Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

INFECTED WITH TROJAN HORSE


  • This topic is locked This topic is locked
2 replies to this topic

#1 lichos

lichos

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 17 December 2008 - 09:42 PM

I think my PC is infected with a trojan horse, because Trend Micro shows that I have a TROJ ARPOISON.B. I get countless popups from different websites and the virus will not allow me to do a Windows Update. Each time I try to download updates, they won't download. The popups that appear show what seems to be a fake Virus Scan program, cause the windows that pop up ask me if I want to do a system scan. What appears is not my Trend Micro virus scan, but rather, an internet popup mimicking a virus scan.

Below Ill post the different logs I got from RSIT and Hijack This! Thanks a lot!


Logfile of random's system information tool 1.05 (written by random/random)
Run by Lichos at 2008-12-17 21:24:25
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 36 GB (26%) free of 140 GB
Total RAM: 3069 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:27 p.m., on 12/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lichos\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Lichos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.as...;l=es&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: D - {215EBB60-6F34-3DCC-9B55-51D6E5EE9D42} - C:\Windows\system32\xwr98467.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LuckyTender - {5E2402A0-5F99-4188-B30D-D8743996B340} - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Cognac] C:\Users\Lichos\AppData\Local\Temp\~tmpb.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{22748B88-06ED-424C-8B97-E713BC612DCE}: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D05862-DA35-4BDE-966A-7590258983B6}: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4927C8-FC4F-49CB-A898-C5D61B4F555A}: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CS1\Services\Tcpip\..\{22748B88-06ED-424C-8B97-E713BC612DCE}: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CS2\Services\Tcpip\..\{22748B88-06ED-424C-8B97-E713BC612DCE}: NameServer = 85.255.116.86;85.255.112.157
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.86;85.255.112.157
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 12987 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{215EBB60-6F34-3DCC-9B55-51D6E5EE9D42}]
D - C:\Windows\system32\xwr98467.dll [2008-11-21 167936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-25 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E2402A0-5F99-4188-B30D-D8743996B340}]
SliderShowCtrl Class - C:\Program Files\LuckyTender\1.3.0\LuckyTender.dll [2008-05-29 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1029416]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-12-02 36864]
"VolPanel"=C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [2006-11-27 180224]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"Launch LCDMon"=C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe [2007-07-18 775952]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-09-22 1398024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"LELA"=C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-08-06 159744]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-01 405504]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-06 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2007-11-06 81920]
"MBBalloon"=C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe [2007-11-30 789144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSC"=C:\Program Files\Trend Micro\Internet Security\tsc.exe [2008-07-02 353544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Cognac"=C:\Users\Lichos\AppData\Local\Temp\~tmpb.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Lichos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e82ad04-b824-11dd-b6c2-001fe2d9cd60}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2008-12-17 21:24:25 ----D---- C:\rsit
2008-12-15 23:06:37 ----A---- C:\Windows\wininit.ini
2008-12-15 22:37:02 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-15 22:37:02 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-13 18:07:22 ----AD---- C:\ProgramData\TEMP
2008-12-13 18:07:16 ----D---- C:\Users\Lichos\AppData\Roaming\PC Tools
2008-12-13 18:07:16 ----D---- C:\Program Files\Spyware Doctor
2008-12-10 19:46:10 ----A---- C:\Windows\DCEBoot.exe
2008-12-10 05:14:05 ----A---- C:\Windows\system32\yaywusrs.dll
2008-12-10 05:14:04 ----D---- C:\Windows\EasyDecrypter v1.12
2008-12-10 05:14:04 ----D---- C:\Program Files\EasyDecrypter v1.12
2008-12-10 05:13:28 ----D---- C:\Program Files\homeview
2008-12-09 19:54:39 ----D---- C:\Users\Lichos\AppData\Roaming\Ace
2008-12-09 19:50:52 ----A---- C:\Windows\system32\xinput1_3.dll
2008-12-09 19:50:50 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-09 19:50:42 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-09 19:50:06 ----D---- C:\Program Files\THQ
2008-11-29 14:51:21 ----D---- C:\Program Files\CASIO
2008-11-29 14:51:17 ----A---- C:\Windows\system32\PICSDK.dll
2008-11-29 14:51:17 ----A---- C:\Windows\system32\EpPicPrt.dll
2008-11-29 14:51:17 ----A---- C:\Windows\system32\EPPicMgr.dll
2008-11-29 14:49:39 ----D---- C:\Program Files\HOTALBUMMyBOX
2008-11-25 19:40:54 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 19:40:54 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 19:40:54 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 19:40:54 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 19:40:42 ----A---- C:\Windows\system32\wups.dll
2008-11-25 19:40:42 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 19:40:42 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 19:40:35 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 19:40:35 ----A---- C:\Windows\system32\wuapp.exe
2008-11-22 06:22:36 ----D---- C:\Users\Lichos\AppData\Roaming\Ulead Systems
2008-11-22 06:22:00 ----D---- C:\Users\Lichos\AppData\Roaming\InstallShield
2008-11-22 06:10:53 ----D---- C:\Program Files\Common Files\InterVideo
2008-11-22 06:10:10 ----D---- C:\Program Files\Windows Media Components
2008-11-22 06:09:13 ----D---- C:\ProgramData\Ulead Systems
2008-11-22 06:09:13 ----D---- C:\Program Files\Common Files\Ulead Systems
2008-11-21 19:57:10 ----A---- C:\Windows\system32\xa8890730.exe
2008-11-21 19:57:09 ----A---- C:\Windows\system32\xa8889670.exe
2008-11-21 19:56:41 ----D---- C:\Program Files\Wondershare
2008-11-21 19:52:02 ----D---- C:\Program Files\Photo Story 3 for Windows
2008-11-21 19:42:44 ----D---- C:\ProgramData\NCH Software
2008-11-21 19:42:13 ----D---- C:\Program Files\NCH Software
2008-11-21 18:58:53 ----A---- C:\Windows\system32\xwr98467.dll
2008-11-21 18:58:53 ----A---- C:\Windows\system32\wr98467.dll
2008-11-21 18:58:52 ----A---- C:\Windows\system32\xa5392876.exe
2008-11-21 18:58:51 ----A---- C:\Windows\system32\xa5391644.exe
2008-11-21 18:11:31 ----RHD---- C:\Users\Lichos\AppData\Roaming\SecuROM
2008-11-21 17:40:52 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-21 17:40:52 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-21 17:40:52 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-21 17:40:52 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-21 17:40:51 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-21 17:40:51 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-21 17:40:51 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-21 17:40:51 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-21 17:40:51 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-21 17:40:50 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-21 17:40:50 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-21 17:40:50 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-21 17:40:50 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-21 17:40:50 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-21 17:40:49 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-21 17:40:49 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-21 17:40:49 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-21 17:40:48 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-21 17:40:46 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-21 17:40:46 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-21 17:40:45 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-21 17:40:44 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-21 17:40:44 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-21 17:40:44 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-21 17:40:44 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-21 17:40:43 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-21 17:40:43 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-21 17:40:43 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-21 17:40:43 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-21 17:40:42 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-21 17:40:42 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-21 17:40:42 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-21 17:40:42 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-21 17:40:41 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-21 17:40:36 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-21 17:40:36 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-21 17:40:36 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-21 17:40:35 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-21 17:40:35 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-21 17:40:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-21 17:40:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-21 17:40:34 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-21 17:40:34 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-21 17:39:23 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-21 17:39:20 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-21 17:39:20 ----A---- C:\Windows\system32\pbsvc.exe
2008-11-21 17:34:37 ----D---- C:\Program Files\Ubisoft
2008-11-21 17:31:00 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-21 17:27:13 ----D---- C:\Users\Lichos\AppData\Roaming\DAEMON Tools
2008-11-20 19:10:27 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-11-20 19:02:16 ----D---- C:\Program Files\Realore
2008-11-20 19:01:54 ----D---- C:\Program Files\LuckyTender
2008-11-20 17:54:14 ----D---- C:\Program Files\Vstplugins
2008-11-20 17:54:07 ----D---- C:\ProgramData\Sony
2008-11-20 17:53:53 ----D---- C:\Program Files\Sony

======List of files/folders modified in the last 1 months======

2008-12-17 21:24:27 ----D---- C:\Windows\Temp
2008-12-17 21:24:27 ----D---- C:\Windows\Prefetch
2008-12-17 21:10:51 ----D---- C:\Program Files\Trend Micro
2008-12-17 20:34:29 ----D---- C:\Windows\System32
2008-12-17 20:34:29 ----D---- C:\Windows\inf
2008-12-17 20:34:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-17 20:31:09 ----D---- C:\Windows
2008-12-16 23:38:06 ----SHD---- C:\System Volume Information
2008-12-16 22:35:12 ----D---- C:\Downloads
2008-12-15 22:37:02 ----RD---- C:\Program Files
2008-12-15 22:37:02 ----HD---- C:\ProgramData
2008-12-15 21:05:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-15 21:05:22 ----SHD---- C:\Windows\Installer
2008-12-13 18:07:33 ----D---- C:\Windows\system32\drivers
2008-12-10 05:25:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-30 22:55:14 ----D---- C:\Windows\system32\catroot2
2008-11-30 17:46:38 ----D---- C:\ProgramData\Roxio
2008-11-29 14:49:14 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-26 23:28:35 ----D---- C:\Windows\Microsoft.NET
2008-11-26 23:11:13 ----D---- C:\Program Files\Zune
2008-11-26 23:08:23 ----RSD---- C:\Windows\assembly
2008-11-26 23:08:01 ----D---- C:\Windows\system32\catroot
2008-11-26 20:56:03 ----SD---- C:\Users\Lichos\AppData\Roaming\Microsoft
2008-11-25 23:17:40 ----D---- C:\Windows\rescache
2008-11-25 23:12:28 ----D---- C:\Windows\winsxs
2008-11-25 23:01:46 ----D---- C:\Windows\system32\en-US
2008-11-22 06:10:53 ----D---- C:\Program Files\Common Files
2008-11-22 06:10:04 ----RSD---- C:\Windows\Fonts
2008-11-21 19:52:04 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-21 18:14:06 ----D---- C:\Program Files\BitComet
2008-11-21 17:39:55 ----D---- C:\Windows\Logs
2008-11-21 17:39:20 ----D---- C:\Windows\system32\LogFiles
2008-11-21 17:31:32 ----D---- C:\Windows\system32\WDI
2008-11-21 17:14:02 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2008-09-18 142352]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-03-25 65936]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-17 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2008-03-25 52496]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2008-03-25 138384]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2008-03-25 52240]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2008-09-18 234512]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-28 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 7619968]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-02 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-02 7424]
R3 physX32;physX32; C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 193456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 avk35z1g;avk35z1g; C:\Windows\system32\drivers\avk35z1g.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-16 28672]
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-18 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-01 73728]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-08-12 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800]
R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]
R2 NMSAccessU;NMSAccessU; C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe [2007-10-12 71096]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-11-21 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-10-02 703008]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-01 102400]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-08-29 337160]
R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-09-22 488768]
R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-03-25 648456]
R3 usnjsvc;Servicio Lector del diario USN de Carpetas para compartir de Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-11 654848]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-03-04 948616]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2008-12-17 21:24:31

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->MsiExec /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AGEIA PhysX v7.06.26-->MsiExec.exe /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aqua Bubble 2-->"C:\Program Files\Realore\Aqua Bubble 2\unins000.exe"
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BitComet 1.03-->C:\Program Files\BitComet\uninst.exe
Broadcom Management Programs-->MsiExec.exe /X{177D1318-3E4B-4A7C-A300-AC4E21BE090B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Crysis® SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Disney-Pixar Ratatouille Demo-->C:\Program Files\InstallShield Installation Information\{EA5EA0B3-7C8C-4B34-B1EB-249EDA7F30C8}\setup.exe -runfromtemp -l0x000a -removeonly
Disney-Pixar WALL-E Demo-->C:\Program Files\InstallShield Installation Information\{30901794-9757-4E9C-B651-56E431CB839A}\setup.exe -runfromtemp -l0x000a -removeonly
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
EasyDecrypter v1.12-->"C:\Windows\EasyDecrypter v1.12\uninstall.exe" "/U:C:\Program Files\EasyDecrypter v1.12\Uninstall\uninstall.xml"
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Fotosizer 1.18-->C:\Program Files\Fotosizer\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
homeview-->"C:\Program Files\homeview\Uninstall.exe"
HOT ALBUM MYBOX-->C:\Program Files\HOTALBUMMyBOX\VUninst.exe /a
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{284BD984-6E5C-4586-80A8-14D85E233497}\setup.exe" -runfromtemp -l0x040a -removeonly
Linksys EasyLink Advisor-->MsiExec.exe /I{284BD984-6E5C-4586-80A8-14D85E233497}
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Logitech Gaming LCD Software 1.04-->MsiExec.exe /X{F7511FE7-BA89-4939-B2EF-A3F287B0F298}
LuckyTender 1.3.0-->C:\Program Files\LuckyTender\uninst.exe
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PhotoStage Slideshow Producer-->C:\Program Files\NCH Software\PhotoStage\uninst.exe
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super DVD Creator 9.8 Full Version-->"C:\Program Files\Super_DVD_Creator_9.8\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live installer-->MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
Windows Live Messenger-->MsiExec.exe /X{FC411B47-30BF-428C-9C1E-F6C54A94EA7E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wondershare Photo Story Platinum 3.1.0-->"C:\Program Files\Wondershare\Photo Story Platinum\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall
AS: Trend Micro Internet Security
AS: Spyware Doctor (disabled)
AS: Windows Defender (disabled) (outdated)

System event log

Computer Name: Lichos-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 25815
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20081218023318.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 10029
Message: DCOM started the service wercplsupport with arguments "" in order to run the server:
{0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
Record Number: 25816
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20081218024210.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the running state.
Record Number: 25817
Source Name: Service Control Manager
Time Written: 20081218024210.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 25818
Source Name: Service Control Manager
Time Written: 20081218024210.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 25819
Source Name: Service Control Manager
Time Written: 20081218024910.000000-000
Event Type: Information
User:

Application event log

Computer Name: Lichos-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 4635
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20081218022908.888274-000
Event Type: Information
User: Lichos-PC\Lichos

Computer Name: Lichos-PC
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 4636
Source Name: usnjsvc
Time Written: 20081218023039.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 102
Message: msnmsgr (5772) \\.\C:\Users\Lichos\AppData\Local\Microsoft\Messenger\lichoscar@hotmail.com\SharingMetadata\Working\database_328C_220F_8C21_CDE3\dfsr.db: The database engine (6.00.6001.0000) started a new instance (0).
Record Number: 4637
Source Name: ESENT
Time Written: 20081218023040.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.
Record Number: 4638
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081218023428.000000-000
Event Type: Information
User:

Computer Name: Lichos-PC
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.
Record Number: 4639
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20081218023429.000000-000
Event Type: Information
User:

Security event log

Computer Name: Lichos-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 9301
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218032427.139274-000
Event Type: Audit Failure
User:

Computer Name: Lichos-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 9302
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218032427.163274-000
Event Type: Audit Failure
User:

Computer Name: Lichos-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 9303
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218032427.183274-000
Event Type: Audit Failure
User:

Computer Name: Lichos-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 9304
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218032427.205274-000
Event Type: Audit Failure
User:

Computer Name: Lichos-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 9305
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081218032427.221274-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:46 AM

Posted 26 December 2008 - 05:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:46 AM

Posted 03 January 2009 - 01:14 PM

Due to the lack of feedback, this Topic is now closed.

If you still have problems, please Start a new topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users