Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virusremover 2008, pop ups, commandservice.exe


  • This topic is locked This topic is locked
19 replies to this topic

#1 RobiSuicide

RobiSuicide

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 January 2009 - 11:50 PM

I'm having a lot of problems with my computer at the moment. First I got this Virusremover 2008 pop up asking me to install, I ignored it, didn't come up again for awhile. Now I'm having all these pop ups (Sagispaul, some with what looks like ip addresses etc.) and this CommandService.exe shows up in my running processes at times, I'll end it then it comes back later anywhere from 5 minutes to the next day. I really need some help with this, its bugging me. Here's my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:02 PM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.52.4.76 www.limewire.com
O1 - Hosts: 72.52.4.76 www.frostwire.com
O1 - Hosts: 72.52.4.76 www.bit-torrent.com
O1 - Hosts: 72.52.4.76 www.bearshare.com
O1 - Hosts: 72.52.4.76 www.zeropaid.com
O1 - Hosts: 72.52.4.76 www.felmlee.com
O1 - Hosts: 72.52.4.76 www.gnutelliums.com
O1 - Hosts: 72.52.4.76 phex.sourceforge.net
O1 - Hosts: 72.52.4.76 www.revolutionarystuff.com
O1 - Hosts: 72.52.4.76 www.xolox.nl
O1 - Hosts: 72.52.4.76 www.grokster.com
O1 - Hosts: 72.52.4.76 www.morpheus.com
O1 - Hosts: 72.52.4.76 www.music-e.net
O1 - Hosts: 72.52.4.76 www.chadsmp3s.com
O1 - Hosts: 72.52.4.76 www.napster.com
O1 - Hosts: 72.52.4.76 www.napstermp3.com
O1 - Hosts: 72.52.4.76 www.shareaza.com
O1 - Hosts: 72.52.4.76 www.neo-modus.com
O1 - Hosts: 72.52.4.76 www.filetopia.org
O1 - Hosts: 72.52.4.76 www.imesh.com
O1 - Hosts: 72.52.4.76 www.gnutellaforums.com
O1 - Hosts: 72.52.4.76 www.kazaa.com
O1 - Hosts: 72.52.4.76 www.torrent-finder.com
O1 - Hosts: 72.52.4.76 www.sharetv.org
O1 - Hosts: 72.52.4.76 www.btjunkie.org
O1 - Hosts: 72.52.4.76 www.filemp3.org
O1 - Hosts: 72.52.4.76 www.torrentbytes.net
O1 - Hosts: 72.52.4.76 www.thepiratebay.org
O1 - Hosts: 72.52.4.76 www.torrentz.com
O1 - Hosts: 72.52.4.76 www.torrents.to
O1 - Hosts: 72.52.4.76 www.torrentmatrix.com
O1 - Hosts: 72.52.4.76 www.isohunt.com
O1 - Hosts: 72.52.4.76 www.torrent-damage.net
O1 - Hosts: 72.52.4.76 www.meganova.org
O1 - Hosts: 72.52.4.76 www.fulldls.com
O1 - Hosts: 72.52.4.76 www.scrapetorrent.com
O1 - Hosts: 72.52.4.76 www.thinktorrent.com
O1 - Hosts: 72.52.4.76 www.filelist.org
O1 - Hosts: 72.52.4.76 www.torrentlocomotive.com
O1 - Hosts: 72.52.4.76 www.porn.com
O1 - Hosts: 72.52.4.76 www.whitehouse.com
O1 - Hosts: 72.52.4.76 www.xxx.com
O1 - Hosts: 72.52.4.76 www.Slyuser.com
O1 - Hosts: 72.52.4.76 www.foxyproxy.com
O1 - Hosts: 72.52.4.76 www.ugoplayer.com
O1 - Hosts: 72.52.4.76 www.rapidojeux.com
O1 - Hosts: 72.52.4.76 www.zango.com
O1 - Hosts: 72.52.4.76 www.erotic.com
O1 - Hosts: 72.52.4.76 www.penthouse.com
O1 - Hosts: 72.52.4.76 www.playboy.com
O1 - Hosts: 72.52.4.76 www.hustler.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [fce8a2ef] rundll32.exe "C:\WINDOWS\system32\apkyjaqp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182892836953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll shdswo.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10641 bytes

BC AdBot (Login to Remove)

 


#2 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 January 2009 - 12:17 AM

Oh also I used AVG and Spyhunter and it found Trojan Vundo and the VirusRemover2008 and deleted em. Yet I still get these pop ups and etc.

#3 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 January 2009 - 04:49 AM

Bumping, back to first page.

#4 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 11 January 2009 - 10:00 PM

Bumping up again.

bleep I just read the Don't Bump thing at the top of the page :thumbsup:

Edited by RobiSuicide, 11 January 2009 - 10:01 PM.


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 12 January 2009 - 02:16 PM

Please download the HostsXpert by funkytoad.
  • Unzip HostsXpert to a convenient folder such as C:\HostsXpert
  • Double-click HostsXpert.exe to run HostsXpert - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Ms Hosts File and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 03:13 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1645
Windows 5.1.2600 Service Pack 2

1/13/2009 12:11:02 PM
mbam-log-2009-01-13 (12-11-02).txt

Scan type: Full Scan (C:\|)
Objects scanned: 129609
Time elapsed: 49 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\D'Accord Music Software\D'Accord Personal Guitarist 1.2\DAccordPersonalGuitaristv12_Crack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\D'Accord Music Software\D'Accord Personal Guitarist 1.2\Crack\DAccordPersonalGuitaristv12_Crack.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#7 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 03:17 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Parent at 2009-01-13 12:14:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 45 GB (59%) free of 76 GB
Total RAM: 895 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:17 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Parent\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Parent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.52.4.76 www.limewire.com
O1 - Hosts: 72.52.4.76 www.frostwire.com
O1 - Hosts: 72.52.4.76 www.bit-torrent.com
O1 - Hosts: 72.52.4.76 www.bearshare.com
O1 - Hosts: 72.52.4.76 www.zeropaid.com
O1 - Hosts: 72.52.4.76 www.felmlee.com
O1 - Hosts: 72.52.4.76 www.gnutelliums.com
O1 - Hosts: 72.52.4.76 phex.sourceforge.net
O1 - Hosts: 72.52.4.76 www.revolutionarystuff.com
O1 - Hosts: 72.52.4.76 www.xolox.nl
O1 - Hosts: 72.52.4.76 www.grokster.com
O1 - Hosts: 72.52.4.76 www.morpheus.com
O1 - Hosts: 72.52.4.76 www.music-e.net
O1 - Hosts: 72.52.4.76 www.chadsmp3s.com
O1 - Hosts: 72.52.4.76 www.napster.com
O1 - Hosts: 72.52.4.76 www.napstermp3.com
O1 - Hosts: 72.52.4.76 www.shareaza.com
O1 - Hosts: 72.52.4.76 www.neo-modus.com
O1 - Hosts: 72.52.4.76 www.filetopia.org
O1 - Hosts: 72.52.4.76 www.imesh.com
O1 - Hosts: 72.52.4.76 www.gnutellaforums.com
O1 - Hosts: 72.52.4.76 www.kazaa.com
O1 - Hosts: 72.52.4.76 www.torrent-finder.com
O1 - Hosts: 72.52.4.76 www.sharetv.org
O1 - Hosts: 72.52.4.76 www.btjunkie.org
O1 - Hosts: 72.52.4.76 www.filemp3.org
O1 - Hosts: 72.52.4.76 www.torrentbytes.net
O1 - Hosts: 72.52.4.76 www.thepiratebay.org
O1 - Hosts: 72.52.4.76 www.torrentz.com
O1 - Hosts: 72.52.4.76 www.torrents.to
O1 - Hosts: 72.52.4.76 www.torrentmatrix.com
O1 - Hosts: 72.52.4.76 www.isohunt.com
O1 - Hosts: 72.52.4.76 www.torrent-damage.net
O1 - Hosts: 72.52.4.76 www.meganova.org
O1 - Hosts: 72.52.4.76 www.fulldls.com
O1 - Hosts: 72.52.4.76 www.scrapetorrent.com
O1 - Hosts: 72.52.4.76 www.thinktorrent.com
O1 - Hosts: 72.52.4.76 www.filelist.org
O1 - Hosts: 72.52.4.76 www.torrentlocomotive.com
O1 - Hosts: 72.52.4.76 www.porn.com
O1 - Hosts: 72.52.4.76 www.whitehouse.com
O1 - Hosts: 72.52.4.76 www.xxx.com
O1 - Hosts: 72.52.4.76 www.Slyuser.com
O1 - Hosts: 72.52.4.76 www.foxyproxy.com
O1 - Hosts: 72.52.4.76 www.ugoplayer.com
O1 - Hosts: 72.52.4.76 www.rapidojeux.com
O1 - Hosts: 72.52.4.76 www.zango.com
O1 - Hosts: 72.52.4.76 www.erotic.com
O1 - Hosts: 72.52.4.76 www.penthouse.com
O1 - Hosts: 72.52.4.76 www.playboy.com
O1 - Hosts: 72.52.4.76 www.hustler.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4B63CCAD-955A-4F03-B9C6-571AC3B31DD3} - C:\WINDOWS\system32\efcButUL.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182892836953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll lmgvhd.dll
O20 - Winlogon Notify: fccaAroP - fccaAroP.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11014 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\dxjehqri.job
C:\WINDOWS\tasks\Norton Security Scan for Parent.job
C:\WINDOWS\tasks\sugiguph.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B63CCAD-955A-4F03-B9C6-571AC3B31DD3}]
C:\WINDOWS\system32\efcButUL.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1282048]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-01-20 159744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-06-26 180269]
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [2007-03-06 468544]
"McAfee Managed Services Tray"=C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe [2007-05-18 190016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-22 1261336]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Parent\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll lmgvhd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaAroP]
fccaAroP.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcButUL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ab2e1a-23ce-11dc-b6a3-806d6172696f}]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f050d15-25b3-11dc-99e4-806d6172696f}]
shell\AutoRun\command - D:\ltree\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8901a03b-25a6-11dc-a8b1-806d6172696f}]
shell\AutoRun\command - D:\ltree\autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eee2af4d-0710-11dd-969f-806d6172696f}]
shell\AutoRun\command - D:\ltree\autorun\autorun.exe


======List of files/folders created in the last 3 months======

2009-01-13 12:14:49 ----D---- C:\rsit
2009-01-13 11:17:06 ----D---- C:\HostsXpert
2009-01-12 04:41:24 ----D---- C:\Program Files\I-Doser
2009-01-12 02:38:57 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-01-12 02:38:54 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-01-12 02:38:52 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-12 01:42:04 ----D---- C:\Avenger
2009-01-12 01:42:03 ----A---- C:\avenger.txt
2009-01-12 01:29:58 ----D---- C:\Documents and Settings\Parent\Application Data\Malwarebytes
2009-01-12 01:29:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-12 01:29:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-11 22:05:26 ----D---- C:\Program Files\D'Accord Music Software
2009-01-11 19:54:48 ----D---- C:\Program Files\Norton Security Scan
2009-01-11 16:52:05 ----D---- C:\WINDOWS\system32\Adobe
2009-01-10 20:39:47 ----D---- C:\Program Files\Trend Micro
2009-01-10 08:49:37 ----D---- C:\Documents and Settings\Parent\Application Data\PlayFirst
2009-01-10 08:49:37 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-01-10 08:15:00 ----D---- C:\Documents and Settings\Parent\Application Data\SBTT
2009-01-10 01:06:41 ----A---- C:\WINDOWS\system32\shdswo.dll
2009-01-10 01:06:40 ----A---- C:\WINDOWS\system32\fcgfifjp.dll
2009-01-10 01:03:44 ----ASH---- C:\WINDOWS\system32\pqajykpa.ini
2009-01-09 20:39:21 ----D---- C:\Program Files\Enigma Software Group
2009-01-09 00:57:20 ----A---- C:\WINDOWS\system32\f7cb6691-.txt
2009-01-05 17:48:36 ----D---- C:\Program Files\Nick Arcade
2009-01-05 14:33:04 ----D---- C:\Program Files\Nick Jr. Arcade
2009-01-03 01:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-01-03 01:54:36 ----D---- C:\Documents and Settings\Parent\Application Data\CyberLink
2009-01-03 01:06:19 ----D---- C:\Program Files\Common Files\CyberLink
2009-01-03 01:05:39 ----D---- C:\Program Files\CyberLink
2009-01-03 01:04:41 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-01-03 00:47:54 ----D---- C:\WINDOWS\system32\DefaultDirName
2009-01-02 20:18:51 ----D---- C:\Documents and Settings\Parent\Application Data\Viewpoint
2009-01-02 15:32:44 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-01-02 14:37:49 ----D---- C:\Documents and Settings\Parent\Application Data\Vso
2009-01-02 14:37:49 ----A---- C:\Documents and Settings\Parent\Application Data\inst.exe
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-01-02 14:37:35 ----D---- C:\Program Files\VSO
2008-12-30 22:45:10 ----D---- C:\my dvd
2008-12-30 22:41:54 ----A---- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
2008-12-30 22:41:49 ----D---- C:\Program Files\Easy Avi Divx Xvid to DVD Burner
2008-12-28 13:59:26 ----A---- C:\temp.txt
2008-12-28 13:57:53 ----D---- C:\Documents and Settings\Parent\Application Data\FrimaStudio
2008-12-27 20:09:33 ----D---- C:\WINDOWS\Minidump
2008-12-27 15:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\Intenium
2008-12-27 02:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-27 02:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-27 02:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-27 02:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-26 09:56:38 ----A---- C:\WINDOWS\iPlayer.INI
2008-12-26 08:17:29 ----D---- C:\Program Files\InterActual
2008-12-25 21:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-12-25 21:22:28 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-12-25 21:22:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-25 21:21:56 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-25 21:21:36 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-25 21:20:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-25 21:19:02 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-25 21:18:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-25 10:11:05 ----A---- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 10:10:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-25 10:08:28 ----D---- C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-12-25 10:07:46 ----D---- C:\Program Files\LeapFrog
2008-12-24 12:29:14 ----A---- C:\WINDOWS\dvdSanta.INI
2008-12-24 11:07:00 ----D---- C:\TempDVD
2008-12-24 11:07:00 ----D---- C:\dvdsanta
2008-12-24 11:06:57 ----D---- C:\Documents and Settings\Parent\Application Data\Thinstall
2008-12-23 21:43:09 ----D---- C:\Program Files\AC3Filter
2008-12-22 23:17:43 ----D---- C:\Program Files\WIDCOMM
2008-12-22 23:05:23 ----HD---- C:\$AVG8.VAULT$
2008-12-22 23:01:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-22 23:00:39 ----D---- C:\Program Files\AVG
2008-12-22 23:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-22 22:53:50 ----D---- C:\Program Files\HP PCMCIA Smart Card Reader
2008-12-22 21:34:27 ----ASH---- C:\WINDOWS\system32\gOrtCcfe.ini2
2008-12-22 21:34:26 ----ASH---- C:\WINDOWS\system32\gOrtCcfe.ini
2008-12-21 00:01:10 ----D---- C:\Program Files\My Friends Manager
2008-12-20 23:57:22 ----D---- C:\Program Files\Friend Click
2008-12-20 23:56:34 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-20 23:56:33 ----D---- C:\Program Files\FriendBlasterPro
2008-12-19 04:02:50 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-18 02:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-18 02:33:50 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2008-12-18 02:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891122$
2008-12-18 02:33:13 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-18 02:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-12-18 02:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-18 00:11:18 ----D---- C:\Documents and Settings\Parent\Application Data\My Games
2008-12-17 23:33:36 ----D---- C:\Program Files\Firaxis Games
2008-12-17 18:32:32 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-12-16 03:01:25 ----D---- C:\Program Files\MSXML 4.0
2008-12-15 22:58:14 ----D---- C:\Program Files\Common Files\DirectX
2008-12-15 22:55:14 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-15 22:36:07 ----D---- C:\Program Files\Stacked
2008-12-15 19:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-12-15 11:51:08 ----D---- C:\Program Files\ASIO4ALL v2
2008-12-15 10:28:18 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-12-15 09:48:02 ----D---- C:\Documents and Settings\Parent\Application Data\Elluminate
2008-12-14 08:06:35 ----SHD---- C:\WINDOWS\ftpcache
2008-12-14 07:40:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-14 02:21:20 ----D---- C:\Documents and Settings\Parent\Application Data\DivX
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxinsi64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-12-14 02:00:38 ----A---- C:\WINDOWS\system32\px.dll
2008-12-14 02:00:14 ----D---- C:\Program Files\DivX
2008-12-13 20:46:28 ----A---- C:\WINDOWS\system32\hpzll054.dll
2008-12-13 20:32:41 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-13 20:32:28 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-13 20:32:13 ----D---- C:\Program Files\HP
2008-12-13 20:31:48 ----HD---- C:\Config.Msi
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-13 20:30:30 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-13 20:30:30 ----A---- C:\WINDOWS\system32\HPZIDS01.dll
2008-12-13 12:38:18 ----D---- C:\Program Files\Samson
2008-12-12 20:47:24 ----D---- C:\Documents and Settings\Parent\Application Data\Mount&Blade
2008-12-12 20:39:11 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-12 20:39:11 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-12 20:39:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-12 20:39:08 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-12 20:39:08 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-12 20:39:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-12 20:39:05 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-12 20:39:03 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-12 20:39:00 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-12 20:38:59 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-12 20:38:58 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-12 20:38:57 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-12 20:38:57 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-12 20:38:55 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-12 20:38:55 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-12 20:38:54 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-12 20:38:54 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-12 20:38:52 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-12 20:38:52 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-12 20:38:41 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-12 20:38:39 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-12 20:38:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-12 20:38:38 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-12 20:38:37 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-12 20:38:35 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-12 20:38:17 ----D---- C:\WINDOWS\Logs
2008-12-12 20:37:12 ----D---- C:\Program Files\Mount&Blade
2008-12-12 10:29:57 ----D---- C:\Program Files\BestGameEver
2008-12-12 10:29:10 ----D---- C:\Program Files\MagicDisc
2008-12-12 10:25:54 ----D---- C:\Program Files\MagicISO
2008-12-12 01:56:32 ----D---- C:\Documents and Settings\Parent\Application Data\acccore
2008-12-12 01:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-11 23:40:27 ----D---- C:\Program Files\Adobe Media Player
2008-12-11 23:37:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 23:32:43 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVUI2RC.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVUI2.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVComS.exe
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVComC.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVCodec2.dll
2008-12-11 21:29:14 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-11 21:27:33 ----D---- C:\Documents and Settings\Parent\Application Data\Yahoo!
2008-12-11 21:27:33 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-11 21:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-11 21:26:53 ----D---- C:\Program Files\Yahoo!
2008-12-11 20:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-11 19:12:39 ----D---- C:\Documents and Settings\Parent\Application Data\LimeWire
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-11 19:01:57 ----D---- C:\WINDOWS\Sun
2008-12-11 18:23:11 ----D---- C:\Program Files\LimeWire
2008-12-11 17:55:25 ----D---- C:\My Music
2008-12-11 17:52:40 ----D---- C:\Program Files\MediaMonkey
2008-12-11 17:43:58 ----D---- C:\Documents and Settings\Parent\Application Data\TuneUp Software
2008-12-11 17:43:33 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-12-11 17:43:32 ----D---- C:\Program Files\TuneUp Utilities 2009
2008-12-11 17:43:17 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-11 17:33:28 ----D---- C:\Program Files\MSN Messenger
2008-12-11 17:12:03 ----D---- C:\Documents and Settings\Parent\Application Data\WinRAR
2008-12-11 17:10:54 ----D---- C:\Program Files\Common Files\digidesign
2008-12-11 15:53:45 ----D---- C:\Program Files\WinRAR
2008-12-11 14:26:56 ----D---- C:\Program Files\Viewpoint
2008-12-11 14:26:56 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-11 14:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-11 14:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-11 14:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-11 14:26:35 ----D---- C:\Program Files\Common Files\AOL
2008-12-11 14:26:15 ----D---- C:\Program Files\AIM6
2008-12-11 14:21:53 ----D---- C:\Documents and Settings\Parent\Application Data\Syntrillium
2008-12-11 14:20:05 ----D---- C:\Program Files\coolpro2
2008-12-11 14:10:17 ----D---- C:\Program Files\AMD
2008-12-11 11:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 11:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 11:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 11:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 11:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-11 11:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-11 11:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-11 11:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-11 11:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-11 11:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-11 11:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-11 11:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-11 11:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-11 11:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-11 11:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-11 11:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-11 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-11 11:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-11 11:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-11 11:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-11 11:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-11 11:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-12-11 11:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-12-11 11:13:15 ----D---- C:\Program Files\BitLord2
2008-12-11 11:04:12 ----D---- C:\Documents and Settings\Parent\Application Data\Mozilla
2008-12-11 11:04:04 ----D---- C:\Program Files\Mozilla Firefox
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-10-23 01:58:36 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll

======List of files/folders modified in the last 3 months======

2009-01-13 12:15:17 ----D---- C:\WINDOWS\Temp
2009-01-13 12:14:11 ----D---- C:\WINDOWS\Prefetch
2009-01-12 11:00:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-12 05:39:03 ----A---- C:\WINDOWS\win.ini
2009-01-12 05:39:03 ----A---- C:\WINDOWS\system.ini
2009-01-12 05:38:22 ----D---- C:\WINDOWS\system32
2009-01-12 04:41:24 ----RD---- C:\Program Files
2009-01-12 02:39:02 ----SHD---- C:\WINDOWS\Installer
2009-01-12 02:38:57 ----SD---- C:\WINDOWS\Tasks
2009-01-12 02:15:25 ----D---- C:\WINDOWS\system32\drivers
2009-01-12 02:03:30 ----D---- C:\WINDOWS
2009-01-11 21:43:45 ----D---- C:\Program Files\Common Files
2009-01-11 16:54:54 ----D---- C:\Documents and Settings\Parent\Application Data\Adobe
2009-01-11 16:54:53 ----D---- C:\Documents and Settings\Parent\Application Data\Macromedia
2009-01-11 16:54:42 ----D---- C:\WINDOWS\system32\Macromed
2009-01-11 16:52:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 16:52:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 08:53:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-10 08:11:59 ----D---- C:\WINDOWS\system32\DirectX
2009-01-10 08:11:57 ----HD---- C:\WINDOWS\inf
2009-01-09 15:51:49 ----D---- C:\WINDOWS\system32\config
2009-01-05 02:19:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-03 01:06:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 00:48:22 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-28 13:56:47 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-27 02:15:22 ----A---- C:\WINDOWS\imsins.BAK
2008-12-26 06:30:46 ----D---- C:\WINDOWS\AppPatch
2008-12-25 21:21:55 ----D---- C:\Program Files\Windows Media Player
2008-12-25 21:21:50 ----D---- C:\WINDOWS\Help
2008-12-25 10:12:45 ----D---- C:\Program Files\DIFX
2008-12-25 10:12:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-22 23:19:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-22 23:18:05 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-22 23:16:50 ----D---- C:\swsetup
2008-12-22 23:08:26 ----D---- C:\WINDOWS\system32\ias
2008-12-22 22:58:29 ----SD---- C:\Documents and Settings\Parent\Application Data\Microsoft
2008-12-22 21:36:55 ----D---- C:\WINDOWS\system32\wbem
2008-12-22 21:36:54 ----D---- C:\WINDOWS\Registration
2008-12-22 21:36:21 ----RSD---- C:\WINDOWS\assembly
2008-12-22 21:35:46 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-22 21:35:21 ----D---- C:\WINDOWS\security
2008-12-22 21:33:48 ----D---- C:\WINDOWS\system32\Restore
2008-12-19 04:02:50 ----D---- C:\WINDOWS\Debug
2008-12-18 19:23:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 03:48:39 ----D---- C:\WINDOWS\system32\usmt
2008-12-18 03:11:35 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 02:34:24 ----D---- C:\WINDOWS\ie7updates
2008-12-18 02:34:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 08:59:54 ----D---- C:\WINDOWS\WinSxS
2008-12-15 10:28:12 ----D---- C:\Program Files\Common Files\Adobe
2008-12-15 10:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-15 10:27:01 ----D---- C:\Program Files\Adobe
2008-12-13 23:18:00 ----D---- C:\Documents and Settings\Parent\Application Data\Real
2008-12-13 20:46:17 ----D---- C:\WINDOWS\twain_32
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 20:38:44 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-11 21:26:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 19:03:18 ----D---- C:\Program Files\Java
2008-12-11 14:19:30 ----D---- C:\Program Files\ATI Technologies
2008-12-11 14:17:46 ----SHD---- C:\RECYCLER
2008-12-11 13:50:45 ----A---- C:\WINDOWS\setuplog.txt
2008-12-11 13:50:40 ----SHD---- C:\System Volume Information
2008-12-11 13:50:29 ----RASH---- C:\boot.ini
2008-12-11 12:07:57 ----D---- C:\Program Files\Internet Explorer
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-23 05:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 12:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-22 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-22 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-01-31 52200]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-22 76040]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2002-12-31 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-02-22 140680]
R3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2002-12-31 160256]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2002-12-31 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2002-12-31 36608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-01-31 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2002-12-31 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-02 47360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2002-12-31 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2002-12-31 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2002-12-31 17024]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekacudcgmea.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2008-11-25 18560]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-12-31 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-12-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-12-31 21568]
S3 MfeAVFK;McAfee Inc.; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2007-01-31 72296]
S3 MfeBOPK;McAfee Inc.; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2007-01-31 34184]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SamsonLLDriver;Samson LL Driver; C:\WINDOWS\System32\Drivers\SamsonLLDriver.sys [2006-12-12 56832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWWDM_multi;Samson Audio (WDM); C:\WINDOWS\system32\drivers\SWAudWDM.sys [2006-12-12 25088]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-22 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-22 231704]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2007-03-06 140864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-12 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2002-12-31 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-04 170640]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-11 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McShield;McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [2007-01-31 144960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-12 360192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2002-12-31 14336]

-----------------EOF-----------------

Edited by RobiSuicide, 13 January 2009 - 03:19 PM.


#8 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 03:19 PM

info.txt logfile of random's system information tool 1.05 2009-01-13 12:15:32

======Uninstall list======

"Film" template for ConvertXToDVD 3-->"C:\Program Files\VSO\ConvertX\3\unins001.exe"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Agere Systems HDA Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALT Access-->C:\WINDOWS\ALT Access Uninstaller.exe
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7973
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Green Help-->MsiExec.exe /I{E6380875-C349-4CAD-B331-FF22632D44D4}
BitLord v2.0-->"C:\Program Files\BitLord2\unins000.exe"
Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"
Catalyst Control Center - Branding-->MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
D'Accord Personal Guitarist 1.2-->"C:\Program Files\D'Accord Music Software\D'Accord Personal Guitarist 1.2\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Avi/Divx/Xvid to DVD Burner 2.5.1-->"C:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe"
Friend Click 1.0.3-->"C:\Program Files\Friend Click\unins000.exe"
FriendBlasterPro-->"C:\Program Files\FriendBlasterPro\unins000.exe"
Graphical Enhancement Textures 2.5-->C:\Program Files\Mount&Blade\uninstall_texture_pack.exe
GTK+ 2.10.11 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP PCMCIA Smart Card Reader-->MsiExec.exe /I{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}
HP Photosmart and Officejet 7.0.A Corporate Edition-->C:\Program Files\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Quick Launch Buttons 6.20 A4-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
I-Doser 4.50-->C:\Program Files\I-Doser\Uninstall.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java 2 Runtime Environment, SE v1.4.2_07-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142070}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{CF055C57-A988-42E6-BDAF-E3D94C6973A8}
LeapFrog Tag Plugin-->MsiExec.exe /X{9EAB794B-ABC6-4261-821F-326B6CA87AFD}
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Total Protection for Small Business-->C:\Program Files\McAfee\Managed VirusScan\Agent\myinx /Script=C:\Program Files\McAfee\Managed VirusScan\VScan\vsasap.inx /Section=DefaultUninstall
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Friends Manager-->"C:\Program Files\My Friends Manager\unins000.exe"
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Questionmark Secure Browser-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0E2F32F7-1D43-44FA-8CB5-F7F4CA8276CA}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Waves Diamond Bundle v5.2-->C:\PROGRA~1\Adobe\ADOBEA~1.0\Waves\DIAMON~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEA~1.0\Waves\DIAMON~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)-->C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\flyusb_BDDEDC610968ACB312AFDDAA6B90C0D5FCBD66A6\flyusb.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 localhost
72.52.4.76 www.limewire.com
72.52.4.76 www.frostwire.com
72.52.4.76 www.bit-torrent.com
72.52.4.76 www.bearshare.com
72.52.4.76 www.zeropaid.com
72.52.4.76 www.felmlee.com
72.52.4.76 www.gnutelliums.com
72.52.4.76 phex.sourceforge.net
72.52.4.76 www.revolutionarystuff.com

======Security center information======

AV: AVG Anti-Virus Free
AV: Total Protection Service (disabled)

System event log

Computer Name: K12-E5F81ACCD77
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 114
Source Name: Service Control Manager
Time Written: 20081211120822.000000-480
Event Type: information
User:

Computer Name: K12-E5F81ACCD77
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 113
Source Name: Service Control Manager
Time Written: 20081211120822.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: K12-E5F81ACCD77
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 112
Source Name: Service Control Manager
Time Written: 20081211120822.000000-480
Event Type: information
User:

Computer Name: K12-E5F81ACCD77
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 111
Source Name: Service Control Manager
Time Written: 20081211120820.000000-480
Event Type: information
User: K12-E5F81ACCD77\Parent

Computer Name: K12-E5F81ACCD77
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 110
Source Name: Service Control Manager
Time Written: 20081211120820.000000-480
Event Type: information
User:

Application event log

Computer Name: K12-E5F81ACCD77
Event Code: 0
Message:
Record Number: 5
Source Name: myAgtSvc
Time Written: 20081211135215.000000-480
Event Type: information
User:

Computer Name: K12-E5F81ACCD77
Event Code: 5000
Message: McShield service started.

Engine version : 5100.0194

DAT version : 5291.0000



Number of signatures in EXTRA.DAT : None

Names of threats that EXTRA.DAT can detect : None

Record Number: 4
Source Name: McLogEvent
Time Written: 20081211135213.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: K12-E5F81ACCD77
Event Code: 2002
Message:
Record Number: 3
Source Name: EAPOL
Time Written: 20081211135158.000000-480
Event Type: information
User:

Computer Name: K12-E5F81ACCD77
Event Code: 2003
Message:
Record Number: 2
Source Name: EAPOL
Time Written: 20081211135158.000000-480
Event Type: information
User:

Computer Name: K12-E5F81ACCD77
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 1
Source Name: SecurityCenter
Time Written: 20081211135149.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 124 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=7c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=1
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 05:18 PM

And the GMER

Attached Files

  • Attached File  Gmer.log   53.02KB   22 downloads


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 13 January 2009 - 10:21 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)



NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O1 - Hosts: 72.52.4.76 www.limewire.com
O1 - Hosts: 72.52.4.76 www.frostwire.com
O1 - Hosts: 72.52.4.76 www.bit-torrent.com
O1 - Hosts: 72.52.4.76 www.bearshare.com
O1 - Hosts: 72.52.4.76 www.zeropaid.com
O1 - Hosts: 72.52.4.76 www.felmlee.com
O1 - Hosts: 72.52.4.76 www.gnutelliums.com
O1 - Hosts: 72.52.4.76 phex.sourceforge.net
O1 - Hosts: 72.52.4.76 www.revolutionarystuff.com
O1 - Hosts: 72.52.4.76 www.xolox.nl
O1 - Hosts: 72.52.4.76 www.grokster.com
O1 - Hosts: 72.52.4.76 www.morpheus.com
O1 - Hosts: 72.52.4.76 www.music-e.net
O1 - Hosts: 72.52.4.76 www.chadsmp3s.com
O1 - Hosts: 72.52.4.76 www.napster.com
O1 - Hosts: 72.52.4.76 www.napstermp3.com
O1 - Hosts: 72.52.4.76 www.shareaza.com
O1 - Hosts: 72.52.4.76 www.neo-modus.com
O1 - Hosts: 72.52.4.76 www.filetopia.org
O1 - Hosts: 72.52.4.76 www.imesh.com
O1 - Hosts: 72.52.4.76 www.gnutellaforums.com
O1 - Hosts: 72.52.4.76 www.kazaa.com
O1 - Hosts: 72.52.4.76 www.torrent-finder.com
O1 - Hosts: 72.52.4.76 www.sharetv.org
O1 - Hosts: 72.52.4.76 www.btjunkie.org
O1 - Hosts: 72.52.4.76 www.filemp3.org
O1 - Hosts: 72.52.4.76 www.torrentbytes.net
O1 - Hosts: 72.52.4.76 www.thepiratebay.org
O1 - Hosts: 72.52.4.76 www.torrentz.com
O1 - Hosts: 72.52.4.76 www.torrents.to
O1 - Hosts: 72.52.4.76 www.torrentmatrix.com
O1 - Hosts: 72.52.4.76 www.isohunt.com
O1 - Hosts: 72.52.4.76 www.torrent-damage.net
O1 - Hosts: 72.52.4.76 www.meganova.org
O1 - Hosts: 72.52.4.76 www.fulldls.com
O1 - Hosts: 72.52.4.76 www.scrapetorrent.com
O1 - Hosts: 72.52.4.76 www.thinktorrent.com
O1 - Hosts: 72.52.4.76 www.filelist.org
O1 - Hosts: 72.52.4.76 www.torrentlocomotive.com
O1 - Hosts: 72.52.4.76 www.porn.com
O1 - Hosts: 72.52.4.76 www.whitehouse.com
O1 - Hosts: 72.52.4.76 www.xxx.com
O1 - Hosts: 72.52.4.76 www.Slyuser.com
O1 - Hosts: 72.52.4.76 www.foxyproxy.com
O1 - Hosts: 72.52.4.76 www.ugoplayer.com
O1 - Hosts: 72.52.4.76 www.rapidojeux.com
O1 - Hosts: 72.52.4.76 www.zango.com
O1 - Hosts: 72.52.4.76 www.erotic.com
O1 - Hosts: 72.52.4.76 www.penthouse.com
O1 - Hosts: 72.52.4.76 www.playboy.com
O1 - Hosts: 72.52.4.76 www.hustler.com
O2 - BHO: (no name) - {4B63CCAD-955A-4F03-B9C6-571AC3B31DD3} - C:\WINDOWS\system32\efcButUL.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll lmgvhd.dll
O20 - Winlogon Notify: fccaAroP - fccaAroP.dll (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\tasks\dxjehqri.job
    C:\WINDOWS\tasks\sugiguph.job
    C:\WINDOWS\system32\efcButUL.dll
    D:\ltree
    C:\WINDOWS\system32\shdswo.dll
    C:\WINDOWS\system32\fcgfifjp.dll
    C:\WINDOWS\system32\pqajykpa.ini
    C:\WINDOWS\system32\f7cb6691-.txt
    C:\WINDOWS\system32\gOrtCcfe.ini2
    C:\WINDOWS\system32\gOrtCcfe.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ab2e1a-23ce-11dc-b6a3-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f050d15-25b3-11dc-99e4-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8901a03b-25a6-11dc-a8b1-806d6172696f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eee2af4d-0710-11dd-969f-806d6172696f}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 11:10 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\WINDOWS\tasks\dxjehqri.job moved successfully.
C:\WINDOWS\tasks\sugiguph.job moved successfully.
File/Folder C:\WINDOWS\system32\efcButUL.dll not found.
File/Folder D:\ltree not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\shdswo.dll
C:\WINDOWS\system32\shdswo.dll NOT unregistered.
C:\WINDOWS\system32\shdswo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fcgfifjp.dll
C:\WINDOWS\system32\fcgfifjp.dll NOT unregistered.
C:\WINDOWS\system32\fcgfifjp.dll moved successfully.
C:\WINDOWS\system32\pqajykpa.ini moved successfully.
C:\WINDOWS\system32\f7cb6691-.txt moved successfully.
C:\WINDOWS\system32\gOrtCcfe.ini2 moved successfully.
C:\WINDOWS\system32\gOrtCcfe.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ab2e1a-23ce-11dc-b6a3-806d6172696f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f050d15-25b3-11dc-99e4-806d6172696f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8901a03b-25a6-11dc-a8b1-806d6172696f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eee2af4d-0710-11dd-969f-806d6172696f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\etilqs_3Eie5bVFvqYjGtVlI5sb scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF61F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF620E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF844F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF8536.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Parent\LOCALS~1\Temp\~DFE81E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_678.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_200310

Files moved on Reboot...
File C:\DOCUME~1\Parent\LOCALS~1\Temp\etilqs_3Eie5bVFvqYjGtVlI5sb not found!
File C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF61F3.tmp not found!
File C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF620E.tmp not found!
File C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF844F.tmp not found!
File C:\DOCUME~1\Parent\LOCALS~1\Temp\~DF8536.tmp not found!
C:\DOCUME~1\Parent\LOCALS~1\Temp\~DFE81E.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_678.dat not found!
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Parent\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5uwtev9.default\XUL.mfl moved successfully.

#12 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 January 2009 - 11:12 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Parent at 2009-01-13 20:11:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 45 GB (59%) free of 76 GB
Total RAM: 895 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:27 PM, on 1/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Parent\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Parent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.k12.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182892836953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8282 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Norton Security Scan for Parent.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1282048]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-01-20 159744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-06-26 180269]
"MVS Splash"=C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe [2007-03-06 468544]
"McAfee Managed Services Tray"=C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe [2007-05-18 190016]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-22 1261336]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Parent\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-18 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"

======List of files/folders created in the last 3 months======

2009-01-13 20:03:10 ----D---- C:\_OTMoveIt
2009-01-13 12:19:55 ----A---- C:\WINDOWS\gmer.ini
2009-01-13 12:19:52 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-13 12:19:52 ----A---- C:\WINDOWS\gmer.exe
2009-01-13 12:19:52 ----A---- C:\WINDOWS\gmer.dll
2009-01-13 12:14:49 ----D---- C:\rsit
2009-01-13 11:17:06 ----D---- C:\HostsXpert
2009-01-12 04:41:24 ----D---- C:\Program Files\I-Doser
2009-01-12 02:38:57 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-01-12 02:38:54 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-01-12 02:38:52 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-12 01:42:04 ----D---- C:\Avenger
2009-01-12 01:42:03 ----A---- C:\avenger.txt
2009-01-12 01:29:58 ----D---- C:\Documents and Settings\Parent\Application Data\Malwarebytes
2009-01-12 01:29:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-12 01:29:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-11 22:05:26 ----D---- C:\Program Files\D'Accord Music Software
2009-01-11 19:54:48 ----D---- C:\Program Files\Norton Security Scan
2009-01-11 16:52:05 ----D---- C:\WINDOWS\system32\Adobe
2009-01-10 20:39:47 ----D---- C:\Program Files\Trend Micro
2009-01-10 08:49:37 ----D---- C:\Documents and Settings\Parent\Application Data\PlayFirst
2009-01-10 08:49:37 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-01-10 08:15:00 ----D---- C:\Documents and Settings\Parent\Application Data\SBTT
2009-01-09 20:39:21 ----D---- C:\Program Files\Enigma Software Group
2009-01-05 17:48:36 ----D---- C:\Program Files\Nick Arcade
2009-01-05 14:33:04 ----D---- C:\Program Files\Nick Jr. Arcade
2009-01-03 01:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-01-03 01:54:36 ----D---- C:\Documents and Settings\Parent\Application Data\CyberLink
2009-01-03 01:06:19 ----D---- C:\Program Files\Common Files\CyberLink
2009-01-03 01:05:39 ----D---- C:\Program Files\CyberLink
2009-01-03 01:04:41 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-01-03 00:47:54 ----D---- C:\WINDOWS\system32\DefaultDirName
2009-01-02 20:18:51 ----D---- C:\Documents and Settings\Parent\Application Data\Viewpoint
2009-01-02 15:32:44 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-01-02 14:37:49 ----D---- C:\Documents and Settings\Parent\Application Data\Vso
2009-01-02 14:37:49 ----A---- C:\Documents and Settings\Parent\Application Data\inst.exe
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\sipr3260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv43260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv33260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\drv23260.dll
2009-01-02 14:37:38 ----A---- C:\WINDOWS\system32\cook3260.dll
2009-01-02 14:37:35 ----D---- C:\Program Files\VSO
2008-12-30 22:45:10 ----D---- C:\my dvd
2008-12-30 22:41:54 ----A---- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
2008-12-30 22:41:49 ----D---- C:\Program Files\Easy Avi Divx Xvid to DVD Burner
2008-12-28 13:59:26 ----A---- C:\temp.txt
2008-12-28 13:57:53 ----D---- C:\Documents and Settings\Parent\Application Data\FrimaStudio
2008-12-27 20:09:33 ----D---- C:\WINDOWS\Minidump
2008-12-27 15:59:31 ----D---- C:\Documents and Settings\All Users\Application Data\Intenium
2008-12-27 02:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-27 02:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-27 02:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-27 02:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-26 09:56:38 ----A---- C:\WINDOWS\iPlayer.INI
2008-12-26 08:17:29 ----D---- C:\Program Files\InterActual
2008-12-25 21:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-12-25 21:22:28 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-12-25 21:22:21 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-12-25 21:21:56 ----D---- C:\Program Files\Windows Media Connect 2
2008-12-25 21:21:36 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-25 21:20:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-25 21:19:02 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-25 21:18:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-12-25 10:11:05 ----A---- C:\WINDOWS\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 10:10:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-25 10:08:28 ----D---- C:\Documents and Settings\All Users\Application Data\Leapfrog
2008-12-25 10:07:46 ----D---- C:\Program Files\LeapFrog
2008-12-24 12:29:14 ----A---- C:\WINDOWS\dvdSanta.INI
2008-12-24 11:07:00 ----D---- C:\TempDVD
2008-12-24 11:07:00 ----D---- C:\dvdsanta
2008-12-24 11:06:57 ----D---- C:\Documents and Settings\Parent\Application Data\Thinstall
2008-12-23 21:43:09 ----D---- C:\Program Files\AC3Filter
2008-12-22 23:17:43 ----D---- C:\Program Files\WIDCOMM
2008-12-22 23:05:23 ----HD---- C:\$AVG8.VAULT$
2008-12-22 23:01:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-22 23:00:39 ----D---- C:\Program Files\AVG
2008-12-22 23:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-22 22:53:50 ----D---- C:\Program Files\HP PCMCIA Smart Card Reader
2008-12-21 00:01:10 ----D---- C:\Program Files\My Friends Manager
2008-12-20 23:57:22 ----D---- C:\Program Files\Friend Click
2008-12-20 23:56:34 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2008-12-20 23:56:33 ----D---- C:\Program Files\FriendBlasterPro
2008-12-19 04:02:50 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-18 02:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-18 02:33:50 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2008-12-18 02:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891122$
2008-12-18 02:33:13 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-18 02:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-12-18 02:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-18 00:11:18 ----D---- C:\Documents and Settings\Parent\Application Data\My Games
2008-12-17 23:33:36 ----D---- C:\Program Files\Firaxis Games
2008-12-17 18:32:32 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-12-16 03:01:25 ----D---- C:\Program Files\MSXML 4.0
2008-12-15 22:58:14 ----D---- C:\Program Files\Common Files\DirectX
2008-12-15 22:55:14 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-15 22:36:07 ----D---- C:\Program Files\Stacked
2008-12-15 19:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-12-15 11:51:08 ----D---- C:\Program Files\ASIO4ALL v2
2008-12-15 10:28:18 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2008-12-15 09:48:02 ----D---- C:\Documents and Settings\Parent\Application Data\Elluminate
2008-12-14 08:06:35 ----SHD---- C:\WINDOWS\ftpcache
2008-12-14 07:40:15 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-14 02:21:20 ----D---- C:\Documents and Settings\Parent\Application Data\DivX
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxinsi64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-14 02:00:39 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-12-14 02:00:38 ----A---- C:\WINDOWS\system32\px.dll
2008-12-14 02:00:14 ----D---- C:\Program Files\DivX
2008-12-13 20:46:28 ----A---- C:\WINDOWS\system32\hpzll054.dll
2008-12-13 20:32:41 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-13 20:32:30 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-13 20:32:28 ----A---- C:\WINDOWS\IsUninst.exe
2008-12-13 20:32:13 ----D---- C:\Program Files\HP
2008-12-13 20:31:48 ----HD---- C:\Config.Msi
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-13 20:30:31 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-13 20:30:30 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-13 20:30:30 ----A---- C:\WINDOWS\system32\HPZIDS01.dll
2008-12-13 12:38:18 ----D---- C:\Program Files\Samson
2008-12-12 20:47:24 ----D---- C:\Documents and Settings\Parent\Application Data\Mount&Blade
2008-12-12 20:39:11 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-12 20:39:11 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-12 20:39:10 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-12 20:39:09 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-12 20:39:08 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-12 20:39:08 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-12 20:39:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-12 20:39:06 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-12 20:39:05 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-12 20:39:04 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-12 20:39:03 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-12 20:39:02 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-12 20:39:01 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-12 20:39:00 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-12 20:38:59 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-12 20:38:58 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-12 20:38:57 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-12 20:38:57 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-12 20:38:55 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-12 20:38:55 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-12 20:38:54 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-12 20:38:54 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-12 20:38:53 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-12 20:38:52 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-12 20:38:52 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-12 20:38:51 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-12 20:38:41 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-12 20:38:40 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-12 20:38:39 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-12 20:38:39 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-12 20:38:38 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-12 20:38:37 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-12 20:38:35 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-12 20:38:17 ----D---- C:\WINDOWS\Logs
2008-12-12 20:37:12 ----D---- C:\Program Files\Mount&Blade
2008-12-12 10:29:57 ----D---- C:\Program Files\BestGameEver
2008-12-12 10:29:10 ----D---- C:\Program Files\MagicDisc
2008-12-12 10:25:54 ----D---- C:\Program Files\MagicISO
2008-12-12 01:56:32 ----D---- C:\Documents and Settings\Parent\Application Data\acccore
2008-12-12 01:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-11 23:40:27 ----D---- C:\Program Files\Adobe Media Player
2008-12-11 23:37:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-11 23:32:43 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVUI2RC.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVUI2.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVComS.exe
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVComC.dll
2008-12-11 21:29:16 ----A---- C:\WINDOWS\system32\OVCodec2.dll
2008-12-11 21:29:14 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-11 21:27:33 ----D---- C:\Documents and Settings\Parent\Application Data\Yahoo!
2008-12-11 21:27:33 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-11 21:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-12-11 21:26:53 ----D---- C:\Program Files\Yahoo!
2008-12-11 20:17:20 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-11 19:12:39 ----D---- C:\Documents and Settings\Parent\Application Data\LimeWire
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\java.exe
2008-12-11 19:03:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-11 19:01:57 ----D---- C:\WINDOWS\Sun
2008-12-11 18:23:11 ----D---- C:\Program Files\LimeWire
2008-12-11 17:55:25 ----D---- C:\My Music
2008-12-11 17:52:40 ----D---- C:\Program Files\MediaMonkey
2008-12-11 17:43:58 ----D---- C:\Documents and Settings\Parent\Application Data\TuneUp Software
2008-12-11 17:43:33 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-12-11 17:43:32 ----D---- C:\Program Files\TuneUp Utilities 2009
2008-12-11 17:43:17 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-11 17:33:28 ----D---- C:\Program Files\MSN Messenger
2008-12-11 17:12:03 ----D---- C:\Documents and Settings\Parent\Application Data\WinRAR
2008-12-11 17:10:54 ----D---- C:\Program Files\Common Files\digidesign
2008-12-11 15:53:45 ----D---- C:\Program Files\WinRAR
2008-12-11 14:26:56 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-11 14:26:55 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-11 14:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-11 14:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-11 14:26:35 ----D---- C:\Program Files\Common Files\AOL
2008-12-11 14:26:15 ----D---- C:\Program Files\AIM6
2008-12-11 14:21:53 ----D---- C:\Documents and Settings\Parent\Application Data\Syntrillium
2008-12-11 14:20:05 ----D---- C:\Program Files\coolpro2
2008-12-11 14:10:17 ----D---- C:\Program Files\AMD
2008-12-11 11:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 11:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 11:46:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 11:46:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 11:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-11 11:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-11 11:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-11 11:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-11 11:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-11 11:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-11 11:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-11 11:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-11 11:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-11 11:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-11 11:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-11 11:45:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-11 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-11 11:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-11 11:45:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-11 11:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-11 11:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-11 11:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-12-11 11:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-12-11 11:13:15 ----D---- C:\Program Files\BitLord2
2008-12-11 11:04:12 ----D---- C:\Documents and Settings\Parent\Application Data\Mozilla
2008-12-11 11:04:04 ----D---- C:\Program Files\Mozilla Firefox
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-10-23 01:58:36 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll

======List of files/folders modified in the last 3 months======

2009-01-13 20:11:30 ----D---- C:\WINDOWS\Temp
2009-01-13 20:07:47 ----D---- C:\WINDOWS\Prefetch
2009-01-13 20:06:42 ----D---- C:\WINDOWS
2009-01-13 20:03:15 ----D---- C:\WINDOWS\system32
2009-01-13 20:03:11 ----SD---- C:\WINDOWS\Tasks
2009-01-13 19:56:44 ----RD---- C:\Program Files
2009-01-13 13:00:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 12:19:52 ----D---- C:\WINDOWS\system32\drivers
2009-01-12 05:39:03 ----A---- C:\WINDOWS\win.ini
2009-01-12 05:39:03 ----A---- C:\WINDOWS\system.ini
2009-01-12 02:39:02 ----SHD---- C:\WINDOWS\Installer
2009-01-11 21:43:45 ----D---- C:\Program Files\Common Files
2009-01-11 16:54:54 ----D---- C:\Documents and Settings\Parent\Application Data\Adobe
2009-01-11 16:54:53 ----D---- C:\Documents and Settings\Parent\Application Data\Macromedia
2009-01-11 16:54:42 ----D---- C:\WINDOWS\system32\Macromed
2009-01-11 16:52:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 16:52:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 08:53:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-10 08:11:59 ----D---- C:\WINDOWS\system32\DirectX
2009-01-10 08:11:57 ----HD---- C:\WINDOWS\inf
2009-01-09 15:51:49 ----D---- C:\WINDOWS\system32\config
2009-01-05 02:19:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-03 01:06:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-29 00:48:22 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-28 13:56:47 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-27 02:15:22 ----A---- C:\WINDOWS\imsins.BAK
2008-12-26 06:30:46 ----D---- C:\WINDOWS\AppPatch
2008-12-25 21:21:55 ----D---- C:\Program Files\Windows Media Player
2008-12-25 21:21:50 ----D---- C:\WINDOWS\Help
2008-12-25 10:12:45 ----D---- C:\Program Files\DIFX
2008-12-25 10:12:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-22 23:19:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-22 23:18:05 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-22 23:16:50 ----D---- C:\swsetup
2008-12-22 23:08:26 ----D---- C:\WINDOWS\system32\ias
2008-12-22 22:58:29 ----SD---- C:\Documents and Settings\Parent\Application Data\Microsoft
2008-12-22 21:36:55 ----D---- C:\WINDOWS\system32\wbem
2008-12-22 21:36:54 ----D---- C:\WINDOWS\Registration
2008-12-22 21:36:21 ----RSD---- C:\WINDOWS\assembly
2008-12-22 21:35:46 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-22 21:35:21 ----D---- C:\WINDOWS\security
2008-12-22 21:33:48 ----D---- C:\WINDOWS\system32\Restore
2008-12-19 04:02:50 ----D---- C:\WINDOWS\Debug
2008-12-18 19:23:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-18 03:48:39 ----D---- C:\WINDOWS\system32\usmt
2008-12-18 03:11:35 ----RSD---- C:\WINDOWS\Fonts
2008-12-18 02:34:24 ----D---- C:\WINDOWS\ie7updates
2008-12-18 02:34:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 08:59:54 ----D---- C:\WINDOWS\WinSxS
2008-12-15 10:28:12 ----D---- C:\Program Files\Common Files\Adobe
2008-12-15 10:27:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-15 10:27:01 ----D---- C:\Program Files\Adobe
2008-12-13 23:18:00 ----D---- C:\Documents and Settings\Parent\Application Data\Real
2008-12-13 20:46:17 ----D---- C:\WINDOWS\twain_32
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 20:38:44 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-11 21:26:53 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 19:03:18 ----D---- C:\Program Files\Java
2008-12-11 14:19:30 ----D---- C:\Program Files\ATI Technologies
2008-12-11 14:17:46 ----SHD---- C:\RECYCLER
2008-12-11 13:50:45 ----A---- C:\WINDOWS\setuplog.txt
2008-12-11 13:50:40 ----SHD---- C:\System Volume Information
2008-12-11 13:50:29 ----RASH---- C:\boot.ini
2008-12-11 12:07:57 ----D---- C:\Program Files\Internet Explorer
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-23 05:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:47:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 12:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 23:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-22 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-22 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-01-31 52200]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-22 76040]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2002-12-31 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-18 2849280]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-02-22 140680]
R3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2002-12-31 160256]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2002-12-31 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2002-12-31 36608]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-01-31 170408]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2002-12-31 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-02 47360]
R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2002-12-31 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2002-12-31 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2002-12-31 17024]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekacudcgmea.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2008-11-25 18560]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-13 85969]
S3 HP24X;HP PC Card Smart Card Reader; C:\WINDOWS\system32\DRIVERS\HP24X.sys [2007-07-17 35072]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-12-31 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-12-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-12-31 21568]
S3 MfeAVFK;McAfee Inc.; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2007-01-31 72296]
S3 MfeBOPK;McAfee Inc.; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2007-01-31 34184]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SamsonLLDriver;Samson LL Driver; C:\WINDOWS\System32\Drivers\SamsonLLDriver.sys [2006-12-12 56832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWWDM_multi;Samson Audio (WDM); C:\WINDOWS\system32\drivers\SWAudWDM.sys [2006-12-12 25088]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-18 512000]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-22 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-22 231704]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-04 170640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-12-31 322120]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2007-03-06 140864]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-12 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2002-12-31 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-15 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-11 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McShield;McShield; C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe [2007-01-31 144960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-12 360192]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2002-12-31 14336]

-----------------EOF-----------------

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 14 January 2009 - 01:53 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 RobiSuicide

RobiSuicide
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 14 January 2009 - 03:34 AM

I actually got rid of the pop-ups with Malawarebytes anti malware. But I still had that "Commandservice.exe" on my running processes last time I booted up, so I just wanta make sure my computer doesn't have any viruses, malware on it. Oh and this Norton Security Scan downloaded itself on my computer a couple days ago, is that harmful, if so how can I remove it. It's not showing up in any of the malware removal progams.



# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3763 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=f05fbcec8fe4424890060692f9a6019d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-14 08:21:39
# local_time=2009-01-14 12:21:39 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=334577
# found=0
# scan_time=3494

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 14 January 2009 - 03:41 AM

But I still had that "Commandservice.exe" on my running processes last time I booted up


Do a search for that file and then upload it at VirusTotal.. Copy the result and post it here..


Oh and this Norton Security Scan downloaded itself on my computer a couple days ago, is that harmful, if so how can I remove it.


Erm.. run RSIT again and post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users