Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sent here for additional help


  • This topic is locked This topic is locked
27 replies to this topic

#1 347t2xw

347t2xw

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 15 December 2008 - 07:57 AM

http://www.bleepingcomputer.com/forums/ind...p;#entry1046994

I was encouraged to post a link here to what I've been working on. Here are the reports I generated.

info.txt logfile of random's system information tool 1.04 2008-12-15 08:24:12

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Spyware Guard 2008\uninstall.exe
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
-->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
-->MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
-->MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Uninstaller 2.4-->"C:\Program Files\Absolute Uninstaller\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe PageMaker 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIDA32 v3.40-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
America Online-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"J:\Audacity\unins000.exe"
Audible Download Manager-->C:\Program Files\Audible\Bin\AudibleDM_iTunesSetup.exe /Uninstall
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Click'N Design 3D (V5)-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Conversions Plus 6.05-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Conversions Plus\DeIsL1.isu" -c"C:\Program Files\Conversions Plus\uninst10.dll
Creative Commons Add-in for Microsoft Office-->MsiExec.exe /I{EC719582-B6B4-436A-922B-67094106AB81}
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Dell Modem-On-Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Easy Duplicate Finder v. 1.5.1-->"C:\Program Files\Easy Duplicate Finder\unins000.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ESPN RunTime-->C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Filzip 3.06-->"C:\Program Files\Filzip\unins000.exe"
Flickr Uploadr 3.0.1-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
Fourelle Venturi Personal Client 2.1.1.12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C59FA2E-EEDA-41FA-90AC-F8FCBD032E85}\Setup.exe" -l0x9
Frigate Professional Version-->"L:\Frigate3\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HOTLLAMA Media Player - Setup-->C:\PROGRA~1\HOTLLA~1\Player\UNWISE.EXE C:\PROGRA~1\HOTLLA~1\Player\INSTALL.LOG
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icon Constructor 3-->"L:\Icon Constructor 3\unins000.exe"
InControl 2.5-->"L:\InControl\UninsHs.exe"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
iTunes Art Importer-->MsiExec.exe /I{D8D8B308-B172-43DB-96F1-6A3F84851D61}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kazaa Media Desktop 2.1-->RunDll32 C:\WINDOWS\System32\cd_clint.dll,ServiceRunDll u_291 "{726C99D0-50C5-404F-9EFD-7B2834DFED50}"
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Magic DVD Copier Version 4.8 build 4-->"C:\Program Files\MagicDVDCopier\unins000.exe"
Magic DVD Ripper V5.3 build 4-->"C:\Program Files\MagicDVDRipper\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MarkelSoft Dupe Eliminator for iTunes 3.91-->C:\Program Files\DupeEliminator\uninstall.exe
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
MediaMonkey 2.5-->"G:\MediaMonkey\unins000.exe"
MGI PhotoSuite III SE (Remove Only)-->"C:\Program Files\MGI\MGI PhotoSuite III SE\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite III SE\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite III SE\System\CustomUninstall.dll"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Primary Interop Assemblies-->MsiExec.exe /X{75F52629-711D-4500-A532-78B793667289}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola Software Update-->MsiExec.exe /I{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox 3 Beta 4\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18pre)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA252F}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenMG Limited Patch 3.4-04-16-16-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-04-16-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26C849AB-1865-412D-B87D-B18BC5CB6C60}\setup.exe" -l0x9 UNINSTALL
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Presto! ImageFolio LE-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\ImgFolio\DeIsL1.isu"
Presto! PageManager-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Presto! PageType-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
Presto! PhotoAlbum-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PhotoAlbum\DeIsL2.isu"
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Easy Media Creator 8 Suite-->MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Slickr-->MsiExec.exe /I{40249B57-CBB6-4026-A8DC-63F0CAE14D15}
SoftSound Shorten for Windows 2.3b-->C:\PROGRA~1\SoftSnd\SHORT32\UNWISE.EXE C:\PROGRA~1\SoftSnd\SHORT32\INSTALL.LOG
Songbird 0.4 (20071226)-->"L:\Songbird\Songbird-Uninstall.exe"
Sprint & FineReader 5.0 Office Try&Buy-->C:\WINDOWS\bitdein2.exe C:\PROGRA~1\SPRINT~1.0OF\bitdeins.ini
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.2-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarBurn(GiveAwayOfTheDay) Version 9.5 (Build 0x20071220)-->"L:\StarBurn\unins000.exe"
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Super DVD Copier v5.6-->"I:\Super DVD Copier\unins000.exe"
SureThing CD Labeler Deluxe 4-->C:\WINDOWS\mvuninst\App2\mvuninst.exe "SureThing CD Labeler Deluxe 4"
TagScanner 4.9 build 492-->"C:\Program Files\TagScanner\unins000.exe"
TurboTax Deluxe 2004-->C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
VistaScan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E464B20-65A0-11D5-80F8-0050BA493FB5}\SETUP.EXE"
Wal-Mart Music Downloads Store-->MsiExec.exe /I{DC9E2F1C-CC14-41B0-AFF5-2AFE87B76A1F}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZC Video Converter 1.8.9-->"C:\ZC Video Converter\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG 7.5.523 (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Rick Heitmeyer at 2008-12-15 08:21:58
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 4 GB (15%) free of 29 GB
Total RAM: 766 MB (18% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - I:\CS\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2003-03-16 711168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53FEDE3E-8381-4D47-BD95-B0E52F5288A9}]
C:\WINDOWS\system32\yayvVpnL.dll [2008-12-07 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56de431c-94d7-4973-9c79-2cefed6975b9}]
C:\WINDOWS\system32\qenoqy.dll [2008-12-14 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - I:\CS\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - I:\CS\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]
"Adobe Version Cue CS2"=I:\CS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0"=I:\CS\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]
"DIGServices"=C:\Program Files\ESPNRunTime\DIGServices.exe [2005-05-19 101888]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
"BCMSMMSG"=C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll []
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-02 30192]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2008-04-17 579584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 5361464]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe [2008-12-08 788992]
"243bbb7c"=C:\WINDOWS\system32\dlkqdngv.dll [2008-12-14 72704]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\Rick Heitmeyer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-02 133104]
"GetModule31"=C:\Program Files\GetModule\GetModule31.exe [2008-12-05 367616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeVersionCue]
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacLicense]
C:\Program Files\Conversions Plus\MacLic.exe [2001-09-16 163904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2004-12-21 204845]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-09-19 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe [2005-09-19 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-12-21 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
I:\CS\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe [2005-12-08 3096576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\PROGRA~1\Audible\Bin\AUDIBL~1.EXE [2008-09-15 1766744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Venturi 2.lnk]
C:\PROGRA~1\Venturi2\CONFIG~1\ventcfg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VistaAccess.lnk]
C:\VstaScan\VsAccess.exe [2001-08-07 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick Heitmeyer^Start Menu^Programs^Startup^HOTLLAMA Update Check.lnk]
C:\PROGRA~1\HOTLLA~1\Player\WiseUpdt.exe [2002-07-26 162834]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick Heitmeyer^Start Menu^Programs^Startup^Internet Call Manager.LNK]
C:\PROGRA~1\INTERN~2\ICM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Rick Heitmeyer^Start Menu^Programs^Startup^OpenOffice.org 1.1.1.lnk]
C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
MacName.lnk - C:\Program Files\Conversions Plus\MacName.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL mbquhd.dll qenoqy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifDSlih]
iifDSlih.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-07-19 219448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
ieModule - {EE1B40D8-EF6F-4AAF-9A00-F81D814D87ED} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll [2008-12-08 3312128]
InternetConnection - {369B1D38-2C23-43F2-9484-3D70A69F6B04} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\pzwrsnmzax.dll [2008-12-08 926720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ED0F8DC9-5DDF-4223-A136-DC81E5F64F49}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\yayvVpnL
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"I:\CS\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="I:\CS\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"G:\Desktop Items\utorrent.exe"="G:\Desktop Items\utorrent.exe:*:Disabled:µTorrent"
"C:\Documents and Settings\Rick Heitmeyer\Desktop\utorrent.exe"="C:\Documents and Settings\Rick Heitmeyer\Desktop\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Disabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Disabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Disabled:avgemc.exe"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Disabled:avginet.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe"="C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe:*:Disabled:burst! download engine"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Disabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Disabled:hpqnrs08.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Disabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Disabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe"
"C:\WINDOWS\SYSTEM32\lxcrcoms.exe"="C:\WINDOWS\SYSTEM32\lxcrcoms.exe:*:Disabled:Lexmark Communications System"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Disabled:Roxio Upnp Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31b82292-a2d0-11dd-8af7-00038a000015}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{329f2944-c221-11db-8a4e-00038a000015}]
shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65050f74-7718-11db-8a22-00038a000015}]
shell\AutoRun\command - F:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2008-12-15 08:22:40 ----D---- C:\Program Files\trend micro
2008-12-15 08:21:58 ----D---- C:\rsit
2008-12-14 19:45:30 ----A---- C:\WINDOWS\system32\qenoqy.dll
2008-12-14 19:45:10 ----A---- C:\WINDOWS\system32\dhpmlgxh.dll
2008-12-14 19:42:20 ----SH---- C:\WINDOWS\system32\vgndqkld.ini
2008-12-14 19:42:11 ----A---- C:\WINDOWS\system32\dlkqdngv.dll
2008-12-14 18:51:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-14 18:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-14 14:53:47 ----SH---- C:\WINDOWS\system32\qalqoeti.ini
2008-12-14 14:53:36 ----A---- C:\WINDOWS\system32\iteoqlaq.dll
2008-12-13 17:22:39 ----A---- C:\WINDOWS\system32\aazenv.dll
2008-12-13 17:22:36 ----A---- C:\WINDOWS\system32\edojbjfp.dll
2008-12-09 21:27:10 ----A---- C:\WINDOWS\system32\dmyfwi.dll
2008-12-09 21:27:06 ----A---- C:\WINDOWS\system32\tthevnwt.dll
2008-12-09 21:25:59 ----SH---- C:\WINDOWS\system32\vguyjuki.ini
2008-12-09 21:25:53 ----A---- C:\WINDOWS\system32\ikujyugv.dll
2008-12-09 20:08:54 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-09 20:03:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 18:50:42 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-09 08:07:01 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-09 08:05:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-08 17:34:35 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-08 17:34:21 ----SH---- C:\WINDOWS\system32\qsxohfqs.ini
2008-12-08 17:34:09 ----A---- C:\WINDOWS\vmreg.dll
2008-12-08 17:34:09 ----A---- C:\WINDOWS\reged.exe
2008-12-08 17:34:08 ----A---- C:\WINDOWS\system32\sqfhoxsq.dll
2008-12-08 17:34:06 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-08 17:34:06 ----A---- C:\WINDOWS\syscert.exe
2008-12-08 17:34:06 ----A---- C:\WINDOWS\sys.com
2008-12-08 17:34:06 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-08 17:34:03 ----D---- C:\Program Files\Spyware Guard 2008
2008-12-08 17:32:19 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-08 17:31:09 ----A---- C:\WINDOWS\system32\bppshlfv.exe
2008-12-08 17:28:11 ----A---- C:\WINDOWS\system32\lzdjba.dll
2008-12-08 17:28:08 ----A---- C:\WINDOWS\system32\stmwodub.dll
2008-12-07 09:32:42 ----A---- C:\WINDOWS\system32\mbquhd.dll
2008-12-07 09:32:15 ----A---- C:\WINDOWS\system32\mwarufcx.dll
2008-12-07 09:30:40 ----SH---- C:\WINDOWS\system32\xabuixfv.ini
2008-12-07 09:29:49 ----A---- C:\WINDOWS\system32\vfxiubax.dll
2008-12-07 09:28:15 ----A---- C:\WINDOWS\system32\2f187f02-.txt
2008-12-07 09:21:08 ----ASH---- C:\WINDOWS\system32\LnpVvyay.ini2
2008-12-07 09:21:04 ----ASH---- C:\WINDOWS\system32\LnpVvyay.ini
2008-12-07 09:20:55 ----A---- C:\WINDOWS\system32\yayvVpnL.dll
2008-12-07 09:15:39 ----D---- C:\Documents and Settings\Rick Heitmeyer\Application Data\gadcom
2008-12-07 09:15:30 ----D---- C:\Documents and Settings\Rick Heitmeyer\Application Data\GetModule
2008-12-07 09:15:12 ----D---- C:\Program Files\GetModule
2008-12-07 09:15:11 ----D---- C:\Program Files\iCheck
2008-12-07 09:14:45 ----A---- C:\WINDOWS\system32\~.exe

======List of files/folders modified in the last 1 months======

2008-12-15 08:22:40 ----AD---- C:\Program Files
2008-12-15 08:17:28 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 4
2008-12-15 08:06:30 ----D---- C:\WINDOWS
2008-12-15 08:03:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-15 08:03:24 ----D---- C:\WINDOWS\Prefetch
2008-12-15 07:19:51 ----D---- C:\WINDOWS\Temp
2008-12-14 20:40:49 ----A---- C:\WINDOWS\OPLIMIT.INI
2008-12-14 20:39:28 ----A---- C:\WINDOWS\Filzip.ini
2008-12-14 19:45:30 ----D---- C:\WINDOWS\SYSTEM32
2008-12-14 18:51:24 ----D---- C:\WINDOWS\system32\DRIVERS
2008-12-14 18:39:58 ----SHD---- C:\RECYCLER
2008-12-14 16:17:17 ----D---- C:\Documents and Settings\Rick Heitmeyer\Application Data\AVG7
2008-12-12 22:34:06 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-09 21:05:09 ----D---- C:\Program Files\BitZipperSearch
2008-12-09 19:48:16 ----AC---- C:\WINDOWS\Explorer.EXE.Z-missing.txt
2008-12-09 10:18:20 ----D---- C:\Documents and Settings\Rick Heitmeyer\Application Data\U3
2008-12-09 09:39:58 ----D---- C:\WINDOWS\Debug
2008-12-09 08:17:43 ----SHD---- C:\WINDOWS\Installer
2008-12-09 08:17:40 ----SHD---- C:\Config.Msi
2008-12-09 08:08:06 ----D---- C:\Program Files\Lavasoft
2008-12-09 08:08:02 ----D---- C:\Documents and Settings\Rick Heitmeyer\Application Data\Lavasoft
2008-12-09 08:05:20 ----D---- C:\Program Files\Common Files
2008-12-08 17:32:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-19 18:49:18 ----SD---- C:\WINDOWS\Tasks
2008-11-18 12:10:03 ----RASH---- C:\BOOT.INI
2008-11-18 12:10:03 ----A---- C:\WINDOWS\WIN.INI
2008-11-18 12:10:03 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-18 12:09:59 ----D---- C:\WINDOWS\pss
2008-11-17 18:11:59 ----D---- C:\Program Files\lx_cats

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-12-30 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-12-30 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-12-30 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-31 10760]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-09-19 309632]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-09-19 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-09-19 50176]
R1 StarPortLite;StarPort Storage Controller (Lite); C:\WINDOWS\system32\DRIVERS\StarPortLite.sys [2007-12-27 85760]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-12-30 4960]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2002-09-19 41728]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-09-19 27264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-25 47360]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-07-19 23864]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2001-09-27 28396]
S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-06-21 90784]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-08-19 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-08-19 2560]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S2 DeviceScanner;UMAX Astra 4400 Scanner; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-06-21 69792]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-09-19 27136]
S3 Moddde;Moddde; C:\WINDOWS\system32\drivers\Moddde.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\WINDOWS\System32\Drivers\StMp3Rec.sys [2004-03-02 34308]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Adobe Version Cue CS2;Adobe Version Cue CS2; I:\CS\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-12-30 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-12-30 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2007-12-31 406528]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-02 69632]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2001-11-26 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-02 495616]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-09-19 856064]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-09-19 229376]
S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-09-19 401408]
S2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-09-19 155648]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-07-19 3564344]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-06-14 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-02 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-09-19 45056]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Edited by 347t2xw, 15 December 2008 - 08:30 AM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 22 December 2008 - 10:05 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 24 December 2008 - 10:36 AM

Here is the OT scan.

I am having a difficult time getting GMER to open. Everytime I attempt to open it, the spyware program opens instead. Any suggestions?

I will keep trying.

Thanks.

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 24 December 2008 - 08:17 PM

Hello.

We can go ahead without GMER for now.

That looks nasty. Were you able to update MalwareBytes? It's usually good at removing the types of infections you have.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Download The Avenger and Run Script
Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Right click and extract avenger.exe to your desktop
  • Start the Avenger by clicking on its icon on your desktop.
  • Copy all the text contained in the qoute box below to your Clipboard by highlighting it, right clicking and selecting Copy:
    Files to replace with dummy:
    %allusersprofile%\application data\svhost.exe
    %programfiles%\getmodule\getmodule31.exe
    %programfiles%\spyware guard 2008\spywareguard.exe
    %systemroot%\reged.exe
    %systemroot%\spoolsystem.exe
    %systemroot%\sys.com
    %systemroot%\syscert.exe
    %systemroot%\sysexplorer.exe
    %systemroot%\system32\~.exe
    %systemroot%\system32\aazenv.dll
    %systemroot%\system32\bppshlfv.exe
    %systemroot%\system32\dhpmlgxh.dll
    %systemroot%\system32\dmyfwi.dll
    %systemroot%\system32\edojbjfp.dll
    %systemroot%\system32\hgkbsmcv.dll
    %systemroot%\system32\ikujyugv.dll
    %systemroot%\system32\iteoqlaq.dll
    %systemroot%\system32\jkhcvcus.dll
    %systemroot%\system32\krjmnwvk.dll
    %systemroot%\system32\kvwnmjrk.ini
    %systemroot%\system32\lnpvvyay.ini
    %systemroot%\system32\lnpvvyay.ini2
    %systemroot%\system32\lzdjba.dll
    %systemroot%\system32\mbquhd.dll
    %systemroot%\system32\mwarufcx.dll
    %systemroot%\system32\qalqoeti.ini
    %systemroot%\system32\qenoqy.dll
    %systemroot%\system32\qsxohfqs.ini
    %systemroot%\system32\sqfhoxsq.dll
    %systemroot%\system32\stmwodub.dll
    %systemroot%\system32\tthevnwt.dll
    %systemroot%\system32\vcmsbkgh.ini
    %systemroot%\system32\vfxiubax.dll
    %systemroot%\system32\vgndqkld.ini
    %systemroot%\system32\vguyjuki.ini
    %systemroot%\system32\vsnjxxov.dll
    %systemroot%\system32\winscenter.exe
    %systemroot%\system32\wuzbku.dll
    %systemroot%\system32\xabuixfv.ini
    %systemroot%\system32\xlvofp.dll
    %systemroot%\system32\yayvvpnl.dll
    %systemroot%\system32\digeste.dll
    %systemroot%\vmreg.dll
  • Click Posted Image to paste the script from the clipboard.
  • Click the Execute button
  • Answer Yes twice when prompted.
The process is completely automatic. Do not touch your computer until a log file opens.

The Avenger will do the following:
  • It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", the Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt (considering your operating drive is C:). Post back with it in your next reply.
After running The Avenger, you may recieve some errors the next reboot. This is expected.

Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Processes - Safe List]
    YY -> winscenter.exe -> %SystemRoot%\SYSTEM32\winscenter.exe
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YY -> {3f57a8d6-4a3a-4733-a841-850be1de9240} [HKLM] -> %SystemRoot%\SYSTEM32\xlvofp.dll [Reg Error: Value  does not exist or could not be read.]
    YY -> {8D7B2392-4982-4136-9F29-F3D33C1D1F43} [HKLM] -> %SystemRoot%\SYSTEM32\yayvVpnL.dll [Reg Error: Value  does not exist or could not be read.]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "SpySweeper" -> ["C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray]
    YY -> "spywareguard" -> %ProgramFiles%\Spyware Guard 2008\spywareguard.exe [C:\Program Files\Spyware Guard 2008\spywareguard.exe]
    < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YY -> "GetModule31" -> %ProgramFiles%\GetModule\GetModule31.exe [C:\Program Files\GetModule\GetModule31.exe]
    < Run [HKEY_USERS\S-1-5-21-1163063493-187886468-3224167872-1006\] > -> HKEY_USERS\S-1-5-21-1163063493-187886468-3224167872-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "GetModule31" -> %ProgramFiles%\GetModule\GetModule31.exe [C:\Program Files\GetModule\GetModule31.exe]
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YY -> mbquhd.dll -> %SystemRoot%\SYSTEM32\mbquhd.dll
    YY -> xlvofp.dll -> %SystemRoot%\SYSTEM32\xlvofp.dll
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    YN -> dimsntfy -> 
    YN -> iifDSlih -> 
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    YN ->  digeste.dll -> 
    < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    *LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    YY -> C:\WINDOWS\system32\yayvVpnL -> %SystemRoot%\SYSTEM32\yayvVpnL.dll
    < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
    [Files/Folders - Created Within 30 Days]
    NY -> xlvofp.dll -> %SystemRoot%\System32\xlvofp.dll
    NY -> jkhcvcus.dll -> %SystemRoot%\System32\jkhcvcus.dll
    NY -> vcmsbkgh.ini -> %SystemRoot%\System32\vcmsbkgh.ini
    NY -> hgkbsmcv.dll -> %SystemRoot%\System32\hgkbsmcv.dll
    NY -> kvwnmjrk.ini -> %SystemRoot%\System32\kvwnmjrk.ini
    NY -> krjmnwvk.dll -> %SystemRoot%\System32\krjmnwvk.dll
    NY -> wuzbku.dll -> %SystemRoot%\System32\wuzbku.dll
    NY -> vsnjxxov.dll -> %SystemRoot%\System32\vsnjxxov.dll
    NY -> qenoqy.dll -> %SystemRoot%\System32\qenoqy.dll
    NY -> dhpmlgxh.dll -> %SystemRoot%\System32\dhpmlgxh.dll
    NY -> vgndqkld.ini -> %SystemRoot%\System32\vgndqkld.ini
    NY -> qalqoeti.ini -> %SystemRoot%\System32\qalqoeti.ini
    NY -> iteoqlaq.dll -> %SystemRoot%\System32\iteoqlaq.dll
    NY -> aazenv.dll -> %SystemRoot%\System32\aazenv.dll
    NY -> edojbjfp.dll -> %SystemRoot%\System32\edojbjfp.dll
    NY -> dmyfwi.dll -> %SystemRoot%\System32\dmyfwi.dll
    NY -> tthevnwt.dll -> %SystemRoot%\System32\tthevnwt.dll
    NY -> vguyjuki.ini -> %SystemRoot%\System32\vguyjuki.ini
    NY -> ikujyugv.dll -> %SystemRoot%\System32\ikujyugv.dll
    NY -> winscenter.exe -> %SystemRoot%\System32\winscenter.exe
    NY -> qsxohfqs.ini -> %SystemRoot%\System32\qsxohfqs.ini
    NY -> reged.exe -> %SystemRoot%\reged.exe
    NY -> vmreg.dll -> %SystemRoot%\vmreg.dll
    NY -> sqfhoxsq.dll -> %SystemRoot%\System32\sqfhoxsq.dll
    NY -> sysexplorer.exe -> %SystemRoot%\sysexplorer.exe
    NY -> spoolsystem.exe -> %SystemRoot%\spoolsystem.exe
    NY -> sys.com -> %SystemRoot%\sys.com
    NY -> syscert.exe -> %SystemRoot%\syscert.exe
    NY -> svhost.exe -> %AllUsersProfile%\Application Data\svhost.exe
    NY -> bppshlfv.exe -> %SystemRoot%\System32\bppshlfv.exe
    NY -> lzdjba.dll -> %SystemRoot%\System32\lzdjba.dll
    NY -> stmwodub.dll -> %SystemRoot%\System32\stmwodub.dll
    NY -> mbquhd.dll -> %SystemRoot%\System32\mbquhd.dll
    NY -> mwarufcx.dll -> %SystemRoot%\System32\mwarufcx.dll
    NY -> xabuixfv.ini -> %SystemRoot%\System32\xabuixfv.ini
    NY -> vfxiubax.dll -> %SystemRoot%\System32\vfxiubax.dll
    NY -> LnpVvyay.ini2 -> %SystemRoot%\System32\LnpVvyay.ini2
    NY -> LnpVvyay.ini -> %SystemRoot%\System32\LnpVvyay.ini
    NY -> yayvVpnL.dll -> %SystemRoot%\System32\yayvVpnL.dll
    NY -> gadcom -> %AppData%\gadcom
    NY -> GetModule -> %AppData%\GetModule
    NY -> GetModule -> %ProgramFiles%\GetModule
    NY -> ~.exe -> %SystemRoot%\System32\~.exe
    [Custom Items]
    :files
    %ProgramFiles%\GetModule\
    %ProgramFiles%\Spyware Guard 2008\
    :end
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Please post back with:
-the Avenger log
-the OTScanIt log

Try to run GMER again too.

With Regards,
The Panda

#5 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 25 December 2008 - 02:14 PM

Gmer did not work. I hope I have attached what you need.

During the Avenger restart, I manually restarted because it just "kept starting" for about an hour and didn't go anyplace.

Thanks!

Attached Files



#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 25 December 2008 - 08:49 PM

Hello.

Ah, the Avenger picked up a rootkit during it's run. Let's see what we can do about that.

Run a Script With the Avenger
  • Copy all the text contained in the qoute box below to your Clipboard by highlighting it, right clicking and selecting Copy:
    Drivers to disable:
    TDSSserv.sys
  • Start the Avenger by clicking on its icon on your desktop.
  • Click Posted Image to paste the script from the clipboard.
  • Check the "Disable Rootkits automatically when found" box.
  • Click the Execute button
  • Answer Yes twice when prompted.
  • On reboot(s), a log will open. Post back with it.
Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop. Trasfer the file to the machine if it is unable to download directly.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Please post back with:
-the Avenger log
-the ComboFix log

Try to run GMER again now too.

With Regards,
The Panda

#7 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 26 December 2008 - 10:28 AM

Combofix will not run. Computer did not offer to download the Windows recovery console.

When I try to run Combofix, it gives me a warning and will not run.

Chckdisk ran a few times before I decided to click to not run it.

Where can I download the Windows Recovery Console?

Thanks!

#8 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 26 December 2008 - 10:45 AM

Avenger log attached.

Sorry I forgot to include.

Attached Files



#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 27 December 2008 - 08:24 AM

Hello.

Sorry for the delay.

What error does ComboFix give please?

Let's see if MalwareBytes can run.

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Open OTScanit again. Without changing any settings, hit the Run Scan. Attach the log.

With Regards,
The Panda

#10 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 27 December 2008 - 09:31 AM

Things are looking better now, I think. I don't know if we're done ... Probably not!

I had run a scan last night (11 hours worth) of malwarebytes. I updated and reran a quickscan today.

OTSCANIT keeps freezing. I will try to run it again. (It finally worked -- report attached)

THANKS!!!

Attached Files


Edited by 347t2xw, 27 December 2008 - 11:17 AM.


#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 27 December 2008 - 08:32 PM

Hello.

Looks like MalwareBytes had a rough fight with SpywareGuard.

Download and Run SmitFraudFix
You can find complete instructions for running SmitFraudFix in the link below:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/
  • Please download SmitFraudFix by S!Ri to your desktop.
  • Boot your computer into Safe Mode before we can run this tool. Do not use the MsConfig method.
  • Double click the icon to run it.
  • Select Option 2 by typing 2 and hitting Enter.
  • The scan will progress. Answer Yes to any prompts you receive. This will include running disk cleanup and removing infected files.
  • The tool will restart your computer.
  • Upon reboot, a log file located at C:\rapport.txt will open. Copy its contents into your next reply.
Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Registry - Safe List]
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {54F28CB6-5484-4210-911C-B23BA1910CC1} [HKLM] -> %SystemRoot%\system32\yayvVpnL.dll [Reg Error: Value  does not exist or could not be read.]
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
    YN -> jamgzm.dll -> 
    < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    [Files/Folders - Created Within 30 Days]
    NY -> TDSSosvd.dat -> %SystemRoot%\System32\TDSSosvd.dat
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Run a new scan with MalwareBytes. Make sure you have "Quick Scan" selected. Hopefully, it doesn't take 13 hours again. If it is superslow, you can cancel it.
----
Please try to run ComboFix again, renamed to ComboFixCF.exe. If it gives a warning, please tell me what it is.

Also try GMER again.

With Regards,
The Panda

#12 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 28 December 2008 - 11:45 AM

THANKS FOR YOUR HELP!!!

SmitFraudFix v2.387

Scan done at 11:21:38.85, Sun 12/28/2008
Run from C:\Documents and Settings\Rick Heitmeyer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7230F1FC-0292-4D64-9A0B-69EB3C2DF381}: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7230F1FC-0292-4D64-9A0B-69EB3C2DF381}: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7230F1FC-0292-4D64-9A0B-69EB3C2DF381}: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7230F1FC-0292-4D64-9A0B-69EB3C2DF381}: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=69.36.48.34 69.36.48.35
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=69.36.48.34 69.36.48.35


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54F28CB6-5484-4210-911C-B23BA1910CC1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54F28CB6-5484-4210-911C-B23BA1910CC1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:jamgzm.dll deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\WINDOWS\System32\TDSSosvd.dat moved successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.0 fix logfile created on 12282008_114301

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 28 December 2008 - 07:59 PM

Hello.

Please try running ComboFix now.

If it gives an error, tell me what it is.

Thanks,
The Panda

#14 347t2xw

347t2xw
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 28 December 2008 - 08:14 PM

Thank you.

Combofix would not run. This is the error I get:

" C:\DOCUM~\ ... THE NTVDM CPU HAS ENCOUNTERED AN ILLEGAL INSTRUCTION .... CHOOSE 'CLOSE' TO TERMINATE PROGRAM."

I left out some of the words (noted with .... )

Thanks.

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 28 December 2008 - 09:19 PM

Hello.

Haven't seen that error before. Does not look like an infection causing it though.

Let's do some updating and get an online scan.

Update Java to Version 6 Update 11
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java, Java Runtime Environment (JRE) 6 Update 11 from this page. Follow the prompts and select the appropriate settings for your machine (most likely "Windows"). Click on the "Required File" to download the installer. Double click the installer to run. Delete the installer after use.

Update Windows Installation
Your Microsoft Windows installation is out of date. Whenever a security problem in its software is found, Microsoft will create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malware being installed on your computer.

Please click here to check for and install updates to Windows, and Microsoft applications. If you encounter any problems during the installation, please feel free to ask for help.

The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Reboot and repeat the update process until there are no more updates to install.

F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please also include a fresh HijackThis or DDS log.

Any problems right now?

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users