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 10:30:01 ----D---- C:\WINDOWS\pss
2008-12-09 21:46:12 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2008-12-09 21:46:09 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2008-12-09 21:45:56 ----A---- C:\WINDOWS\system32\unam4ie.exe
2008-12-07 07:55:18 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-05 12:44:33 ----D---- C:\Program Files\JGsoft
2008-12-05 12:44:33 ----A---- C:\WINDOWS\UnDeploy.exe
2008-12-03 14:44:09 ----D---- C:\Program Files\Electronic Arts
2008-12-02 11:26:43 ----D---- C:\WINDOWS\Detective Stories Hollywood
2008-12-02 11:26:07 ----A---- C:\WINDOWS\Detective Stories Hollywood Setup Log.txt
2008-12-02 10:56:29 ----A---- C:\WINDOWS\Mortimer Beckett and the Time Paradox Uninstall Log.txt
2008-12-01 19:07:12 ----D---- C:\WINDOWS\Mortimer Beckett and the Time Paradox
2008-12-01 18:39:14 ----A---- C:\WINDOWS\Mortimer Beckett and the Time Paradox Setup Log.txt
2008-11-24 19:59:39 ----A---- C:\WINDOWS\system32\ascbalon.dll
2008-11-24 19:59:36 ----A---- C:\WINDOWS\system32\SysRestore.dll
2008-11-24 19:59:36 ----A---- C:\WINDOWS\system32\CreateLog.dll
2008-11-24 19:59:35 ----A---- C:\WINDOWS\system32\ConTest.dll
2008-11-20 15:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-17 13:18:43 ----D---- C:\Documents and Settings\Marc\Application Data\Red Alert 3
2008-11-17 12:40:09 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-17 12:40:09 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-17 12:40:02 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-17 12:39:40 ----D---- C:\WINDOWS\Logs
2008-11-16 17:40:13 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

======List of files/folders modified in the last 1 months======

2008-12-14 23:08:29 ----D---- C:\WINDOWS\Prefetch
2008-12-14 18:05:26 ----D---- C:\WINDOWS\TEMP
2008-12-14 15:09:30 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 13:08:29 ----A---- C:\VundoFix.txt
2008-12-14 11:02:11 ----D---- C:\WINDOWS\system32
2008-12-14 09:39:16 ----D---- C:\Documents and Settings\Marc\Application Data\FileZilla
2008-12-13 21:54:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 21:53:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 21:52:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-13 21:52:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 18:34:34 ----D---- C:\Documents and Settings\Marc\Application Data\OpenOffice.org2
2008-12-13 11:11:52 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-13 11:11:27 ----SHD---- C:\WINDOWS\Installer
2008-12-13 11:11:27 ----D---- C:\WINDOWS
2008-12-13 11:10:08 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 11:08:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-13 10:50:49 ----SD---- C:\WINDOWS\Tasks
2008-12-12 03:04:13 ----HD---- C:\WINDOWS\inf
2008-12-12 03:04:05 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 03:03:38 ----D---- C:\Program Files\Internet Explorer
2008-12-12 03:03:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 15:01:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-11 10:31:15 ----RASH---- C:\boot.ini
2008-12-11 10:31:15 ----A---- C:\WINDOWS\win.ini
2008-12-11 10:31:15 ----A---- C:\WINDOWS\system.ini
2008-12-10 10:11:36 ----D---- C:\Documents and Settings\Marc\Application Data\Azureus
2008-12-09 21:46:12 ----D---- C:\Program Files\Windows Media Player
2008-12-09 21:45:56 ----D---- C:\WINDOWS\Help
2008-12-09 21:45:55 ----RD---- C:\Program Files
2008-12-09 21:35:18 ----HD---- C:\Program Files\Uninstall Information
2008-12-07 07:55:38 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-07 07:54:19 ----D---- C:\Program Files\AIM6
2008-12-07 07:52:28 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-05 07:39:00 ----D---- C:\Documents and Settings\Marc\Application Data\Xfire
2008-11-29 23:54:48 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-11-26 13:36:28 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-25 15:37:12 ----D---- C:\Program Files\PowerISO
2008-11-25 15:36:05 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-11-25 15:34:49 ----D---- C:\Program Files\MagicISO
2008-11-25 15:24:32 ----D---- C:\vs7su1
2008-11-24 19:59:33 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-24 10:28:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-19 12:42:51 ----HD---- C:\$AVG8.VAULT$
2008-11-17 13:18:13 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-17 12:40:13 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-05 26824]
R1 bc_hash_f;BC_HASH_Filter; C:\WINDOWS\system32\drivers\bc_hash_f.sys [2007-05-16 13800]
R1 bc_ip_f;BC_IP_Filter; C:\WINDOWS\system32\drivers\bc_ip_f.sys [2007-05-16 27880]
R1 bc_pat_f;BC_PAT_Filter; C:\WINDOWS\system32\drivers\bc_pat_f.sys [2007-05-16 13800]
R1 bc_prt_f;BC_Protocol_Filter; C:\WINDOWS\system32\drivers\bc_prt_f.sys [2007-05-16 13800]
R1 bc_tdi_f;BC_TDI_Filter; C:\WINDOWS\system32\drivers\bc_tdi_f.sys [2007-05-16 22504]
R1 bcftdi;BCFTDI; C:\WINDOWS\system32\drivers\bcftdi.sys [2007-05-28 58856]
R1 SABDIFSV;SABDIFSV; \??\C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABDIFSV.SYS []
R1 SABKUTIL;SABKUTIL; \??\C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-05 76040]
R2 spydetector;spydetector; \??\D:\Program Files\Spyware Process Detector\spydetector.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 VProt2k;BroadJump PPPoE Helper Protocol; C:\WINDOWS\system32\DRIVERS\VProt2k.SYS [2003-05-10 16690]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-07-27 2371584]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [2007-06-13 169344]
R3 BcfilterMP;BcfilterMP; C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2007-05-16 23656]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VWan2k;BroadJump PPPoE Adapter; C:\WINDOWS\system32\DRIVERS\VWan2k.SYS [2003-05-10 29228]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-03 31744]
S3 adofa98u;adofa98u; C:\WINDOWS\system32\drivers\adofa98u.sys []
S3 Bcfilter;Jetico Personal Firewall Network Monitor; C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2007-05-16 23656]
S3 catchme;catchme; \??\C:\DOCUME~1\Marc\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MS1000;MS1000; C:\WINDOWS\System32\DRIVERS\MS1000.sys [2007-12-29 5376]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 42512]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\PopUpSentry.com\Pop-Up Sentry!\SABProcEnum.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-27 483328]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-05-12 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2002-01-05 315392]
R2 SABSVC;Super Ad Blocker Service; C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE [2005-08-31 65536]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-07-27 593920]
S2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
S2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-03 72704]
S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-10-10 24636]
S3 AresChatServer;Ares Chatroom server; D:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Imapi Helper;Imapi Helper; D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-28 92792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-22 654848]
S4 Jetico Personal Firewall server;Jetico Personal Firewall server; E:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe [2007-05-31 435192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt\ArcNameService.exe [2008-01-31 157016]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:17 PM

Posted 23 December 2008 - 09:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:17 PM

Posted 02 January 2009 - 07:03 PM

Due to the lack of feedback, this Topic is now closed.

If you still have problems, please Start a new topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users