Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zlob.dnschanger? win32.delf.cu?


  • This topic is locked This topic is locked
18 replies to this topic

#1 gusz

gusz

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 30 January 2009 - 10:12 AM

Dell P4 2GB mem WinXP running very slow. In Task Manager there's a svchost.exe
for NETWORK SERVICE using up to 99% of CPU. I can kill it but it comes back. SpyBot
S&D finds zlob.dnschanger and win32.delf.cu, says it removes it, but it reappears. My
HJT log is below. Would appreciate recommendations re the following:

-Does HJT log confirm I have zlob.dnschanger and win32.delf.cu, and how do I
remove them permanently?

-Do I have other viruses and how do I remove them?

-This computer is not mine, I see it's running a LOT of programs/processes,
appreciate any recommendations for removing "not very valuable" or duplicate
stuff.

Thankyou, Gusz

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:54 AM, on 9/20/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1132071867\ee\AOLDesktop.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...jPL+Xs/Taqezbb7
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=???, ???????????
F3 - REG:win.ini: run=???, ???????????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\microsoft\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\microsoft\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\microsoft\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [beta] c:\microsoft\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\microsoft\svchost.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DriverLoad] (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1....ns.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37460.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-mx/mx/games2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...642/mcfscan.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/MX14_100.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D76D29DF-056A-44E2-B139-76C2F6060FD4}: NameServer = 85.255.115.50,85.255.112.154
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.154
O20 - AppInit_DLLs: karina.dat; apitrap.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10473 bytes
e-mail removed to protect from spambots. ~ OB

Edited by Orange Blossom, 01 February 2009 - 12:40 AM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 02 February 2009 - 05:59 AM

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. SDFix
2. Malwarebytes'
3. RSIT log.txt
4. RSIT info.txt
5. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 02 February 2009 - 05:40 PM

First output - ran SDFix as directed, here's Report.txt

------------------
SDFix: Version 1.240
Run by The Sandul Company on Mon 02/02/2009 at 02:57 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-02 16:22:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"msqpdxl"="\systemroot\system32\msqpdxorvdhrsr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"msqpdxl"="\systemroot\system32\msqpdxorvdhrsr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"msqpdxl"="\systemroot\system32\msqpdxorvdhrsr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"group"="file system"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\systemroot\system32\drivers\msqpdxmqltoiqt.sys"
"msqpdxl"="\systemroot\system32\msqpdxorvdhrsr.dll"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\FT Desktop news alerts\\ftnewsalerts.exe"="C:\\Program Files\\FT Desktop news alerts\\ftnewsalerts.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0c\\waol.exe"="C:\\Program Files\\America Online 9.0c\\waol.exe:*:Enabled:America Online 9.0c"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AMERIC~1.0"
"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"="C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe:*:Disabled:HP Framework Component Manager Service"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe"="C:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe:*:Disabled:HP Task Management Component"
"C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunThreatEngine.exe"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunThreatEngine.exe:*:Disabled:CounterSpy Threat Audit Engine"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\\Program Files\\AOL 9.1\\waol.exe"="C:\\Program Files\\AOL 9.1\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLServiceHost.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL System Information"
"C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLDesktop.exe"="C:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\The Sandul Company\\Local Settings\\Temp\\.tt350.tmp"="C:\\Documents and Settings\\The Sandul Company\\Local Settings\\Temp\\.tt350.tmp:*:Enabled:enable"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\FT Desktop news alerts\\ftnewsalerts.exe"="C:\\Program Files\\FT Desktop news alerts\\ftnewsalerts.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Wed 31 Oct 2007 46,432 A..H. --- "C:\Program Files\AOL 9.1\AOLphx.exe"
Wed 31 Oct 2007 54,624 A..H. --- "C:\Program Files\AOL 9.1\AOLphxex.exe"
Wed 31 Oct 2007 33,120 A..H. --- "C:\Program Files\AOL 9.1\rbm.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Thu 15 Apr 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 5 May 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Wed 5 May 2004 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Wed 5 May 2004 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Fri 9 Nov 2007 183,296 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0002.tmp"
Mon 29 Dec 2008 35,840 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0004.tmp"
Sat 21 Apr 2007 33,280 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0005.tmp"
Mon 30 Apr 2007 26,624 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0199.tmp"
Sun 15 Jan 2006 193,024 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0572.tmp"
Fri 9 Nov 2007 168,960 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL0624.tmp"
Mon 30 Apr 2007 34,304 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL1280.tmp"
Mon 30 Apr 2007 30,208 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL1286.tmp"
Wed 9 Apr 2008 37,376 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL1587.tmp"
Mon 30 Apr 2007 24,064 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL1657.tmp"
Wed 9 Apr 2008 31,232 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL1680.tmp"
Mon 20 Jun 2005 28,672 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2042.tmp"
Mon 30 Apr 2007 31,232 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2073.tmp"
Mon 30 Apr 2007 34,304 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2082.tmp"
Wed 9 Apr 2008 40,960 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2143.tmp"
Sun 15 Jan 2006 193,024 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2248.tmp"
Wed 9 Apr 2008 31,232 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2482.tmp"
Mon 19 Feb 2007 90,112 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2489.tmp"
Mon 4 Jul 2005 24,064 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2500.tmp"
Wed 9 Apr 2008 31,744 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL2733.tmp"
Sun 22 May 2005 27,136 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL3803.tmp"
Mon 30 Apr 2007 34,304 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\~WRL3940.tmp"
Sun 14 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 23 May 2006 105,984 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Accurate\~WRL2759.tmp"
Wed 21 Feb 2007 53,760 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL0001.tmp"
Mon 14 Apr 2008 24,064 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL0465.tmp"
Sat 23 Jul 2005 45,056 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL0579.tmp"
Sat 23 Jul 2005 41,472 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL1076.tmp"
Wed 22 Mar 2006 93,696 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL1936.tmp"
Mon 29 May 2006 53,248 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL2212.tmp"
Mon 20 Jun 2005 40,960 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL2651.tmp"
Mon 29 May 2006 53,248 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL3241.tmp"
Sun 15 Jul 2007 148,992 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL3540.tmp"
Sat 23 Jul 2005 45,568 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Duane Financial\~WRL4043.tmp"
Fri 26 Oct 2007 61,440 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0004.tmp"
Tue 8 Aug 2006 91,648 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0005.tmp"
Mon 22 Oct 2007 55,808 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0006.tmp"
Mon 13 Aug 2007 96,768 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0073.tmp"
Sat 11 Aug 2007 88,576 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0146.tmp"
Tue 14 Aug 2007 98,304 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0232.tmp"
Sat 11 Aug 2007 83,968 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0277.tmp"
Sun 12 Aug 2007 83,968 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0409.tmp"
Sun 28 Oct 2007 69,632 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0602.tmp"
Wed 27 Aug 2008 79,872 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0609.tmp"
Sat 11 Aug 2007 89,600 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0610.tmp"
Sat 11 Aug 2007 88,576 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0754.tmp"
Sat 22 Jul 2006 40,448 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0776.tmp"
Sun 12 Aug 2007 84,992 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL0866.tmp"
Sat 11 Aug 2007 89,088 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1022.tmp"
Sat 11 Aug 2007 88,576 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1139.tmp"
Fri 10 Aug 2007 88,064 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1230.tmp"
Sat 22 Jul 2006 82,432 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1389.tmp"
Sat 11 Aug 2007 89,088 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1472.tmp"
Tue 26 Aug 2008 79,872 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1531.tmp"
Sat 11 Aug 2007 89,088 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1599.tmp"
Wed 8 Aug 2007 87,040 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1604.tmp"
Sat 22 Jul 2006 56,320 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1609.tmp"
Mon 13 Aug 2007 86,016 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1772.tmp"
Sat 11 Aug 2007 88,576 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1795.tmp"
Sat 11 Aug 2007 90,624 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL1969.tmp"
Tue 26 Aug 2008 79,872 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2006.tmp"
Wed 8 Aug 2007 87,040 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2024.tmp"
Mon 13 Aug 2007 96,768 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2155.tmp"
Wed 8 Aug 2007 86,528 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2157.tmp"
Sat 11 Aug 2007 88,576 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2286.tmp"
Wed 8 Aug 2007 80,384 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2485.tmp"
Wed 8 Aug 2007 87,040 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2622.tmp"
Sun 12 Aug 2007 85,504 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2827.tmp"
Mon 13 Aug 2007 97,792 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL2969.tmp"
Sun 12 Aug 2007 85,504 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3039.tmp"
Tue 26 Aug 2008 79,872 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3131.tmp"
Wed 27 Aug 2008 92,160 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3270.tmp"
Sun 12 Aug 2007 83,968 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3282.tmp"
Tue 19 Aug 2008 30,720 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3383.tmp"
Tue 8 Aug 2006 91,648 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3470.tmp"
Wed 8 Aug 2007 87,552 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3497.tmp"
Wed 2 Aug 2006 63,488 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3501.tmp"
Tue 19 Aug 2008 82,944 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3871.tmp"
Sun 12 Aug 2007 85,504 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3907.tmp"
Sat 11 Aug 2007 89,088 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL3909.tmp"
Sun 12 Aug 2007 85,504 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\duane sports\~WRL4085.tmp"
Mon 8 Sep 2008 139,776 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL0130.tmp"
Mon 8 Sep 2008 137,728 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL0409.tmp"
Mon 8 Sep 2008 137,728 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL0425.tmp"
Wed 6 Apr 2005 70,656 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL0537.tmp"
Sun 10 Apr 2005 131,072 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL0755.tmp"
Mon 8 Sep 2008 141,824 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1290.tmp"
Mon 8 Sep 2008 135,680 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1301.tmp"
Mon 8 Sep 2008 160,256 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1435.tmp"
Mon 8 Sep 2008 136,192 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1488.tmp"
Mon 8 Sep 2008 136,192 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1727.tmp"
Mon 8 Sep 2008 136,192 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1731.tmp"
Mon 8 Sep 2008 173,056 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1781.tmp"
Wed 7 Nov 2007 55,808 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1800.tmp"
Mon 8 Sep 2008 140,288 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1838.tmp"
Mon 8 Sep 2008 135,168 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1965.tmp"
Mon 8 Sep 2008 161,792 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL1991.tmp"
Mon 8 Sep 2008 141,824 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2359.tmp"
Mon 8 Sep 2008 135,168 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2362.tmp"
Mon 8 Sep 2008 156,160 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2390.tmp"
Mon 8 Sep 2008 137,728 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2427.tmp"
Mon 8 Sep 2008 142,336 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2428.tmp"
Mon 8 Sep 2008 133,632 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2468.tmp"
Mon 8 Sep 2008 142,336 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2698.tmp"
Sun 10 Apr 2005 44,544 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2839.tmp"
Mon 8 Sep 2008 137,728 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL2875.tmp"
Sun 10 Apr 2005 130,560 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3031.tmp"
Mon 8 Sep 2008 161,792 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3170.tmp"
Mon 8 Sep 2008 174,080 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3206.tmp"
Mon 8 Sep 2008 134,144 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3341.tmp"
Mon 8 Sep 2008 136,192 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3429.tmp"
Mon 8 Sep 2008 136,192 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3494.tmp"
Mon 8 Sep 2008 139,776 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\NorCal\~WRL3711.tmp"
Wed 21 Jan 2009 289,792 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL0003.tmp"
Sun 11 May 2008 192,000 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL0111.tmp"
Wed 23 Jan 2008 392,704 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL0203.tmp"
Wed 21 Jan 2009 290,304 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL1171.tmp"
Wed 21 Jan 2009 294,400 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL1465.tmp"
Fri 3 Nov 2006 64,000 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL1674.tmp"
Wed 21 Jan 2009 292,864 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL2066.tmp"
Wed 21 Jan 2009 291,840 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL2581.tmp"
Wed 21 Jan 2009 293,376 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL2830.tmp"
Wed 21 Jan 2009 291,840 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL2878.tmp"
Wed 21 Jan 2009 293,888 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL2966.tmp"
Fri 3 Nov 2006 55,808 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL3173.tmp"
Wed 21 Jan 2009 294,912 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL3867.tmp"
Wed 21 Jan 2009 291,840 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL3879.tmp"
Wed 21 Jan 2009 291,840 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL3890.tmp"
Wed 21 Jan 2009 292,864 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Paul stuff\~WRL4100.tmp"
Mon 25 Jul 2005 33,792 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0084.tmp"
Tue 8 Jan 2008 94,208 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0087.tmp"
Tue 8 Jan 2008 104,448 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0155.tmp"
Thu 13 Dec 2007 37,888 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0240.tmp"
Tue 14 Jun 2005 37,888 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0311.tmp"
Tue 8 Jan 2008 72,704 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0397.tmp"
Tue 19 Aug 2008 346,112 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0606.tmp"
Tue 8 Jan 2008 156,672 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL0921.tmp"
Thu 13 Dec 2007 29,696 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1048.tmp"
Tue 8 Jan 2008 185,344 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1200.tmp"
Thu 13 Dec 2007 38,400 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1221.tmp"
Mon 25 Jul 2005 28,672 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1322.tmp"
Tue 8 Jan 2008 76,288 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1350.tmp"
Tue 4 Sep 2007 7,215,616 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1357.tmp"
Tue 8 Jan 2008 165,888 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1502.tmp"
Mon 25 Jul 2005 28,672 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1717.tmp"
Mon 12 May 2008 72,704 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1797.tmp"
Tue 8 Jan 2008 134,144 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1849.tmp"
Thu 13 Dec 2007 53,248 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1861.tmp"
Mon 12 May 2008 58,368 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL1914.tmp"
Mon 12 May 2008 44,544 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2073.tmp"
Tue 8 Jan 2008 156,672 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2223.tmp"
Tue 8 Jan 2008 78,336 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2281.tmp"
Tue 8 Jan 2008 113,152 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2615.tmp"
Wed 22 Mar 2006 27,648 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2692.tmp"
Tue 8 Jan 2008 124,416 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL2999.tmp"
Tue 8 Jan 2008 179,712 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3259.tmp"
Thu 13 Dec 2007 72,704 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3278.tmp"
Tue 8 Jan 2008 174,080 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3402.tmp"
Mon 12 May 2008 74,752 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3667.tmp"
Mon 12 May 2008 70,656 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3720.tmp"
Thu 13 Dec 2007 62,464 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3786.tmp"
Thu 13 Dec 2007 45,056 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Port\~WRL3816.tmp"
Sat 10 Jan 2009 26,112 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\sandul book\~WRL2529.tmp"
Tue 10 Oct 2006 62,464 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL0005.tmp"
Wed 9 Apr 2008 47,616 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL0671.tmp"
Wed 9 Apr 2008 43,520 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL1799.tmp"
Wed 7 Nov 2007 32,768 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL2269.tmp"
Sat 7 May 2005 30,208 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL2414.tmp"
Sat 7 May 2005 30,208 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL2894.tmp"
Fri 22 Feb 2008 31,744 ...H. --- "C:\Documents and Settings\The Sandul Company\My Documents\Sbsa\~WRL2954.tmp"
Fri 7 Dec 2007 45,568 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\spanish\~WRL1811.tmp"
Fri 14 Dec 2007 27,648 A..H. --- "C:\Documents and Settings\The Sandul Company\My Documents\spanish\~WRL1994.tmp"
Sun 23 Nov 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 23 Nov 2003 206,370 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Mon 17 May 2004 30,208 A..H. --- "C:\Documents and Settings\The Sandul Company\Application Data\Microsoft\Word\~WRL0002.tmp"
Sat 20 Dec 2008 96,072 A..H. --- "C:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exe"
Fri 19 Sep 2003 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Fri 19 Sep 2003 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Fri 19 Sep 2003 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 19 Sep 2003 8 A..H. --- "C:\Documents and Settings\Administrator\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sat 6 Oct 2007 8 A..H. --- "C:\Documents and Settings\The Sandul Company\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"

Finished!

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 02 February 2009 - 10:51 PM

It seems that you have a rootkit inside the computer.. Please complete my previous instruction and post the remaining logs here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 08:06 AM

MalwareBytes Log ....


Malwarebytes' Anti-Malware 1.33
Database version: 1717
Windows 5.1.2600 Service Pack 2

2/3/2009 7:04:38 AM
mbam-log-2009-02-03 (07-04-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 237795
Time elapsed: 3 hour(s), 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 08:11 AM

RSIT Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by The Sandul Company at 2009-02-03 07:08:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 199 GB (84%) free of 238 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:33 AM, on 2/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1132071867\ee\AOLDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\The Sandul Company\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\The Sandul Company.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...jPL+Xs/Taqezbb7
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1....ns.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233595623796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37460.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-mx/mx/games2.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...642/mcfscan.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/MX14_100.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karina.dat
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: lhfqsmfh - lhfqsmfh32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9920 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1101155738.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1117734708.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2003-09-20 1078552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe [2008-06-24 41824]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 1273488]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2003-09-20 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MCVSRte"=2
"mcupdmgr.exe"=3
"McShield"=3
"ITMRTSVC"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Documents and Settings\The Sandul Company\Start Menu\Programs\Startup
AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karina.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2003-09-20 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lhfqsmfh]
lhfqsmfh32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E450D975-960F-4932-9197-1758F370E32C}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acup.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ijd58.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winat64.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\acup.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ijd58.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winat64.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FT Desktop news alerts\ftnewsalerts.exe"="C:\Program Files\FT Desktop news alerts\ftnewsalerts.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0b\waol.exe"="C:\Program Files\America Online 9.0b\waol.exe:*:Enabled:America Online 9.0b"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:America Online 9.0c"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0"
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe:*:Disabled:HP Framework Component Manager Service"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\AOL\1132071867\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1132071867\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe"="C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe:*:Disabled:HP Task Management Component"
"C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe:*:Disabled:CounterSpy Threat Audit Engine"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\1132071867\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1132071867\ee\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Common Files\AOL\1132071867\ee\AOLDesktop.exe"="C:\Program Files\Common Files\AOL\1132071867\ee\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Documents and Settings\The Sandul Company\Local Settings\Temp\.tt350.tmp"="C:\Documents and Settings\The Sandul Company\Local Settings\Temp\.tt350.tmp:*:Enabled:enable"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FT Desktop news alerts\ftnewsalerts.exe"="C:\Program Files\FT Desktop news alerts\ftnewsalerts.exe"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-03 07:08:18 ----D---- C:\rsit
2009-02-03 06:13:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-03 06:13:18 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-03 06:13:17 ----D---- C:\WINDOWS\LastGood
2009-02-02 13:39:54 ----D---- C:\WINDOWS\Prefetch
2009-02-02 13:12:48 ----A---- C:\WINDOWS\system32\xpsp2res.dll
2009-02-02 13:12:48 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\nslookup.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\msgsvc.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\locator.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\localspl.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\imagehlp.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\ftp.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\format.com
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\csrsrv.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\comdlg32.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\comctl32.dll
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\cmd.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\cacls.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\autoconv.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\autochk.exe
2009-02-02 13:12:00 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-02 13:11:59 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\win32spl.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\userinit.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\untfs.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\ulib.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\srvsvc.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\smss.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\setupapi.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\services.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\schannel.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\scardsvr.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\savedump.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\samsrv.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\samlib.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rshx32.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rastapi.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rasman.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rasauto.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\rasapi32.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\printui.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\perfctrs.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\olecnv32.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\nwprovau.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\ntvdm.exe
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\ntprint.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2009-02-02 13:11:59 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-02 13:11:58 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-02 13:11:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-02 13:11:58 ----A---- C:\WINDOWS\system32\hal.dll
2009-02-02 13:11:58 ----A---- C:\WINDOWS\system32\asfsipc.dll
2009-02-02 09:49:33 ----N---- C:\WINDOWS\system32\_004277_.tmp.dll
2009-02-02 09:49:33 ----N---- C:\WINDOWS\system32\_004276_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004274_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004269_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004268_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004267_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004266_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004265_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004262_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004261_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004260_.tmp.dll
2009-02-02 09:49:03 ----N---- C:\WINDOWS\system32\_004259_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004257_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004254_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004252_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004251_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004247_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004246_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004243_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004241_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004240_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004239_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004235_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004234_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004226_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004225_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004218_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004217_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004215_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004200_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004197_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004196_.tmp.dll
2009-02-02 09:49:02 ----N---- C:\WINDOWS\system32\_004193_.tmp.dll
2009-02-01 07:52:26 ----D---- C:\Program Files\Windows Installer Clean Up
2009-02-01 06:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-27 21:10:04 ----A---- C:\WINDOWS\cjalwn.txt
2009-01-27 20:49:47 ----D---- C:\Program Files\Uniblue
2009-01-27 15:29:15 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-27 15:29:14 ----D---- C:\Documents and Settings\The Sandul Company\Application Data\Uniblue
2009-01-14 18:44:46 ----D---- C:\Program Files\QuickTime
2009-01-13 07:18:50 ----A---- C:\Program Files\pvpgfqh.txt
2008-12-31 07:04:12 ----D---- C:\Documents and Settings\The Sandul Company\Application Data\Share-to-Web Upload Folder
2008-12-20 18:32:29 ----D---- C:\Program Files\AOL Toolbar
2008-12-10 06:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 06:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 06:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 06:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-12 06:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 06:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 3 months======

2009-02-03 07:04:17 ----HD---- C:\$AVG8.VAULT$
2009-02-03 06:13:19 ----D---- C:\WINDOWS\Temp
2009-02-03 06:13:19 ----AD---- C:\WINDOWS\SYSTEM32
2009-02-03 06:13:17 ----HD---- C:\WINDOWS\INF
2009-02-03 06:13:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 06:13:17 ----AD---- C:\WINDOWS
2009-02-02 19:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 16:36:19 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 16:32:03 ----D---- C:\SDFix
2009-02-02 16:20:47 ----D---- C:\WINDOWS\system32\INETSRV
2009-02-02 14:55:43 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 13:53:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 13:52:54 ----SHD---- C:\WINDOWS\Installer
2009-02-02 13:52:54 ----D---- C:\Config.Msi
2009-02-02 13:52:46 ----D---- C:\Program Files\Messenger
2009-02-02 13:52:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 13:50:29 ----RSD---- C:\WINDOWS\assembly
2009-02-02 13:50:19 ----A---- C:\WINDOWS\WIN.INI
2009-02-02 13:49:49 ----D---- C:\Program Files\Microsoft Works
2009-02-02 13:49:46 ----RSD---- C:\WINDOWS\Fonts
2009-02-02 13:49:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-02 13:39:21 ----D---- C:\WINDOWS\system32\WBEM
2009-02-02 13:39:21 ----D---- C:\WINDOWS\AppPatch
2009-02-02 13:39:20 ----D---- C:\WINDOWS\system32\Setup
2009-02-02 13:39:11 ----D---- C:\WINDOWS\IME
2009-02-02 13:37:45 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-02 13:33:25 ----D---- C:\WINDOWS\WinSxS
2009-02-02 13:33:17 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-02-02 13:33:16 ----D---- C:\WINDOWS\system32\bits
2009-02-02 13:32:51 ----D---- C:\WINDOWS\system32\USMT
2009-02-02 13:32:47 ----D---- C:\WINDOWS\system32\Restore
2009-02-02 13:32:47 ----D---- C:\WINDOWS\system32\OOBE
2009-02-02 13:32:46 ----D---- C:\WINDOWS\system32\NPP
2009-02-02 13:32:42 ----D---- C:\WINDOWS\system32\en-US
2009-02-02 13:32:42 ----D---- C:\WINDOWS\system32\DRIVERS
2009-02-02 13:32:35 ----D---- C:\WINDOWS\system32\Com
2009-02-02 13:31:16 ----D---- C:\WINDOWS\SYSTEM
2009-02-02 13:31:16 ----D---- C:\WINDOWS\SRCHASST
2009-02-02 13:28:51 ----D---- C:\WINDOWS\PeerNet
2009-02-02 13:28:50 ----D---- C:\WINDOWS\network diagnostic
2009-02-02 13:28:50 ----D---- C:\WINDOWS\MUI
2009-02-02 13:28:48 ----D---- C:\WINDOWS\MSAGENT
2009-02-02 13:28:42 ----D---- C:\WINDOWS\Help
2009-02-02 13:28:37 ----D---- C:\Program Files\Windows NT
2009-02-02 13:28:37 ----D---- C:\Program Files\Windows Media Player
2009-02-02 13:28:36 ----D---- C:\Program Files\Outlook Express
2009-02-02 13:28:35 ----D---- C:\Program Files\NetMeeting
2009-02-02 13:28:32 ----D---- C:\Program Files\Movie Maker
2009-02-02 13:28:26 ----D---- C:\Program Files\Common Files\System
2009-02-02 13:27:45 ----D---- C:\WINDOWS\system32\scripting
2009-02-02 13:27:45 ----D---- C:\WINDOWS\system32\en
2009-02-02 13:27:43 ----D---- C:\WINDOWS\l2schemas
2009-02-02 13:27:37 ----SD---- C:\WINDOWS\Tasks
2009-02-02 13:24:51 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-02-02 13:15:44 ----D---- C:\WINDOWS\SECURITY
2009-02-02 13:15:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 13:11:36 ----D---- C:\WINDOWS\EHome
2009-02-02 11:27:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-02 11:17:34 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-02-02 10:59:29 ----SHD---- C:\RECYCLER
2009-02-02 10:57:40 ----A---- C:\WINDOWS\imsins.BAK
2009-02-01 07:52:26 ----AD---- C:\Program Files
2009-02-01 07:52:13 ----D---- C:\Program Files\MSECache
2009-02-01 07:38:07 ----D---- C:\Program Files\Common Files
2009-02-01 07:38:06 ----D---- C:\Documents and Settings\The Sandul Company\Application Data\SUPERAntiSpyware.com
2009-02-01 07:38:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-01 06:03:23 ----D---- C:\WINDOWS\ie7updates
2009-02-01 06:03:22 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-31 18:15:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-29 17:23:23 ----A---- C:\WINDOWS\QUICKEN.INI
2009-01-29 17:19:37 ----D---- C:\Program Files\Quicken
2009-01-29 12:35:28 ----D---- C:\WINDOWS\Registration
2009-01-29 12:03:22 ----SHD---- C:\WINDOWS\CSC
2009-01-27 16:17:53 ----A---- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
2009-01-27 15:33:15 ----D---- C:\WINDOWS\system32\CONFIG
2009-01-25 14:46:38 ----D---- C:\Documents and Settings\The Sandul Company\Application Data\AdobeUM
2009-01-23 16:30:10 ----RASH---- C:\BOOT.INI
2009-01-23 16:30:10 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-20 17:12:28 ----D---- C:\Program Files\Pure Networks
2009-01-20 16:05:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-20 15:55:19 ----D---- C:\Program Files\Common Files\Apple
2009-01-20 15:55:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-20 15:51:46 ----D---- C:\Program Files\Citrix
2009-01-17 07:23:57 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-26 17:52:27 ----D---- C:\unzipped
2008-12-20 20:00:10 ----D---- C:\Program Files\AOL
2008-12-20 18:31:17 ----D---- C:\Program Files\Common Files\AOL
2008-12-20 17:50:13 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-12-14 16:51:02 ----D---- C:\PM65
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 06:01:08 ----D---- C:\Program Files\Internet Explorer
2008-12-06 23:28:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-17 21:34:42 ----D---- C:\Documents and Settings\The Sandul Company\Application Data\TmpRecentIcons
2008-11-12 15:44:45 ----D---- C:\BACKUP
2008-11-12 06:03:09 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-05 15:46:51 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-11-04 07:17:22 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-05-21 43672]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2003-09-20 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2003-09-20 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2003-09-20 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-01-07 166016]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 catchme;catchme; \??\C:\DOCUME~1\THESAN~1\LOCALS~1\Temp\catchme.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-02-20 135040]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-03-26 498688]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-02-20 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-02-20 135248]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-02-20 116000]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-03-26 823616]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-03-26 141536]
R3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys [2005-02-03 5760]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-26 189504]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-21 9856]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-18 578176]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-03 42496]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-05-12 1198080]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [2001-08-23 50704]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [2001-08-23 15984]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2001-08-23 50211]
S3 Dot4Usb HPH09;Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [2001-08-23 18864]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-07-16 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-07-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-07-16 21488]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\system32\drivers\iAimTV2.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2003-09-20 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2003-09-20 298264]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-01-01 290816]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2006-11-20 33280]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-05-12 368640]
S2 ATI Smart;ATI Smart; C:\WINDOWS\SYSTEM32\ati2sgag.exe [2005-05-12 516096]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver;Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [2001-08-23 77824]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#7 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 08:12 AM

RSIT Info.txt


info.txt logfile of random's system information tool 1.05 2009-02-03 07:08:36

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S
-->C:\Program Files\AOL Toolbar\uninstall.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{C8D79874-7F2B-4346-99F1-DAA8AABF9DCA}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Interactive Forms Update SP1-->MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603}
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -fC:\PM65\DeIsL1.isu
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Amigos Spanish 3.0-->"C:\Program Files\Amigos\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Pictures Tools (version 10.1.0.0)-->C:\Program Files\AOL Pictures\10_1_0_0a\aolpInstaller.exe /u
AOL Registration-->C:\Program Files\AOL Toolbar\uninstall.exe
AOL Toolbar for Internet Explorer-->"C:\Program Files\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Belkin Mouse 1.0-->C:\Program Files\Belkin Mouse 1.0\uninst00.exe
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Business Contact Manager for Outlook 2003-->MsiExec.exe /I{66563AD8-637B-407F-BCA7-0233A16891AB}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Classic PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
DAO-->MsiExec.exe /I{64116298-93C5-401D-B06C-39D8E3338508}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell P1500 factory-installed files-->MsiExec.exe /X{BA40EF3D-18CE-4D05-87FA-374EC2E642C7}
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Printer Software Uninstall-->C:\Program Files\Dell\Install\uninstall.exe
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DiskMonitor (remove only)-->C:\Program Files\Common Files\AOL\1132071867\ee\uninstall.exe -diskmonitor
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DS21Patch-->MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Scanner Reference Guide-->C:\Program Files\epson\guide\uninstall.exe
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HomePage Utility (remove only)-->C:\Program Files\Common Files\AOL\1132071867\ee\uninstall.exe -homepage
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp photosmart printer series (Remove only)-->C:\Program Files\hp photosmart\printer\hphuni03.exe
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{6CF9C6C0-54E5-4668-85C1-C10F63C40155}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
HP Smart Web Printing-->msiexec /i{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
InstallShield Tuner 6.0.1 For Adobe Acrobat-->MsiExec.exe /X{E32FC3D8-D106-425E-9F9E-8BE6E2E79AC9}
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Kensington MouseWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MexConnect Toolbar-->MsiExec.exe /I{12F1415C-8FB8-4A12-8C14-144F8A1C092E}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Producer for Microsoft Office PowerPoint 2003-->MsiExec.exe /I{155FBB0D-0EE9-42D1-9E41-15E08F691033}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton SystemWorks 2003-->MsiExec.exe /I{43C3D832-AC96-463A-2003-1B8D1BFA252F}
Opera 9.02-->MsiExec.exe /X{F4EE98D3-507A-4160-8F65-710C37A8FBB8}
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Reader Drivers and Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8811C6B-4C6F-11D6-830E-0050DABBB449}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SanDisk ImageMate Reader/Writer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\setup.exe"
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939373)-->"C:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"C:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"C:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\setup.exe" -l0x9
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StreetSmart Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{664708B3-C730-11D5-ADE7-00B0D07D157A}\setup.exe" -l0x9
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Webcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{200E0DC2-2223-11D6-830E-0050DABBB449}\Setup.exe"
WebUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBAD6496-1968-46F7-A23F-9BE02F85001D}\Setup.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: DUANESANDUL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00101807E180. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141405
Source Name: Dhcp
Time Written: 20090126170858.000000-360
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00101807E180. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141404
Source Name: Dhcp
Time Written: 20090126170858.000000-360
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00101807E180. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141403
Source Name: Dhcp
Time Written: 20090126170823.000000-360
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00101807E180. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141402
Source Name: Dhcp
Time Written: 20090126170727.000000-360
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00101807E180. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 141401
Source Name: Dhcp
Time Written: 20090126170617.000000-360
Event Type: warning
User:

Application event log

Computer Name: DUANESANDUL
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 3919
Source Name: EvntAgnt
Time Written: 20080618093049.000000-300
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 3918
Source Name: EvntAgnt
Time Written: 20080618093049.000000-300
Event Type: warning
User:

Computer Name: DUANESANDUL
Event Code: 3
Message: The service was started.

Record Number: 3917
Source Name: NProtectService
Time Written: 20080618093045.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: DUANESANDUL
Event Code: 1
Message:
Record Number: 3916
Source Name: AVGEMS
Time Written: 20080618093042.000000-300
Event Type: information
User:

Computer Name: DUANESANDUL
Event Code: 105
Message: The service was started.

Record Number: 3915
Source Name: Creative Service for CDROM Access
Time Written: 20080618093041.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.5.001
"SESSIONID"=1135023413311htx60601a16b0d:1084d643c01:-954
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\THESAN~1\LOCALS~1\Temp\radCFF82.tmp
"TOOLPATH"=/C:\Program%20Files\HP\HP%20Software%20Update\install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.20030625
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"MIGO_DRIVE"=H
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 February 2009 - 10:08 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 11:29 AM

ComboFix Log. BTW does this *identify* problems or *fix* problems?


ComboFix 09-02-02.04 - The Sandul Company 2009-02-03 9:54:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1527 [GMT -6:00]
Running from: c:\documents and settings\The Sandul Company\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\_004180_.tmp.dll
c:\windows\system32\_004181_.tmp.dll
c:\windows\system32\_004182_.tmp.dll
c:\windows\system32\_004183_.tmp.dll
c:\windows\system32\_004190_.tmp.dll
c:\windows\system32\_004191_.tmp.dll
c:\windows\system32\_004192_.tmp.dll
c:\windows\system32\_004193_.tmp.dll
c:\windows\system32\_004194_.tmp.dll
c:\windows\system32\_004195_.tmp.dll
c:\windows\system32\_004196_.tmp.dll
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004201_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004262_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004268_.tmp.dll
c:\windows\system32\_004269_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_006616_.tmp.dll
c:\windows\system32\_006617_.tmp.dll
c:\windows\system32\_006618_.tmp.dll
c:\windows\system32\_006619_.tmp.dll
c:\windows\system32\_006626_.tmp.dll
c:\windows\system32\_006628_.tmp.dll
c:\windows\system32\_006629_.tmp.dll
c:\windows\system32\_006631_.tmp.dll
c:\windows\system32\_006632_.tmp.dll
c:\windows\system32\_006635_.tmp.dll
c:\windows\system32\_006636_.tmp.dll
c:\windows\system32\_006638_.tmp.dll
c:\windows\system32\_006639_.tmp.dll
c:\windows\system32\_006640_.tmp.dll
c:\windows\system32\_006642_.tmp.dll
c:\windows\system32\_006643_.tmp.dll
c:\windows\system32\_006645_.tmp.dll
c:\windows\system32\_006646_.tmp.dll
c:\windows\system32\_006650_.tmp.dll
c:\windows\system32\_006651_.tmp.dll
c:\windows\system32\_006653_.tmp.dll
c:\windows\system32\_006656_.tmp.dll
c:\windows\system32\_006658_.tmp.dll
c:\windows\system32\_006660_.tmp.dll
c:\windows\system32\_006661_.tmp.dll
c:\windows\system32\_006662_.tmp.dll
c:\windows\system32\_006665_.tmp.dll
c:\windows\system32\_006666_.tmp.dll
c:\windows\system32\_006667_.tmp.dll
c:\windows\system32\_006668_.tmp.dll
c:\windows\system32\_006669_.tmp.dll
c:\windows\system32\_006674_.tmp.dll
c:\windows\system32\_006676_.tmp.dll
c:\windows\system32\_006677_.tmp.dll
c:\windows\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Legacy_TCPSR
-------\Legacy_TDSSSERV
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 07:14 . 2009-02-03 08:17 250 --a------ c:\windows\gmer.ini
2009-02-03 07:08 . 2009-02-03 07:08 <DIR> d-------- C:\rsit
2009-02-03 06:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2009-02-03 06:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2009-02-02 13:11 . 2008-08-14 03:58 2,136,064 --a------ c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-02 10:58 . 2009-02-02 10:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-02-02 09:49 . 2004-08-04 00:00 71,040 --------- c:\windows\SYSTEM32\DRIVERS\_004164_.tmp.dll
2009-02-01 07:52 . 2009-02-01 07:52 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-01-27 21:10 . 2009-01-27 21:10 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\pejc.sys
2009-01-27 20:49 . 2009-02-01 07:40 <DIR> d-------- c:\program files\Uniblue
2009-01-27 15:29 . 2009-02-01 07:40 <DIR> d-------- c:\documents and settings\The Sandul Company\Application Data\Uniblue
2009-01-27 15:29 . 2009-02-01 07:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-23 15:11 . 2009-01-23 15:11 <DIR> d-------- c:\documents and settings\The Sandul Company\X86
2009-01-23 15:11 . 2009-01-23 15:11 <DIR> d-------- c:\documents and settings\The Sandul Company\X64
2009-01-14 18:44 . 2009-01-14 18:45 <DIR> d-------- c:\program files\QuickTime
2009-01-13 07:18 . 2009-01-13 07:18 61,440 --a------ c:\windows\SYSTEM32\DRIVERS\isrvbkne.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 01:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-02 19:49 --------- d-----w c:\program files\Microsoft Works
2009-02-02 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-01 13:52 --------- d-----w c:\program files\MSECache
2009-02-01 13:38 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-01 13:38 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\SUPERAntiSpyware.com
2009-01-29 23:19 --------- d-----w c:\program files\Quicken
2009-01-25 20:46 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\AdobeUM
2009-01-21 00:02 2,921 ----a-w c:\windows\panose.bin
2009-01-20 23:12 --------- d-----w c:\program files\Pure Networks
2009-01-20 22:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 21:55 --------- d-----w c:\program files\Common Files\Apple
2009-01-20 21:51 --------- d-----w c:\program files\Citrix
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-13 13:18 238 ----a-w c:\program files\pvpgfqh.txt
2008-12-31 13:04 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\Share-to-Web Upload Folder
2008-12-21 00:32 --------- d-----w c:\program files\AOL Toolbar
2008-12-21 00:31 --------- d-----w c:\program files\Common Files\AOL
2008-12-20 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 05:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-28 00:01 75,032 ----a-w c:\documents and settings\The Sandul Company\Autorun.exe
2006-12-20 19:30 56,912 ----a-w c:\documents and settings\The Sandul Company\g2mdlhlpx.exe
2005-08-22 14:55 774,144 ----a-w c:\program files\RngInterstitial.dll
2003-09-20 11:42 414 ----a-w c:\program files\utrgit.txt
2004-01-30 17:27 32 --sha-w c:\windows\{2084EEA7-18F2-40FB-9976-73D8A4DB409E}.dat
2004-01-30 17:27 32 --sha-w c:\windows\{7BE1D833-981C-4D9B-B4EB-EF6AF07E45E6}.dat
2004-01-30 17:27 32 --sha-w c:\windows\SYSTEM32\{AE1E87C3-5D12-4DDD-BF73-4C5C3646870E}.dat
2004-01-30 17:27 32 --sha-w c:\windows\SYSTEM32\{EB7D1173-C123-4C0C-9669-B8C5DD4B8845}.dat
2004-01-30 17:26 32 --sha-w c:\windows\SYSTEM32\{F0F9B8B3-E83F-4E60-9E6E-972DA2D99C20}.dat
2008-05-12 04:04 114,688 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat
2008-07-11 16:26 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat
2008-07-11 12:10 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071120080712\index.dat
2008-07-18 02:51 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat
2008-07-26 12:21 131,072 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080728\index.dat
2008-07-26 12:21 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072620080727\index.dat
2008-08-04 05:05 81,920 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072820080804\index.dat
2008-08-11 04:59 147,456 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080811\index.dat
2008-08-12 04:50 65,536 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
2008-08-13 04:31 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
2008-08-14 04:45 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081320080814\index.dat
2008-08-14 10:46 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081420080815\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{63ABC93A-9069-42F1-BBD9-B81D97C48ACB}"= "c:\program files\MexConnect Toolbar\toolbar.dll" [2003-04-18 200704]

[HKEY_CLASSES_ROOT\clsid\{63abc93a-9069-42f1-bbd9-b81d97c48acb}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1132071867\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-01-14 1273488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2003-09-20 1601304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]

c:\documents and settings\The Sandul Company\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-21 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-29 57344]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2003-09-20 02:22 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"ITMRTSVC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-06-21 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-06-21 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2003-09-20 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2003-09-20 298264]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2004-01-30 135168]
S0 ugis;ugis;c:\windows\system32\drivers\wuxtz.sys --> c:\windows\system32\drivers\wuxtz.sys [?]
S2 mrtRate;mrtRate; [x]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [2003-11-21 18864]
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-22 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1101155738.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 13:54]

2009-02-02 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1117734708.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 13:54]

2003-11-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 01:56]

2009-01-23 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-09-29 22:57]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{E450D975-960F-4932-9197-1758F370E32C} - (no file)
Notify-dimsntfy - (no file)
Notify-lhfqsmfh - lhfqsmfh32.dll
SafeBoot-acup.sys
SafeBoot-Ijd58.sys
SafeBoot-Winat64.sys


.
------- Supplementary Scan -------
.
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwHECjUPqKhQ8+F2Bkm7EgMdIXvUlGse2gxmBQOlew8yRP8+dQx6oo8Jmm8uQ+/g/MIbd2CUeIznGHjKS2fjPL+Xs/Taqezbb7
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37460.cab
DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} - hxxp://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
FF - ProfilePath - c:\documents and settings\The Sandul Company\Application Data\Mozilla\Firefox\Profiles\default.v5i\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://64.233.169.104/
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 09:59:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\lexbces.exE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\windows\SYSTEM32\INETSRV\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\SYSTEM32\snmp.exe
c:\progra~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\windows\SYSTEM32\dllhost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\WBEM\wmiapsrv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\AOL\1132071867\ee\AOLDesktop.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-02-03 10:05:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-03 16:05:55

Pre-Run: 208,745,431,040 bytes free
Post-Run: 208,714,682,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
361 --- E O F --- 2009-02-03 14:23:08

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 February 2009 - 11:52 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
ugis

File::
c:\windows\SYSTEM32\DRIVERS\isrvbkne.sys
c:\windows\SYSTEM32\DRIVERS\pejc.sys
c:\windows\SYSTEM32\DRIVERS\_004164_.tmp.dll
c:\program files\pvpgfqh.txt
c:\documents and settings\The Sandul Company\Autorun.exe
c:\windows\system32\drivers\wuxtz.sys
c:\windows\{2084EEA7-18F2-40FB-9976-73D8A4DB409E}.dat
c:\windows\{7BE1D833-981C-4D9B-B4EB-EF6AF07E45E6}.dat
c:\windows\SYSTEM32\{AE1E87C3-5D12-4DDD-BF73-4C5C3646870E}.dat
c:\windows\SYSTEM32\{EB7D1173-C123-4C0C-9669-B8C5DD4B8845}.dat
c:\windows\SYSTEM32\{F0F9B8B3-E83F-4E60-9E6E-972DA2D99C20}.dat

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 02:16 PM

*NEW* HijackThis log after running ComboFiz as above


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:55 PM, on 2/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\AOL\1132071867\ee\AOLDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...jPL+Xs/Taqezbb7
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132071867\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1....ns.10.1.0.0.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233595623796
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37460.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/ac...nd/MSSurVid.cab
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors.com/member/ocx/plotwon.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...642/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9443 bytes

#12 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 03 February 2009 - 02:32 PM

*NEW* ComboFix Log after running ComboFix per above.
Am I cured???

ComboFix 09-02-02.04 - The Sandul Company 2009-02-03 13:18:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1490 [GMT -6:00]
Running from: c:\documents and settings\The Sandul Company\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 07:14 . 2009-02-03 08:17 250 --a------ c:\windows\gmer.ini
2009-02-03 07:08 . 2009-02-03 07:08 <DIR> d-------- C:\rsit
2009-02-03 06:13 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2009-02-03 06:13 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2009-02-02 13:11 . 2008-08-14 03:58 2,136,064 --a------ c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-02 10:58 . 2009-02-02 10:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-02-01 07:52 . 2009-02-01 07:52 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-01-27 20:49 . 2009-02-01 07:40 <DIR> d-------- c:\program files\Uniblue
2009-01-27 15:29 . 2009-02-01 07:40 <DIR> d-------- c:\documents and settings\The Sandul Company\Application Data\Uniblue
2009-01-27 15:29 . 2009-02-01 07:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-23 15:11 . 2009-01-23 15:11 <DIR> d-------- c:\documents and settings\The Sandul Company\X86
2009-01-23 15:11 . 2009-01-23 15:11 <DIR> d-------- c:\documents and settings\The Sandul Company\X64
2009-01-14 18:44 . 2009-01-14 18:45 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 19:13 --------- d-----w c:\program files\EPSON
2009-02-03 01:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-02 19:49 --------- d-----w c:\program files\Microsoft Works
2009-02-02 17:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-01 13:52 --------- d-----w c:\program files\MSECache
2009-02-01 13:38 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-01 13:38 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\SUPERAntiSpyware.com
2009-01-29 23:19 --------- d-----w c:\program files\Quicken
2009-01-25 20:46 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\AdobeUM
2009-01-21 00:02 2,921 ----a-w c:\windows\panose.bin
2009-01-20 23:12 --------- d-----w c:\program files\Pure Networks
2009-01-20 22:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 21:55 --------- d-----w c:\program files\Common Files\Apple
2009-01-20 21:51 --------- d-----w c:\program files\Citrix
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-31 13:04 --------- d-----w c:\documents and settings\The Sandul Company\Application Data\Share-to-Web Upload Folder
2008-12-21 00:32 --------- d-----w c:\program files\AOL Toolbar
2008-12-21 00:31 --------- d-----w c:\program files\Common Files\AOL
2008-12-20 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-07 05:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 13:40 12,406 ----a-w c:\windows\SYSTEM32\rfs.bin
2006-12-20 19:30 56,912 ----a-w c:\documents and settings\The Sandul Company\g2mdlhlpx.exe
2005-08-22 14:55 774,144 ----a-w c:\program files\RngInterstitial.dll
2003-09-20 11:42 414 ----a-w c:\program files\utrgit.txt
2008-05-12 04:04 114,688 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat
2008-07-11 16:26 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat
2008-07-11 12:10 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071120080712\index.dat
2008-07-18 02:51 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat
2008-07-26 12:21 131,072 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072120080728\index.dat
2008-07-26 12:21 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072620080727\index.dat
2008-08-04 05:05 81,920 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008072820080804\index.dat
2008-08-11 04:59 147,456 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080811\index.dat
2008-08-12 04:50 65,536 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
2008-08-13 04:31 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081220080813\index.dat
2008-08-14 04:45 49,152 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081320080814\index.dat
2008-08-14 10:46 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081420080815\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-03_10.04.36.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-03 15:59:18 225,019 ----a-w c:\windows\SYSTEM32\INETSRV\MetaBase.bin
+ 2009-02-03 19:09:52 225,024 ----a-w c:\windows\SYSTEM32\INETSRV\MetaBase.bin
+ 2009-02-03 19:06:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_1c4.dat
+ 2009-02-03 19:05:53 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{63ABC93A-9069-42F1-BBD9-B81D97C48ACB}"= "c:\program files\MexConnect Toolbar\toolbar.dll" [2003-04-18 200704]

[HKEY_CLASSES_ROOT\clsid\{63abc93a-9069-42f1-bbd9-b81d97c48acb}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1132071867\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-01-14 1273488]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2003-09-20 1601304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-20 218496]

c:\documents and settings\The Sandul Company\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-21 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-11-21 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 233472]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-07-29 57344]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2003-09-20 02:22 10520 c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MCVSRte"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McShield"=3 (0x3)
"ITMRTSVC"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1132071867\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-06-21 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2008-06-21 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2003-09-20 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2003-09-20 298264]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2004-01-30 135168]
S2 mrtRate;mrtRate; [x]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [2003-11-21 18864]
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-22 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1101155738.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 13:54]

2009-02-02 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#hp psc 2400 series#1117734708.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2005-01-12 13:54]

2003-11-23 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-08-04 01:56]

2009-01-23 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-09-29 22:57]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwHECjUPqKhQ8+F2Bkm7EgMdIXvUlGse2gxmBQOlew8yRP8+dQx6oo8Jmm8uQ+/g/MIbd2CUeIznGHjKS2fjPL+Xs/Taqezbb7
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37460.cab
DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} - hxxp://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
FF - ProfilePath - c:\documents and settings\The Sandul Company\Application Data\Mozilla\Firefox\Profiles\default.v5i\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://64.233.169.104/
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 13:22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-03 13:25:17
ComboFix-quarantined-files.txt 2009-02-03 19:24:43
ComboFix2.txt 2009-02-03 18:52:43
ComboFix3.txt 2009-02-03 16:06:00

Pre-Run: 208,799,846,400 bytes free
Post-Run: 208,826,200,064 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
212 --- E O F --- 2009-02-03 14:23:08

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 03 February 2009 - 09:57 PM

Looks good to me.. Lets do an online scan...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 gusz

gusz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:33 PM

Posted 04 February 2009 - 09:59 AM

I did that, and the Eset scanner doesn't run. I installed the ActiveX
control, and thereafter the pane for the scanner displays blank.

I'm using IE7. This could be a security settings problem, or a display
properties problem - Eset is in the EU and I'm in the US.

Appreciate suggestions

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 04 February 2009 - 10:25 PM

Lets do an alternative :thumbup2:


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users