Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 Davis Engeler

Davis Engeler

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 29 January 2009 - 10:19 PM

Since yesterday I've been having some noticeable problems... some windows would not show buttons or bring up save dialogues correctly. I figured if I restarted explorer.exe it might help. I don't know if that was smart, but it did help with those problems. After that, I was having some problems with my printer so I rebooted thinking that explorer was just messed up after I restarted it and I should just start fresh. Everything was going good until tonight when I got an error about something: I can't remember for sure what it was and didn't get a screen shot of it. It was something like a DCOM error I think. Then a shutdown timer of 1 minute started. I did Run>shutdown -a since I didn't know what it was going to shut down for. I ran a Malwarebytes scan as well as the DDS thing. I'm not sure what I was supposed to put in the post and what I'm supposed to attatch, so I'm just putting all logs in a winrar zip.

Sorry if that was confusing, seems like I was just babbling.

Oh, Malwarebytes found 24 infected files and registry items. :S There were some items that says needs a reboot to repair, so should I go ahead and do that?


EDIT: Here's the DDS scan log. The MBAM and other log (as well as this one) are in the zip attached.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Davis M. Engeler at 22:08:02.65 on Thu 01/29/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: DavisCreation Toolbar: {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - c:\program files\daviscreation\tbDav0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: DavisCreation Toolbar: {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - c:\program files\daviscreation\tbDav0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: DavisCreation Toolbar: {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - c:\program files\daviscreation\tbDav0.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\System32\browseui.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {2D51D869-C36B-42BD-AE68-0A81BC771FA5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Jing] c:\program files\techsmith\jing\Jing.exe
uRun: [Google Update] "c:\documents and settings\davis m. engeler\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [FD_SAP] c:\windows\system32\drivers\sap\FD.exe
mRun: [StoneGateAgent] "c:\program files\stonesoft\stonegate vpn client\sgagent.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [CDEReInst] "c:\program files\installshield installation information\{85459d1c-7569-4d5f-b5c4-c3f5a3be746c}\setup.exe" /scsiinst
mRun: [Lbahigizoyo] rundll32.exe "c:\windows\Tcobamagabobituy.dll",e
mRun: [Mwasepemiyuva] rundll32.exe "c:\windows\amusafuzawosa.dll",e
mRunOnce: [Malwarebytes' Anti-Malware] g:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\davism~1.eng\startm~1\programs\startup\virtua~1.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161979902703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxp://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\MultiWin32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\davism~1.eng\applic~1\mozilla\firefox\profiles\i0ktypm9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1718793&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - DavisCreation Customized Web Search
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1718793&SearchSource=2&q=
FF - component: c:\documents and settings\davis m. engeler\application data\mozilla\firefox\profiles\i0ktypm9.default\extensions\{3c3bc304-b3b4-48e2-8021-ae1c922ee380}\components\FFAlert.dll
FF - plugin: c:\documents and settings\davis m. engeler\application data\mozilla\firefox\profiles\i0ktypm9.default\extensions\ustreampublisher@ustream.tv\platform\winnt_x86-msvc\plugins\npustreampublisher.dll
FF - plugin: c:\documents and settings\davis m. engeler\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: XUL Cache: {85280402-2B40-47B8-83BC-0595E35C00A0} - c:\documents and settings\davis m. engeler\local settings\application data\{85280402-2b40-47b8-83bc-0595e35c00a0}\

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-29 21:48 <DIR> --d----- c:\docume~1\davism~1.eng\applic~1\Malwarebytes
2009-01-29 21:48 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-29 21:48 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-29 21:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-29 17:44 133,120 a------- c:\windows\amusafuzawosa.dll
2009-01-29 17:32 40,448 a------- c:\windows\Tcobamagabobituy.dll
2009-01-29 17:32 40,448 a------- c:\windows\system32\chert11-303350.exe
2009-01-29 17:15 0 a---h--- c:\windows\SwSys2.bmp
2009-01-29 17:15 0 a---h--- c:\windows\SwSys1.bmp
2009-01-25 22:27 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-01-21 19:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Paragon CD-ROM Emulator
2009-01-21 18:03 <DIR> --d----- c:\program files\PS3 Media Server
2009-01-18 12:41 <DIR> --d----- C:\PS3ThemeCreator
2009-01-16 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TomTom
2009-01-16 16:03 <DIR> --d----- c:\docume~1\davism~1.eng\applic~1\TomTom
2009-01-16 16:01 <DIR> --d----- c:\program files\TomTom DesktopSuite
2009-01-15 14:10 197 a--sh--- c:\program files\common files\maxtreme.dat
2009-01-15 14:10 <DIR> --d----- c:\docume~1\davism~1.eng\applic~1\Webcammax
2009-01-15 14:09 941,784 a------- c:\windows\system32\drivers\CAMTHWDM.sys
2009-01-12 22:39 87,608 a------- c:\docume~1\davism~1.eng\applic~1\inst.exe
2009-01-12 22:39 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-12 22:39 47,360 a------- c:\docume~1\davism~1.eng\applic~1\pcouffin.sys
2009-01-11 23:47 <DIR> --d----- c:\windows\NV39523232.TMP
2009-01-11 18:17 31 a------- c:\documents and settings\davis m. engeler\jagex_runescape_preferences.dat
2009-01-11 18:17 <DIR> --d----- c:\windows\.jagex_cache_32
2009-01-08 19:34 <DIR> --d----- C:\DCHconfigs
2009-01-05 19:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Launcher
2009-01-05 18:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Graboid Inc
2009-01-05 17:54 <DIR> --d----- c:\program files\Mozilla ActiveX Control v1.7.12
2009-01-05 17:53 <DIR> --d----- c:\program files\VideoLAN
2009-01-05 17:53 <DIR> --d----- c:\program files\Graboid
2009-01-01 21:18 <DIR> --d----- c:\program files\DVD Shrink
2009-01-01 02:00 <DIR> --d----- c:\program files\Free DVD Ripper
2008-12-31 20:07 <DIR> --d----- c:\program files\VirtualDubMod

==================== Find3M ====================

2009-01-01 00:52 24,928 a---h--- c:\windows\system32\mlfcache.dat
2008-12-25 03:37 42,992 ac------ c:\docume~1\davism~1.eng\applic~1\GDIPFONTCACHEV1.DAT
2008-12-23 21:58 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-17 10:56 41,680 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2008-12-17 10:56 100,368 a------- c:\windows\system32\drivers\VBoxDrv.sys
2008-12-15 01:46 172,097 a------- c:\program files\Adobe Premiere Pro CS4 ???????.pdf
2008-12-15 01:46 139,137 a------- c:\program files\Adobe Premiere Pro CS4 ????.pdf
2008-12-15 01:28 1,299,033,847 a------- c:\program files\ADBEPPROCS4_LS7.7z
2008-12-15 00:26 1,228,240 a------- c:\program files\ADBEPPROCS4_LS7.exe
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-09-04 19:50 74,344 a------- c:\program files\Adobe Premiere Pro CS4 — Lisez-moi.pdf
2008-09-04 05:06 70,151 a------- c:\program files\Adobe Premiere Pro CS4 - Bitte lesen.pdf
2008-09-04 05:06 68,688 a------- c:\program files\Léame de Adobe Premiere Pro CS4.pdf
2008-09-04 05:06 66,963 a------- c:\program files\Leggimi di Adobe Premiere Pro CS4.pdf
2008-09-03 16:28 65,571 a------- c:\program files\Adobe Premiere Pro CS4 Read Me.pdf
2006-09-10 11:25 1,364 a------- c:\program files\common files\temp.html
2006-05-31 08:14 108,056 a------- c:\program files\common files\secman.dll
2006-03-11 18:09 626,176 ac------ c:\program files\common files\osmax.ocx
2007-05-25 23:56 80 ---shr-- c:\windows\system32\10326E959F.dll

============= FINISH: 22:09:04.85 ===============

Attached Files


Edited by Davis Engeler, 30 January 2009 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 01 February 2009 - 10:50 AM

I'm not sure if this is in the right section. If not could a moderator please move it?

Thanks,
Davis.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 05 February 2009 - 04:18 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 05 February 2009 - 06:23 PM

Eck. Seems like it could be bad. IDK what any of it means, but it doesn't look good. Thanks so much for helping me by the way. I don't know if the logs are in the order you said, but I'm sure you can tell them apart. Also: I've run several MBAM scans since my first post. The first time it found 24. Now about every other time it finds this Explorer32 stolen.data or something. I don't know if it's getting rid of it right since it finds it again every once in a while. Well, here's the scans.

EDIT: The log attached doesn't have any text. When I made the text doc I forgot to paste in the results. Oops. I'm running the scan again and I'll upload it. Sorry about that.

=========================
Logfile of random's system information tool 1.05 (written by random/random)
Run by Davis M. Engeler at 2009-02-05 17:11:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (19%) free of 76 GB
Total RAM: 2559 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:11:59 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\stonegate.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\Drivers\SAP\FD.exe
C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\TechSmith\Jing\Jing.exe
C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Davis M. Engeler\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Davis M. Engeler.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DavisCreation Toolbar - {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - C:\Program Files\DavisCreation\tbDav0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DavisCreation Toolbar - {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - C:\Program Files\DavisCreation\tbDav0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: DavisCreation Toolbar - {3c3bc304-b3b4-48e2-8021-ae1c922ee380} - C:\Program Files\DavisCreation\tbDav0.dll
O4 - HKLM\..\Run: [FD_SAP] C:\WINDOWS\System32\Drivers\SAP\FD.exe
O4 - HKLM\..\Run: [StoneGateAgent] "C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [CDEReInst] "C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe" /scsiinst
O4 - HKCU\..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161979902703
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StoneGate VPN Client (SGClient) - Stonesoft Corp. - C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe

--
End of file - 9146 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-583907252-725345543-1005.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c3bc304-b3b4-48e2-8021-ae1c922ee380}]
DavisCreation Toolbar - C:\Program Files\DavisCreation\tbDav0.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3c3bc304-b3b4-48e2-8021-ae1c922ee380} - DavisCreation Toolbar - C:\Program Files\DavisCreation\tbDav0.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FD_SAP"=C:\WINDOWS\System32\Drivers\SAP\FD.exe [2006-09-26 202240]
"StoneGateAgent"=C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe [2005-07-05 217168]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"CDEReInst"=C:\Program Files\InstallShield Installation Information\{85459D1C-7569-4D5F-B5C4-C3F5A3BE746C}\setup.exe /scsiinst []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Jing"=C:\Program Files\TechSmith\Jing\Jing.exe [2009-01-06 2495752]
"Google Update"=C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"AdobeBridge"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0.exe]
C:\aidualc3\c0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-10-01 185784]

C:\Documents and Settings\Davis M. Engeler\Start Menu\Programs\Startup
VirtualExpander.lnk - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll [2008-01-16 95480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Canon\DV Messenger\DV Messenger.exe"="C:\Program Files\Canon\DV Messenger\DV Messenger.exe:*:Enabled:Executable"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe"="C:\Program Files\Stonesoft\StoneGate VPN Client\sgagent.exe:*:Enabled:StoneGate VPN Agent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Davis M. Engeler\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Davis M. Engeler\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Symantec Removal Utility"
"C:\Program Files\NCH Software\ScreenStream\screenstream.exe"="C:\Program Files\NCH Software\ScreenStream\screenstream.exe:*:Enabled:screenstream"
"C:\Program Files\webcamXP\webcamXP.exe"="C:\Program Files\webcamXP\webcamXP.exe:*:Enabled:webcamXP 2008"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys"
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Documents and Settings\Davis M. Engeler\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\Davis M. Engeler\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe"="C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Ahead\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome"
"C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\cstrike.exe"="C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\cstrike.exe:*:Enabled:CS 1.8 Goiceasoft"
"C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\hl.exe"="C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\hl.exe:*:Enabled:Half Life"
"C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\hltv.exe"="C:\Documents and Settings\Davis M. Engeler\Desktop\Counter Strike 1.8 Goiceasoft\hltv.exe:*:Enabled:HLTV Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a77a9e7-e3ea-11dd-9452-000cf1755396}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe


======List of files/folders created in the last 3 months======

2009-02-05 17:08:08 ----D---- C:\rsit
2009-02-02 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-02 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-01 10:35:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-01 02:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-01 02:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-01 02:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-01 02:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-02-01 01:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-01 01:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-01 01:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-01 01:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-01 01:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-01 01:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-01 01:29:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-01 01:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-01 01:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-01 01:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-01 01:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-01 01:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-02-01 01:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-01 00:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-01 00:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-01 00:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-01 00:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-01 00:27:43 ----A---- C:\WINDOWS\setuplog.txt
2009-02-01 00:07:39 ----D---- C:\WINDOWS\system32\scripting
2009-02-01 00:07:34 ----D---- C:\WINDOWS\l2schemas
2009-01-31 23:48:52 ----A---- C:\WINDOWS\imsins.BAK
2009-01-30 17:31:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-29 21:48:37 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Malwarebytes
2009-01-29 21:48:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-21 19:30:07 ----D---- C:\Documents and Settings\All Users\Application Data\Paragon CD-ROM Emulator
2009-01-21 18:03:28 ----D---- C:\Program Files\PS3 Media Server
2009-01-18 12:41:57 ----D---- C:\PS3ThemeCreator
2009-01-18 12:33:41 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-16 16:03:43 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2009-01-16 16:03:24 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\TomTom
2009-01-16 16:01:22 ----D---- C:\Program Files\TomTom DesktopSuite
2009-01-15 14:10:01 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Webcammax
2009-01-15 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-01-12 22:39:57 ----A---- C:\Documents and Settings\Davis M. Engeler\Application Data\inst.exe
2009-01-12 22:39:56 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Vso
2009-01-11 23:47:48 ----D---- C:\WINDOWS\NV39523232.TMP
2009-01-11 18:17:03 ----D---- C:\WINDOWS\.jagex_cache_32
2009-01-08 19:34:09 ----D---- C:\DCHconfigs
2009-01-05 19:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\Launcher
2009-01-05 18:16:43 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2009-01-05 17:54:03 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-01-05 17:53:29 ----D---- C:\Program Files\VideoLAN
2009-01-05 17:53:28 ----D---- C:\Program Files\Graboid
2009-01-01 21:18:14 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-01-01 21:18:12 ----D---- C:\Program Files\DVD Shrink
2009-01-01 02:00:33 ----D---- C:\Program Files\Free DVD Ripper
2008-12-31 20:07:45 ----D---- C:\Program Files\VirtualDubMod
2008-12-30 13:20:54 ----D---- C:\Program Files\ACW
2008-12-30 12:29:09 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Media Player Classic
2008-12-29 21:51:27 ----D---- C:\WINDOWS\NV24082412.TMP
2008-12-29 21:22:42 ----D---- C:\WINDOWS\Minidump
2008-12-25 02:51:53 ----D---- C:\WINDOWS\system32\VirtualExpander
2008-12-21 01:04:40 ----D---- C:\Program Files\DigitalImageToIcon
2008-12-20 00:30:49 ----D---- C:\Program Files\ManyCam 2.3
2008-12-19 16:54:54 ----D---- C:\Program Files\Bonjour
2008-12-19 01:40:47 ----D---- C:\Program Files\Stunt Playground
2008-12-18 23:58:46 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\VMware
2008-12-18 23:55:08 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-12-18 23:47:03 ----D---- C:\Program Files\VS Revo Group
2008-12-18 22:58:27 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-18 22:58:22 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\SystemRequirementsLab
2008-12-16 23:32:20 ----D---- C:\Program Files\Windows Journal Viewer
2008-12-16 22:06:07 ----D---- C:\Program Files\TeamViewer
2008-12-16 17:12:06 ----D---- C:\Program Files\Audacity
2008-12-15 01:46:55 ----D---- C:\Program Files\Adobe OnLocation CS4
2008-12-15 01:46:54 ----D---- C:\Program Files\Adobe Encore CS4
2008-12-15 00:33:07 ----A---- C:\Adobe CS4.ExE
2008-12-13 10:48:42 ----D---- C:\Program Files\GabbaSoft
2008-12-12 11:18:16 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\WINDOWS\system32\dnssd.dll
2008-12-12 03:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 03:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-12 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-06 14:45:07 ----D---- C:\Program Files\Cheat Engine
2008-11-30 17:19:00 ----D---- C:\Program Files\Adobe CS4
2008-11-30 13:56:15 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-30 13:41:08 ----D---- C:\Program Files\Adobe Media Player
2008-11-30 13:35:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-30 13:27:56 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-30 12:32:48 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Download Manager
2008-11-28 17:59:56 ----D---- C:\Program Files\iTunes
2008-11-28 17:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-13 17:53:57 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\MozillaControl
2008-11-13 17:52:39 ----D---- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests
2008-11-13 17:52:39 ----D---- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-11-12 21:31:03 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Blender Foundation
2008-11-12 21:30:54 ----D---- C:\Program Files\Blender Foundation
2008-11-12 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-12 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$

======List of files/folders modified in the last 3 months======

2009-02-05 17:00:30 ----D---- C:\Program Files\Mozilla Firefox
2009-02-05 16:58:45 ----D---- C:\WINDOWS\Temp
2009-02-05 16:54:47 ----D---- C:\WINDOWS\system32\drivers
2009-02-05 16:54:47 ----D---- C:\WINDOWS
2009-02-05 16:54:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-05 08:13:57 ----D---- C:\WINDOWS\system32
2009-02-04 15:41:51 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\mIRC
2009-02-03 17:34:42 ----D---- C:\Program Files\mIRC
2009-02-03 17:23:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 16:58:24 ----D---- C:\WINDOWS\Debug
2009-02-03 16:49:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-02 03:01:26 ----HD---- C:\WINDOWS\inf
2009-02-02 03:01:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-01 18:54:36 ----D---- C:\Program Files
2009-02-01 05:09:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-01 03:11:40 ----A---- C:\WINDOWS\win.ini
2009-02-01 03:06:42 ----D---- C:\WINDOWS\system32\Setup
2009-02-01 03:06:42 ----D---- C:\WINDOWS\AppPatch
2009-02-01 03:06:41 ----D---- C:\WINDOWS\msagent
2009-02-01 03:06:40 ----D---- C:\WINDOWS\system32\wbem
2009-02-01 03:06:39 ----RSD---- C:\WINDOWS\Fonts
2009-02-01 02:18:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-01 00:46:24 ----D---- C:\Program Files\Messenger
2009-02-01 00:38:11 ----D---- C:\WINDOWS\security
2009-02-01 00:09:01 ----D---- C:\WINDOWS\WinSxS
2009-02-01 00:08:45 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-01 00:08:37 ----D---- C:\WINDOWS\network diagnostic
2009-02-01 00:08:36 ----D---- C:\WINDOWS\ime
2009-02-01 00:08:33 ----D---- C:\WINDOWS\Help
2009-02-01 00:07:44 ----D---- C:\WINDOWS\system32\usmt
2009-02-01 00:07:44 ----D---- C:\WINDOWS\system32\en-US
2009-02-01 00:07:32 ----SHD---- C:\WINDOWS\Installer
2009-02-01 00:07:31 ----D---- C:\WINDOWS\system32\en
2009-02-01 00:07:29 ----D---- C:\WINDOWS\system32\bits
2009-02-01 00:07:29 ----D---- C:\WINDOWS\peernet
2009-02-01 00:07:28 ----D---- C:\Program Files\Movie Maker
2009-01-31 23:58:14 ----D---- C:\WINDOWS\system32\Restore
2009-01-31 23:58:13 ----D---- C:\WINDOWS\system32\npp
2009-01-31 23:58:04 ----D---- C:\WINDOWS\srchasst
2009-01-31 23:58:01 ----D---- C:\Program Files\NetMeeting
2009-01-31 23:57:56 ----D---- C:\WINDOWS\system32\Com
2009-01-31 23:57:50 ----D---- C:\Program Files\Windows Media Player
2009-01-31 23:57:47 ----D---- C:\Program Files\Windows NT
2009-01-31 23:57:47 ----D---- C:\Program Files\Outlook Express
2009-01-31 23:57:40 ----D---- C:\Program Files\Common Files\System
2009-01-31 23:56:45 ----D---- C:\WINDOWS\system32\oobe
2009-01-31 23:56:38 ----D---- C:\WINDOWS\system
2009-01-31 23:48:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-31 23:35:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-31 23:04:03 ----D---- C:\WINDOWS\EHome
2009-01-31 02:59:37 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-01-29 11:27:43 ----AC---- C:\WINDOWS\DELLSTAT.INI
2009-01-28 21:46:28 ----D---- C:\WINDOWS\system32\explorer32
2009-01-28 21:22:01 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-01-23 22:48:25 ----SD---- C:\Documents and Settings\Davis M. Engeler\Application Data\Microsoft
2009-01-21 22:58:14 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Ahead
2009-01-21 19:30:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-18 12:33:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-18 12:33:32 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-15 14:10:45 ----D---- C:\Program Files\Common Files
2009-01-12 20:01:43 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Adobe
2009-01-12 20:01:41 ----D---- C:\Program Files\Adobe
2009-01-11 23:50:07 ----D---- C:\WINDOWS\nview
2009-01-11 23:46:44 ----D---- C:\NVIDIA
2009-01-09 20:35:28 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-01-08 16:57:47 ----RSD---- C:\WINDOWS\assembly
2009-01-08 16:56:00 ----D---- C:\Program Files\Stardock
2009-01-08 16:33:22 ----D---- C:\Program Files\CCleaner
2009-01-06 16:01:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-30 20:15:26 ----D---- C:\My Downloads
2008-12-29 19:57:01 ----SD---- C:\WINDOWS\Tasks
2008-12-27 15:26:04 ----D---- C:\Program Files\Click'N Design 3D
2008-12-27 15:20:28 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Macromedia
2008-12-27 14:33:22 ----D---- C:\Program Files\Common Files\Adobe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-12-23 21:58:50 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-12-19 01:32:53 ----D---- C:\WINDOWS\system32\Adobe
2008-12-18 23:48:43 ----D---- C:\Program Files\Yahoo!
2008-12-18 23:42:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-16 23:32:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-16 23:27:34 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-15 16:32:48 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\Skype
2008-12-15 16:08:10 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\skypePM
2008-12-13 10:48:20 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 03:06:31 ----D---- C:\Program Files\Internet Explorer
2008-12-10 22:30:39 ----D---- C:\Documents and Settings\Davis M. Engeler\Application Data\TeamViewer
2008-12-09 12:52:08 ----D---- C:\Program Files\Icon Converter Plus
2008-11-30 14:57:33 ----RASH---- C:\boot.ini
2008-11-30 14:57:33 ----N---- C:\WINDOWS\system.ini
2008-11-30 13:48:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-28 18:00:01 ----D---- C:\Program Files\iPod
2008-11-28 18:00:00 ----D---- C:\Program Files\Common Files\Apple
2008-11-28 17:57:30 ----D---- C:\Program Files\QuickTime
2008-11-24 22:24:07 ----D---- C:\Program Files\DavisCreation
2008-11-14 17:45:51 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-14 17:45:13 ----D---- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-11-14 17:44:38 ----D---- C:\Program Files\TechSmith

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16512]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2005-11-24 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 U3sHlpDr;U3sHlpDr; \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BENDER;Pinnacle DV/AV Capture; C:\WINDOWS\system32\drivers\bender.sys [2003-09-25 180480]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2004-06-21 78976]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sgvnic;StoneGate VPN Virtual Adapter; C:\WINDOWS\system32\DRIVERS\sgvnic.sys [2005-07-05 7104]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 stonegate;StoneGate VPN Module (IPsec); C:\WINDOWS\system32\DRIVERS\stonegate.sys [2005-07-05 393442]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ACCSKMD;Canon Camera Storage Device; C:\WINDOWS\System32\DRIVERS\accskmd.sys [2002-06-26 26240]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-12 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0101;RsFx0101 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0101.sys [2008-02-08 239128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-25 303104]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 Multiplicity;Stardock Multiplicity; C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\MULTIS~2.EXE [2007-11-17 242936]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 SGClient;StoneGate VPN Client; C:\Program Files\Stonesoft\StoneGate VPN Client\gatekeeper.exe [2005-07-05 1245270]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-02-08 91672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-02-08 38510616]
S2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-04-28 132096]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-04-17 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-04-17 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-04-28 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-04-28 869376]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-30 655624]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-02-08 43544]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-02-08 246808]

-----------------EOF-----------------


=========================

info.txt logfile of random's system information tool 1.05 2009-02-05 17:08:46

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Media Encoder 2.5-->MsiExec.exe /I{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->C:\Program Files\Common Files\Adobe\Installers\26b63376f4efc354dae41af6b5e3343\Setup.exe --uninstall=1
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Premiere Pro CS4-->MsiExec.exe /I{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{566BB41D-F006-4956-A5D3-94D8DFFA7F51}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AutoHotkey 1.0.47.06-->C:\Program Files\AutoHotkey\uninst.exe
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser.NET 2 Alpha 5-->MsiExec.exe /I{A9C024E0-C49B-4033-AEFD-469D7D60A0D4}
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Camtasia Studio 6-->MsiExec.exe /I{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DavisCreation Toolbar-->C:\PROGRA~1\DAVISC~1\UNWISE.EXE C:\PROGRA~1\DAVISC~1\INSTALL.LOG
Dell AIO Printer A940-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBAUN5C.EXE -dDell AIO Printer A940
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Image To Icon Converter 2.0-->C:\Program Files\DigitalImageToIcon\uninst.exe
DV NETWORK SOLUTION DISK -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78E59435-A150-4C50-9B4B-370D9C15D1E5} /l1033
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Free DVD Ripper Version 2.25-->"C:\Program Files\Free DVD Ripper\unins000.exe"
FXhome VisionLab Studio (remove only)-->"C:\Program Files\FXhome VisionLab Studio\FXhome VisionLab Studio Uninstall.exe"
Game Maker 7.0-->G:\Program Files\Uninstal.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB946102)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB946503)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB946573)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB946644)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB946927)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB947148)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB947317)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB947748)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB948233)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB948646)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB948815)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB949226)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB949272)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 2.0 Service Pack 2 (Beta) (KB949777)-->C:\WINDOWS\system32\msiexec.exe /package {5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {3EBA8294-893A-335E-8535-C4DB6AFD6495} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998)-->"C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Icon Converter Plus-->C:\WINDOWS\Icon Converter Plus Uninstaller.exe
ImTOO MPEG Encoder-->C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
Install Creator-->C:\Program Files\Install Creator\Uninstal.exe
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iPod for Windows 2005-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jing-->MsiExec.exe /I{AAF817C5-9B99-4025-A5C1-8D0DB5717F2C}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 (Beta)-->MsiExec.exe /I{5E3D39AE-806D-3E08-A303-FD7A6AC8C4F0}
Microsoft .NET Framework 3.0 Service Pack 2 (Beta)-->MsiExec.exe /I{477F6F49-D17C-3D0D-9D14-ADCFBDA3DDF5}
Microsoft .NET Framework 3.5 SP1 (Beta)-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1 (Beta)\setup.exe
Microsoft .NET Framework 3.5 SP1 (Beta)-->MsiExec.exe /I{EF2EDF1C-9418-3A80-8CBA-2C3C5E7FF3DB}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Standard-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 (SQLEXPRESS)-->MsiExec.exe /I{F0B8CEFA-EA9A-46DB-B2BA-800B2A198B2A}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{82711153-8EA8-419F-B65F-9319E196BEBC}
Microsoft SQL Server 2008 Express Edition-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\setup100.exe" /ACTION=uninstall /BOOTSTRAPACTION=BOOTSTRAPNOCU /SKU=EXPR
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{F1CBC5C3-B6CF-4A7D-AA70-4B5AEB99F82B}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{1F1925E9-054A-4539-BA37-07551023C434}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{00E75F61-A126-4CE1-90B8-42295052F1AC}
Microsoft SQL Server 2008 Tools-->MsiExec.exe /I{71771315-9294-4969-A483-BB93CFE530C2}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\setup100.exe" /ACTION=uninstall /BOOTSTRAPACTION=BOOTSTRAPNOCU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English Beta-->MsiExec.exe /X{611A1EBB-7F9A-4E0B-9ECD-BEF7F822C935}
Microsoft SQL Server Compact 3.5 SP1 English Beta-->MsiExec.exe /I{9D18901B-4C63-4FDD-95C2-776059D33635}
Microsoft SQL Server Management Objects-->MsiExec.exe /I{8074613A-77B4-42AC-BC53-B6FB5D8B29ED}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{92DBA268-CB64-400C-A58C-67777E9F56AD}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition SP1 (Beta) - ENU-->MsiExec.exe /X{3EBA8294-893A-335E-8535-C4DB6AFD6495}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30428-->MsiExec.exe /X{A4B9450B-2933-3A66-9CD6-F059BA3776D1}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for .NET Framework-->MsiExec.exe /X{54385919-3F2D-3D32-90F3-02167CC25294}
Microsoft Windows SDK for Visual Studio 2008 SP1 (Beta) Express Tools for Win32-->MsiExec.exe /X{838F009C-92C3-84E3-860B-CC18A9348D6D}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multiplicity-->C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\UNWISE.EXE C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\INSTALL.LOG
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.27-->MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PS3ThemeCreator-->MsiExec.exe /I{00C908A6-8038-4101-909C-575D8B83B57D}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Replay Converter 3-->"C:\WINDOWS\Replay Converter 3\uninstall.exe" "/U:C:\Program Files\Replay Converter 3\Uninstall\ReplayConverrter3Uninstall.xml"
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SQL Server System CLR Types-->MsiExec.exe /I{862F4E4D-01C0-4C23-A5B6-A128569C38D3}
StoneGate VPN Client 2.6.0.814-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2C7AB30-146B-11D5-973C-00105A698689}\Setup.exe" -l0x9 UNINSTALL
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synergy-->"C:\Program Files\Synergy\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Ulead GIF Animator 5 TBYB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" -l0x9
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell™ 1.0-->C:\WINDOWS\$NtUninstallKB926139$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WNW Dictionary v2.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Accent\WNW\DeIsL1.isu"

======Hosts File======

127.0.0.1 activate.adobe.com

======Security center information======

AV: Avira AntiVir PersonalEdition

System event log

Computer Name: DAVIS
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 15571
Source Name: W32Time
Time Written: 20080702065542.000000-240
Event Type: warning
User:

Computer Name: DAVIS
Event Code: 7036
Message: The Computer Browser service entered the stopped state.

Record Number: 15570
Source Name: Service Control Manager
Time Written: 20080701171825.000000-240
Event Type: information
User:

Computer Name: DAVIS
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 15569
Source Name: Service Control Manager
Time Written: 20080701171824.000000-240
Event Type: information
User:

Computer Name: DAVIS
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 15568
Source Name: Service Control Manager
Time Written: 20080701171819.000000-240
Event Type: information
User:

Computer Name: DAVIS
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 15567
Source Name: Service Control Manager
Time Written: 20080701171819.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: DAVIS
Event Code: 701
Message: msnmsgr (3304) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Microsoft\Messenger\dmengeler@hotmail.com\SharingMetadata\Working\database_8C44_B0DF_44B0_CCE8\dfsr.db'.

Record Number: 16321
Source Name: ESENT
Time Written: 20081118050036.000000-300
Event Type: information
User:

Computer Name: DAVIS
Event Code: 700
Message: msnmsgr (3304) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Microsoft\Messenger\dmengeler@hotmail.com\SharingMetadata\Working\database_8C44_B0DF_44B0_CCE8\dfsr.db'.

Record Number: 16320
Source Name: ESENT
Time Written: 20081118050036.000000-300
Event Type: information
User:

Computer Name: DAVIS
Event Code: 701
Message: msnmsgr (3304) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Microsoft\Messenger\dmengeler@hotmail.com\SharingMetadata\Working\database_8C44_B0DF_44B0_CCE8\dfsr.db'.

Record Number: 16319
Source Name: ESENT
Time Written: 20081118040036.000000-300
Event Type: information
User:

Computer Name: DAVIS
Event Code: 700
Message: msnmsgr (3304) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Microsoft\Messenger\dmengeler@hotmail.com\SharingMetadata\Working\database_8C44_B0DF_44B0_CCE8\dfsr.db'.

Record Number: 16318
Source Name: ESENT
Time Written: 20081118040036.000000-300
Event Type: information
User:

Computer Name: DAVIS
Event Code: 701
Message: msnmsgr (3304) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Davis M. Engeler\Local Settings\Application Data\Microsoft\Messenger\dmengeler@hotmail.com\SharingMetadata\Working\database_8C44_B0DF_44B0_CCE8\dfsr.db'.

Record Number: 16317
Source Name: ESENT
Time Written: 20081118030036.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Adobe\AGL;C:\WINDOWS\system32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"MAYA_SCRIPT_PATH"=
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

=========================

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/5/2009 4:53:19 PM
mbam-log-2009-02-05 (16-53-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 262671
Time elapsed: 8 hour(s), 38 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Explorer32 (Stolen.Data) -> Delete on reboot.

=====================================

Attached Files


Edited by Davis Engeler, 05 February 2009 - 09:40 PM.


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 06 February 2009 - 01:51 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 06 February 2009 - 04:32 PM

The log was too long to post, so I attached it instead.

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 07 February 2009 - 12:51 AM

Please download FileAssassin and unzip it to your Desktop.
  • Double-click FileASSASSIN and tick on Attempt FileASSASSIN's method of file processing
  • Make sure ALL four options are selected (including "Delete file")
  • Copy/paste below file to the box
    • c:\windows\system32\10326E959F.dll
  • Press Execute button..



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 07 February 2009 - 01:17 AM

Thanks for your replies. I'm running that scan now and will post the log tomorrow. I haven't had any noticeable problems with the computer since right after my first post (I ran another MBAM scan). It never really got too bad except for the one night when I figured I should go ahead and post to see what's going on.

If you have a little extra time could you please tell me what was going on? I'm interested. Thanks so much!


-Davis.

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 07 February 2009 - 02:07 AM

Your computer have several trojan.. Not too infected.. Just some nasty files only.. Not sure where they come from..

Waiting for the report :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 07 February 2009 - 09:38 AM

I started the scan last night like I said, and when I came to it this morning I had a notice from Avira that told me there was an unwanted program found so I moved to quarantine. While that notice was up (which had been most of the night) the scan was not moving. So right now it's only around 50%. I've had two Avira alerts while the scan was going, but the scan it's self has found nothing.

Was I too confusing with that?

Edited by Davis Engeler, 07 February 2009 - 09:38 AM.


#11 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 07 February 2009 - 11:33 AM

I don't know if the scan did everything right. Avira was going crazy about it. It found one. Here's the log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3836 (20090207)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=62584edc3efdfe4f9cf99e582587b270
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-07 04:30:55
# local_time=2009-02-07 11:30:55 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=512023
# found=1
# scan_time=36808
C:\WINDOWS\system32\explorer32\WinSysMngr32.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 February 2009 - 12:26 PM

Avira was going crazy about it.


Tell me what did Avira find?.. Give me fullpath of it.. Better with Avira log :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 08 February 2009 - 05:17 PM

It wasn't during a scan. It was the Live Guard or whatever it's called. It was in my temporary internet files and was called NOD[something].tmp

It had pretty much the exact same thing (different numbers after the "NOD") 17 or so times during that online scan.

"Virus or unwanted program 'TR/Unpacked.Gen [trojan]'
detected in file 'C:\Documents and Settings\Davis M. Engeler\Local Settings\temp\NOD6698.tmp.
Action performed: Allow access"

Edited by Davis Engeler, 08 February 2009 - 05:19 PM.


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 08 February 2009 - 10:25 PM

Lets do this....

Please download CleanUp! by stevengould.org and save it to your Desktop.
  • Double-click CleanUp452.exe and install CleanUp! to your computer
  • Open CleanUp! and click on Options.. button.
  • Under General tab, choose Standard CleanUp! and then click Ok
  • Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes

Does your Live Guard still detect anything? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Davis Engeler

Davis Engeler
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 09 February 2009 - 07:18 PM

Nope, no more detections... even with scans. Am I clean?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users