Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Virus smarter than me....need help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 sd134

sd134

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:02 AM

Posted 21 January 2009 - 05:26 PM

I noticed on monday that neither my cd-rom drive nor my dvd drive were recognized by my pc....initially it indicated that it might be a driver issue so i worked to try and resolve that, with no luck.

Then I tried to roll back my pc with system restore to a date when i knew things were working and i discovered that although i could choose a roll back date, when it came time to click "ok" and start the rollback, nothing actually happened....it was like clicking on a deadlink.

I then tried to go to the windows update site to see what i could find and discovered that all attempts to go to the site would reroute me to google. i thought that really odd so i decided to search that, and it led me here.

whatever it i, it seems as if it is trying to cut me off from all avenues of help....can't system restore, can't use recovery discs because of disc drives, can't use microsoft update help, it even stops me from using IM, everytime i boot up YIM, my pc restarts right after it logs on.

I have been reading the post of someone who had the same "microsoft to google" issue and i followed the direction given my the tech.....run RSIT, run GOORED, run check.bat

These are the logs from that: (any help is much appreciated, thankyou)


LOG:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Simon at 2009-01-21 16:04:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 52 GB (45%) free of 114 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06, on 2009-01-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Tanagra\Memeo\MemeoService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Simon\Desktop\RSIT.exe
C:\Program Files\trend micro\Simon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12498663-1B89-1E5E-FEBD-16A396FCF0BF} - C:\WINDOWS\system32\izn.dll (file missing)
O2 - BHO: (no name) - {5B5185D4-16AE-43D7-A4A4-10D9412FD963} - C:\Program Files\Windows NT\hokesoduC:\WINDOWS\system32\lis6\lenamd83122.exe.dll (file missing)
O2 - BHO: (no name) - {70ED9A98-B384-41A2-A343-B9D859999179} - C:\Program Files\Windows NT\hokesoduC:\WINDOWS\system32\kt8\tycodllz83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Wtgzgqx] C:\WINDOWS\M?crosoft.NET\dllhost.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [RegGenie v2.0 - Trial Expired] "C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe"
O4 - HKCU\..\Run: [RegGenie v2.0] "C:\Program Files\RegGenie\RegGenieOnReboot.exe"
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: Memeo Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Gin - http://download2.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1141421870005
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75323366-76C1-4DFA-87E0-54B63BFAD405}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Memeo (BMUService) - Tanagra, Inc. - C:\Program Files\Tanagra\Memeo\MemeoService.exe
O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 12696 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12498663-1B89-1E5E-FEBD-16A396FCF0BF}]
C:\WINDOWS\system32\izn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B5185D4-16AE-43D7-A4A4-10D9412FD963}]
C:\Program Files\Windows NT\hokesoduC:\WINDOWS\system32\lis6\lenamd83122.exe.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70ED9A98-B384-41A2-A343-B9D859999179}]
C:\Program Files\Windows NT\hokesoduC:\WINDOWS\system32\kt8\tycodllz83122.exe.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
SBBho Class - C:\WINDOWS\TinyBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
SidebarAutoLaunch Class - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll [2005-02-03 124032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2007-12-18 817936]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2008-04-13 208896]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []
"Dot1XCfg"=C:\Program Files\Dot1XCfg\Dot1XCfg.exe []
"Wtgzgqx"=C:\WINDOWS\M?crosoft.NET\dllhost.exe []
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"RegGenie v2.0 - Trial Expired"=C:\Program Files\RegGenie\RegGenieOnRebootExpired.exe [2008-11-13 334336]
"RegGenie v2.0"=C:\Program Files\RegGenie\RegGenieOnReboot.exe [2008-11-30 371712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe

C:\Documents and Settings\Simon\Start Menu\Programs\Startup
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
Memeo Launcher.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2005-11-15 101080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJCUOhG

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Simon\Desktop\downloads\utorrent.exe"="C:\Documents and Settings\Simon\Desktop\downloads\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Documents and Settings\Simon\Desktop\downloads\LimeWire\LimeWire.exe"="C:\Documents and Settings\Simon\Desktop\downloads\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2009-01-21 16:04:17 ----D---- C:\Program Files\trend micro
2009-01-21 16:04:15 ----D---- C:\rsit
2009-01-21 14:29:32 ----A---- C:\WINDOWS\RegGenie.ini
2009-01-21 14:23:44 ----A---- C:\WINDOWS\RegGenieOnUninstall.exe
2009-01-21 14:23:43 ----D---- C:\Program Files\RegGenie
2009-01-21 12:26:08 ----A---- C:\h.txt
2009-01-21 12:24:36 ----D---- C:\Dell
2009-01-19 22:40:37 ----D---- C:\Documents and Settings\Simon\Application Data\Malwarebytes
2009-01-19 22:40:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-19 22:40:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-19 21:42:17 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-19 18:58:47 ----A---- C:\WINDOWS\WinDrvGhost.ini
2009-01-19 18:40:31 ----D---- C:\WINDOWS\Prefetch
2009-01-19 18:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-19 18:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-19 18:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-19 18:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-19 18:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-19 18:35:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-19 18:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-19 18:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-19 18:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-19 18:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-01-19 18:34:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-19 18:33:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-19 18:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-19 18:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-01-19 18:32:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-19 18:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-19 18:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-19 18:31:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-19 18:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-19 18:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-01-19 18:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-19 18:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-19 18:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-19 18:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-01-19 18:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-19 18:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-19 18:22:16 ----D---- C:\WINDOWS\system32\en-us
2009-01-19 18:22:15 ----D---- C:\WINDOWS\system32\scripting
2009-01-19 18:22:13 ----D---- C:\WINDOWS\l2schemas
2009-01-19 18:22:12 ----D---- C:\WINDOWS\system32\en
2009-01-19 18:18:36 ----D---- C:\WINDOWS\network diagnostic
2009-01-17 17:37:30 ----D---- C:\WINDOWS\system32\TMPX
2009-01-14 03:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2008-12-27 14:13:51 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-12-23 11:25:17 ----D---- C:\WINDOWS\system32\Adobe
2008-12-22 13:55:15 ----D---- C:\WINDOWS\system32\$sys$filesystem

======List of files/folders modified in the last 1 months======

2009-01-21 16:04:17 ----D---- C:\Program Files
2009-01-21 15:31:07 ----D---- C:\WINDOWS\TEMP
2009-01-21 15:12:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-21 15:05:13 ----D---- C:\WINDOWS\system32
2009-01-21 15:05:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-21 15:00:52 ----D---- C:\WINDOWS
2009-01-21 14:50:21 ----D---- C:\WINDOWS\Help
2009-01-21 14:44:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-21 14:22:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 14:17:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-21 14:10:35 ----A---- C:\WINDOWS\system.ini
2009-01-21 12:24:56 ----SHD---- C:\WINDOWS\Installer
2009-01-21 12:24:56 ----HD---- C:\Config.Msi
2009-01-21 12:16:00 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 12:10:16 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-01-20 16:34:02 ----D---- C:\Documents and Settings\Simon\Application Data\Yahoo!
2009-01-20 16:34:02 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2009-01-20 16:33:41 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-20 16:31:43 ----D---- C:\Program Files\Image-Line
2009-01-20 16:31:17 ----A---- C:\WINDOWS\ka.ini
2009-01-20 16:31:16 ----HD---- C:\WINDOWS\inf
2009-01-20 12:52:12 ----D---- C:\WINDOWS\Minidump
2009-01-20 06:23:05 ----D---- C:\Program Files\Google
2009-01-19 21:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-01-19 21:42:17 ----D---- C:\WINDOWS\WinSxS
2009-01-19 21:39:30 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-01-19 21:25:50 ----SD---- C:\WINDOWS\Tasks
2009-01-19 21:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
2009-01-19 21:20:38 ----D---- C:\Program Files\JumpStart
2009-01-19 21:20:08 ----D---- C:\Program Files\Games
2009-01-19 21:18:37 ----D---- C:\Program Files\iWin.com
2009-01-19 21:15:31 ----D---- C:\Temp
2009-01-19 21:15:29 ----D---- C:\WINDOWS\twain_32
2009-01-19 21:15:10 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-19 21:13:05 ----D---- C:\Program Files\Canon
2009-01-19 21:10:44 ----D---- C:\Program Files\Common Files
2009-01-19 21:02:37 ----D---- C:\Documents and Settings\Simon\Application Data\Adobe
2009-01-19 21:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-19 18:43:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-19 18:40:35 ----A---- C:\WINDOWS\setuplog.txt
2009-01-19 18:39:32 ----D---- C:\WINDOWS\system32\Setup
2009-01-19 18:39:32 ----D---- C:\WINDOWS\AppPatch
2009-01-19 18:39:31 ----RSD---- C:\WINDOWS\Fonts
2009-01-19 18:39:31 ----D---- C:\WINDOWS\system32\wbem
2009-01-19 18:39:04 ----D---- C:\WINDOWS\security
2009-01-19 18:36:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-19 18:36:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-19 18:30:04 ----D---- C:\Program Files\Messenger
2009-01-19 18:22:35 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-19 18:22:34 ----D---- C:\Program Files\Windows Media Player
2009-01-19 18:22:26 ----D---- C:\WINDOWS\ime
2009-01-19 18:22:16 ----D---- C:\WINDOWS\system32\usmt
2009-01-19 18:22:14 ----D---- C:\Program Files\Internet Explorer
2009-01-19 18:22:12 ----D---- C:\WINDOWS\system32\bits
2009-01-19 18:22:12 ----D---- C:\WINDOWS\peernet
2009-01-19 18:22:12 ----D---- C:\Program Files\Movie Maker
2009-01-19 18:20:08 ----D---- C:\WINDOWS\system32\Restore
2009-01-19 18:20:07 ----D---- C:\WINDOWS\system32\npp
2009-01-19 18:20:07 ----D---- C:\WINDOWS\msagent
2009-01-19 18:20:06 ----D---- C:\WINDOWS\srchasst
2009-01-19 18:20:05 ----D---- C:\Program Files\NetMeeting
2009-01-19 18:20:04 ----D---- C:\WINDOWS\system32\Com
2009-01-19 18:20:02 ----D---- C:\Program Files\Windows NT
2009-01-19 18:20:02 ----D---- C:\Program Files\Outlook Express
2009-01-19 18:19:59 ----D---- C:\Program Files\Common Files\System
2009-01-19 18:19:43 ----D---- C:\WINDOWS\system32\oobe
2009-01-19 18:19:42 ----D---- C:\WINDOWS\system
2009-01-19 18:17:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-19 18:15:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-19 18:10:29 ----D---- C:\WINDOWS\EHome
2009-01-18 13:31:23 ----D---- C:\Documents and Settings\Simon\Application Data\uTorrent
2009-01-17 19:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-01-17 16:45:04 ----A---- C:\WINDOWS\cdplayer.ini
2009-01-14 03:00:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-05 10:57:58 ----A---- C:\WINDOWS\win.ini
2008-12-22 07:17:04 ----D---- C:\Documents and Settings\Simon\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-01-27 140416]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-01-27 197632]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-20 16512]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-12-04 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 $sys$crater;$sys$crater; \??\C:\WINDOWS\system32\$sys$filesystem\crater.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560]
S3 Acpilw2sthnp;Acpilw2sthnp; C:\WINDOWS\system32\drivers\Acpilw2sthnp.sys []
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 catchme;catchme; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\Documents and Settings\Simon\Local Settings\Temp\{DF966E89-F6C0-45A2-B3F7-CC674DA711B0}\fsgk.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 iMSPQMn;iMSPQMn; \??\C:\DOCUME~1\Simon\LOCALS~1\Temp\iMSPQMn.sys []
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-01-24 68922]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-03 10368]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-25 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 BMUService;Memeo; C:\Program Files\Tanagra\Memeo\MemeoService.exe [2005-12-19 192512]
R2 CD_Proxy;XCP CD Proxy; C:\WINDOWS\CDProxyServ.exe [2004-10-07 167936]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------



INFO


info.txt logfile of random's system information tool 1.05 2009-01-21 16:06:21

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-11-17-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
JumpStart 3rd Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSA3GUn.exe
JumpStart Field Trip Adventure-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSFTAdvUn.exe
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Magic ISO Maker v5.3 (build 0216)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft AntiSpyware-->MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.19)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegGenie v2.0-->"C:\WINDOWS\RegGenieOnUninstall.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Roxio Easy Media Creator 7-->MsiExec.exe /I{CB4544EA-C189-41FE-9E3A-76591DDB852B}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}
TCPMP-->C:\Program Files\Microsoft ActiveSync\TCPMP\Uninstall.exe TCPMP
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005C\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Video Journal Version 1.30-->"C:\Program Files\GirlTech\Video Journal\unins000.exe"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Yahoo! Music Jukebox-->MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

System event log

Computer Name: SIMON-RHPX7AQ6L
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 43733
Source Name: Cdrom
Time Written: 20090116205012.000000-360
Event Type: error
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 43732
Source Name: Cdrom
Time Written: 20090116205010.000000-360
Event Type: error
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 43731
Source Name: Cdrom
Time Written: 20090116205004.000000-360
Event Type: error
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 43730
Source Name: Cdrom
Time Written: 20090116205002.000000-360
Event Type: error
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 43729
Source Name: Cdrom
Time Written: 20090116204959.000000-360
Event Type: error
User:

Application event log

Computer Name: SIMON-RHPX7AQ6L
Event Code: 11728
Message: Product: Microsoft Silverlight -- Configuration completed successfully.

Record Number: 5766
Source Name: MsiInstaller
Time Written: 20081028165455.000000-300
Event Type: information
User: SIMON-RHPX7AQ6L\Simon

Computer Name: SIMON-RHPX7AQ6L
Event Code: 1022
Message: Product: Microsoft Silverlight - Update 'Microsoft Silverlight 2.0.31005.0' installed successfully.

Record Number: 5765
Source Name: MsiInstaller
Time Written: 20081028165455.000000-300
Event Type: information
User: SIMON-RHPX7AQ6L\Simon

Computer Name: SIMON-RHPX7AQ6L
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 5764
Source Name: Winlogon
Time Written: 20081027163943.000000-300
Event Type: information
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 5763
Source Name: Winlogon
Time Written: 20081027163923.000000-300
Event Type: information
User:

Computer Name: SIMON-RHPX7AQ6L
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 5762
Source Name: Winlogon
Time Written: 20081027163901.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0102
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------


GOORED

GooredFix v1.83 by jpshortstuff
Log created at 16:08 on 21/01/2009 running Option #1 (Simon)
Firefox version 2.0.0.19 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Plugins"="C:\PROGRA~1\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.19\extensions]
"Components"="C:\PROGRA~1\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"



LOOK

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32
midimapper REG_SZ midimap.dll
msacm.imaadpcm REG_SZ imaadp32.acm
msacm.msadpcm REG_SZ msadp32.acm
msacm.msg711 REG_SZ msg711.acm
msacm.msgsm610 REG_SZ msgsm32.acm
msacm.trspch REG_SZ tssoft32.acm
vidc.cvid REG_SZ iccvid.dll
VIDC.I420 REG_SZ msh263.drv
vidc.iv31 REG_SZ ir32_32.dll
vidc.iv32 REG_SZ ir32_32.dll
VIDC.IYUV REG_SZ iyuv_32.dll
vidc.mrle REG_SZ msrle32.dll
vidc.msvc REG_SZ msvidc32.dll
VIDC.UYVY REG_SZ msyuv.dll
VIDC.YUY2 REG_SZ msyuv.dll
VIDC.YVU9 REG_SZ tsbyuv.dll
VIDC.YVYU REG_SZ msyuv.dll
wavemapper REG_SZ msacm32.drv
wave REG_SZ wdmaud.drv
midi REG_SZ wdmaud.drv
mixer REG_SZ wdmaud.drv
aux REG_SZ ctwdm32.dll
msacm.msg723 REG_SZ msg723.acm
vidc.M263 REG_SZ msh263.drv
vidc.M261 REG_SZ msh261.drv
msacm.msaudio1 REG_SZ msaud32.acm
msacm.sl_anet REG_SZ sl_anet.acm
msacm.l3acm REG_SZ C:\WINDOWS\system32\l3codeca.acm
vidc.DIVX REG_SZ DivX.dll
vidc.yv12 REG_SZ DivX.dll
msacm.vorbis REG_SZ vorbis.acm
VIDC.JDCT REG_SZ jl_jdct.drv
MSVideo8 REG_SZ VfWWDM32.dll
wave1 REG_SZ wdmaud.drv
midi1 REG_SZ wdmaud.drv
mixer1 REG_SZ wdmaud.drv
aux1 REG_SZ ctwdm32.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32\Terminal Server

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 PM

Posted 31 January 2009 - 02:02 AM

Hello sd134,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:02 PM

Posted 07 February 2009 - 11:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users