Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

regedit and taskmanager disabled


  • This topic is locked This topic is locked
81 replies to this topic

#1 dashy11

dashy11

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 08 May 2009 - 09:51 AM

1.when i type regedit in run and press enter i get the message "registry editing has been disabled by administrator".i am the only user of the computer.
2.when i press control alt delete i get the message "taskmanager has been disabled by administrator".
3.when i go to safe mode i get a blue screen with the following stop error code.-0x0000007B(0XF78A654,0XC0000034,0X00000000,0X00000000)


DDS (Ver_09-03-16.01) - NTFSx86
Run by Dell at 17:31:23.18 on Fri 05/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {8FAA3717-9266-4D22-A6DB-F347F56DDE7D} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Ask Toolbar: {f4d76f09-7896-458a-890f-e1f05c46069f} - c:\program files\askpbar\bar\1.bin\ASKPBAR.DLL
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: 2nd &Speech Center: {cfe40ed8-564e-4693-a9d9-80db70c8e460} - c:\progra~1\2ndspe~1\tts4ie.dll
TB: {D4919423-011C-4FDA-8AC1-6A37E496EC39} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Copernic Desktop Search - Home: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Copernic Desktop Search - Home: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\GetFlash.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: &WordWeb...
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Download all by Net Transport - c:\program files\xi\nettransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\xi\nettransport 2\NTAddLink.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://tdserver.bitstream.com/tdserver.cab
DPF: {1BF9CDAD-D27D-6C62-74DC-238FB9F90E5B} - hxxp://performanceoptimizer.com/files/PerformanceOptimizerPre_Installer.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173551189890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
Notify: awtuRLDT - awtuRLDT.dll
Notify: igfxcui - igfxdev.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: tfnslopk - {59CA317C-7201-4830-BDF3-B9AFB3FEC008} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dell\applic~1\mozilla\firefox\profiles\ugzsiozk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\dell\application data\mozilla\firefox\profiles\ugzsiozk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\documents and settings\dell\application data\mozilla\firefox\profiles\ugzsiozk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\dell\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dell\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service


============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-08 16:00 16,832 a------- c:\windows\system32\amcompat.tlb
2009-05-08 16:00 23,392 a------- c:\windows\system32\nscompat.tlb
2009-05-08 15:18 <DIR> --dsh--- c:\documents and settings\dell\IECompatCache
2009-05-08 14:49 <DIR> --dsh--- c:\documents and settings\dell\PrivacIE
2009-05-08 14:47 <DIR> --dsh--- c:\documents and settings\dell\IETldCache
2009-05-08 14:44 <DIR> --d----- c:\windows\ie8updates
2009-05-08 14:40 <DIR> -cd-h--- c:\windows\ie8
2009-05-08 14:36 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-08 12:15 <DIR> --d----- c:\program files\FinalUninstaller
2009-05-08 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-05-06 13:14 <DIR> --d----- c:\program files\common files\EzTools
2009-04-21 18:11 47,232 a------- C:\books(3)
2009-04-21 18:11 17,681 a------- C:\books(4)
2009-04-21 18:11 16,612 a------- C:\answer.py
2009-04-21 18:11 17,544 a------- C:\books(1)
2009-04-21 18:11 17,484 a------- C:\books
2009-04-21 18:11 17,467 a------- C:\books(2)
2009-04-21 18:04 <DIR> --d----- c:\program files\FlashGet
2009-04-21 17:21 4,726,968 a------- C:\flashget196en.exe
2009-04-18 20:39 <DIR> --d----- c:\program files\SopCast
2009-04-18 15:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TVU Networks
2009-04-18 15:08 <DIR> --d----- c:\docume~1\dell\applic~1\TVU networks
2009-04-16 10:16 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 10:16 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 10:16 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-16 10:15 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 10:15 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-16 10:15 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 10:15 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 10:15 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 10:15 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 10:15 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 10:15 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 10:15 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 10:15 714,752 -------- c:\windows\system32\dllcache\ntdll.dll

==================== Find3M ====================

2009-03-22 16:26 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-03-22 16:26 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-03-22 16:25 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-03-21 17:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 23:56 282,624 a------- c:\windows\stsystra.exe
2009-03-09 23:56 77,824 a------- c:\windows\system32\hkcmd.exe
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 17:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 21:09 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 13:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-09 15:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 15:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 15:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 15:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 14:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 14:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-05-16 14:48 19,586 a------- c:\docume~1\alluse~1\applic~1\dumumi.com
2008-05-16 14:48 18,564 a------- c:\program files\common files\axewivetym._sy
2008-05-16 14:48 18,504 a------- c:\program files\common files\egahuhiqu.vbs
2008-05-16 14:48 17,392 a------- c:\docume~1\alluse~1\applic~1\ruvojug.bat
2008-05-16 14:48 12,588 a------- c:\program files\common files\qapurabe.db
2008-05-16 14:48 11,966 a------- c:\program files\common files\esije.com
2008-05-16 14:48 10,090 a------- c:\docume~1\dell\applic~1\ovydukaki.dll
2007-10-05 13:43 151,552 a------- c:\program files\FLV PlayerFCSetup.exe
2006-11-16 23:28 0 a------- c:\docume~1\dell\applic~1\wklnhst.dat
2008-04-25 16:18 2 a--shrot c:\windows\winstart.bat
2008-05-02 15:45 193,251 a--sh--- c:\windows\system32\lUFgQqss.ini2
2008-07-22 18:07 149,438 a--sh--- c:\windows\system32\UuDdcMoq.ini2
2008-09-17 22:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091720080918\index.dat
2008-07-22 18:05 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2008-07-22 18:05 16,384 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-07-22 18:05 32,768 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 17:32:24.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 11 May 2009 - 04:28 AM

please help me
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 13 May 2009 - 07:53 PM.


#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:24 AM

Posted 14 May 2009 - 02:30 PM

Hello dashy11,

Welcome to the Bleeping computer forum. Sorry for the delay, we have many logs backed up.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 May 2009 - 09:29 AM

Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Disabled!
WindowsLiveOneCaresafetyscanner
NortonGhost10.0
NortonSecurityScan
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.4
Uniblue SpyEraser
Spyware Doctor 5.5
SpywareBlaster v3.5.1
Spy Sweeper
Java™ 6 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot SDHelper is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 23 seconds.
`````````End of Log```````````

#5 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 May 2009 - 09:47 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dell at 2009-05-15 17:39:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 12 GB (22%) free of 54 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:51, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wodUpdSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dell\Desktop\RSIT.exe
C:\Program Files\trend micro\Dell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8FAA3717-9266-4D22-A6DB-F347F56DDE7D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: 2nd &Speech Center - {CFE40ED8-564E-4693-A9D9-80DB70C8E460} - C:\PROGRA~1\2NDSPE~1\tts4ie.dll
O3 - Toolbar: (no name) - {D4919423-011C-4FDA-8AC1-6A37E496EC39} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: Disabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {1BF9CDAD-D27D-6C62-74DC-238FB9F90E5B} - http://performanceoptimizer.com/files/Perf...e_Installer.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1173551189890
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab
O20 - Winlogon Notify: awtuRLDT - awtuRLDT.dll (file missing)
O21 - SSODL: tfnslopk - {59CA317C-7201-4830-BDF3-B9AFB3FEC008} - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo! COM - C:\WINDOWS\system32\wodUpdSv.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 13711 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1577958478-681234045-312922264-1006.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-06-10 187512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-08 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FAA3717-9266-4D22-A6DB-F347F56DDE7D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-05 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F4D76F09-7896-458a-890F-E1F05C46069F} - Ask Toolbar - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL [2007-04-11 241664]
{CFE40ED8-564E-4693-A9D9-80DB70C8E460} - 2nd &Speech Center - C:\PROGRA~1\2NDSPE~1\tts4ie.dll [2007-08-28 510464]
{D4919423-011C-4FDA-8AC1-6A37E496EC39}
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-06-10 457848]
{968631B6-4729-440D-9BF4-251F5593EC9A} - Copernic Desktop Search - Home - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll [2008-09-18 995328]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2009-03-09 77824]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2009-03-09 81920]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2009-03-09 282624]
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe [2009-03-09 221184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-03-09 282624]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2009-03-09 483328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 210328]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe [2008-09-18 1698816]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4543728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0e7d299]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-04-04 165784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayLoad]
C:\DOCUME~1\Dell\LOCALS~1\Temp\atmadm2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe [2006-04-06 1110016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-09 202736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3809280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDInspector.exe]
C:\Program Files\Hard Drive Inspector\HDInspector.exe [2007-06-13 1077248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeKeyLogger]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intelwireless]
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-05-01 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isuspm startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2009-03-09 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechquickcamribbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-11-15 818688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphce40j0eeeg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcomsx]
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
C:\Program Files\McAfee\MSK\MskAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2009-03-09 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe [2005-12-07 1613824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntuser]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SKRSpyWarn]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sma]
C:\Program Files\SKR\sma.exe [2008-05-10 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 138488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintelupdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-05-24 696320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-09-13 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [2009-01-05 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe

C:\Documents and Settings\Dell\Start Menu\Programs\Startup
Disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuRLDT]
awtuRLDT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2007-03-01 233024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
tfnslopk - {59CA317C-7201-4830-BDF3-B9AFB3FEC008}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:ipsec"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svcs32.exe"="G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svcs32.exe:*:Enabled:ipsec"
"C:\progra~1\common~1\instal~1\update~1\isuspm.exe"="C:\progra~1\common~1\instal~1\update~1\isuspm.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Dell\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\Hard Drive Inspector\HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec"
"C:\WINDOWS\stsystra.exe"="C:\WINDOWS\stsystra.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Google Earth\googleearth.exe"="C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe"="C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Enabled:ipsec"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:ipsec"
"C:\Program Files\Spyware Doctor\pctsTray.exe"="C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\fllgvu.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\fllgvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\cryw.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\cryw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winpnbvm.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winpnbvm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\cyya.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\cyya.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\QTSystem\ExportController.exe"="C:\Program Files\QuickTime\QTSystem\ExportController.exe:*:Enabled:ipsec"
"C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe"="C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\bfiwn.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\bfiwn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winysggfi.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winysggfi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winnepkv.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winnepkv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\skljph.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\skljph.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winpwpreb.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winpwpreb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\mgls.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\mgls.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\pafd.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\pafd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\wingfweyq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\wingfweyq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winsirmy.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winsirmy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winunyu.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winunyu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winfxtrk.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winfxtrk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\hhrrf.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\hhrrf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winelqjk.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winelqjk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winxhpwqn.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winxhpwqn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winxynnui.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winxynnui.exe:*:Enabled:ipsec"
"c:\PROGRA~1\mcafee\msc\mcshell.exe"="c:\PROGRA~1\mcafee\msc\mcshell.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe"="C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe:*:Enabled:ipsec"
"c:\PROGRA~1\mcafee\msc\mcuimgr.exe"="c:\PROGRA~1\mcafee\msc\mcuimgr.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\dumprep.exe"="C:\WINDOWS\system32\dumprep.exe:*:Enabled:ipsec"
"C:\Program Files\Java\jre6\bin\jucheck.exe"="C:\Program Files\Java\jre6\bin\jucheck.exe:*:Enabled:ipsec"
"C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\qovpys.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\qovpys.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winytniv.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winytniv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winvxbvgq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winvxbvgq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\rjxf.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\rjxf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\wingrdhmq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\wingrdhmq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winoqsxhl.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winoqsxhl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winbyxrux.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winbyxrux.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winsmgyu.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winsmgyu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winibgi.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winibgi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winbpxpe.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winbpxpe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\fdmw.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\fdmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winwtymxc.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winwtymxc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\wingdcyuk.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\wingdcyuk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winmmwdqr.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winmmwdqr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\uwwohe.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\uwwohe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winbclntw.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winbclntw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\qyohuq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\qyohuq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\windynmw.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\windynmw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\lxhweq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\lxhweq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\nqthp.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\nqthp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\quewix.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\quewix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\tubs.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\tubs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\lypg.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\lypg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\bbhq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\bbhq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winbooeud.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winbooeud.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winmaxoev.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winmaxoev.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\yttnk.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\yttnk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winpvmge.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winpvmge.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winppkqao.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winppkqao.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\bkkmdj.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\bkkmdj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winhfdq.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winhfdq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winmxwyew.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winmxwyew.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winytukl.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winytukl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winlxhi.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winlxhi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\afbnp.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\afbnp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\whgf.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\whgf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\wingcybl.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\wingcybl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winkyxm.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winkyxm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\winmsfdu.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\winmsfdu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\Dell\LOCALS~1\Temp\wwtr.exe"="C:\DOCUME~1\Dell\LOCALS~1\Temp\wwtr.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3518ff1d-5bdf-11dc-9bea-0015c5b4b367}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
shell\Ú_†™\command - NETSVCS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c03cad18-332f-11de-97b1-0015c5b4b367}]
shell\AutoPLaY\command - G:\qheh.pif
shell\AutoRun\command - G:\qheh.pif
shell\explOre\command - G:\qheh.pif
shell\Open\command - G:\qheh.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb660768-1b3b-11dc-9b5d-0015c5b4b367}]
shell\AutoRun\command - rundll32 wzcdlg.dll,FlashConfigCreateNetwork \SMRTNTKY\WSETTING.WFC


======List of files/folders created in the last 3 months======

2009-05-15 17:39:22 ----D---- C:\rsit
2009-05-15 17:39:22 ----D---- C:\Program Files\trend micro
2009-05-12 12:45:51 ----D---- C:\Program Files\FreeLiveTV
2009-05-08 14:44:41 ----D---- C:\WINDOWS\ie8updates
2009-05-08 14:40:25 ----HDC---- C:\WINDOWS\ie8
2009-05-08 12:15:48 ----D---- C:\Program Files\FinalUninstaller
2009-05-08 11:44:08 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-06 13:14:28 ----D---- C:\Program Files\Common Files\EzTools
2009-04-21 18:04:52 ----D---- C:\Program Files\FlashGet
2009-04-21 17:21:04 ----A---- C:\flashget196en.exe
2009-04-18 20:39:56 ----D---- C:\Program Files\SopCast
2009-04-18 15:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2009-04-18 15:08:01 ----D---- C:\Documents and Settings\Dell\Application Data\TVU networks
2009-04-16 22:44:28 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 22:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 22:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 22:36:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 22:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 22:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 10:16:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-03-23 16:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2009-03-23 16:10:32 ----D---- C:\Documents and Settings\Dell\Application Data\MozillaControl
2009-03-23 16:05:41 ----D---- C:\Program Files\Graboid
2009-03-22 11:36:43 ----A---- C:\WINDOWS\system32\rmc_fixasf.exe
2009-03-22 11:36:41 ----A---- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-03-22 11:35:34 ----A---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-03-22 11:35:07 ----D---- C:\WINDOWS\Replay Media Catcher
2009-03-22 11:35:07 ----D---- C:\Program Files\Replay Media Catcher
2009-03-21 23:35:32 ----D---- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
2009-03-21 23:35:08 ----A---- C:\WINDOWS\system32\uL6qK2Kn.exe_
2009-03-14 19:07:24 ----RSHD---- C:\RESTORE
2009-03-11 17:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 17:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 17:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 17:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 17:26:40 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-09 18:46:33 ----D---- C:\Documents and Settings\Dell\Application Data\XnView
2009-03-09 18:46:10 ----D---- C:\Program Files\XnView
2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-02-25 20:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-23 22:00:27 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 3 months======

2009-05-15 17:39:22 ----RD---- C:\Program Files
2009-05-15 17:33:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-15 17:27:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-15 17:10:33 ----D---- C:\WINDOWS\Temp
2009-05-15 17:08:38 ----D---- C:\WINDOWS\system32\drivers
2009-05-15 17:08:18 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-05-15 17:07:20 ----SD---- C:\WINDOWS\Tasks
2009-05-15 14:31:36 ----D---- C:\Program Files\Mozilla Firefox
2009-05-15 10:25:39 ----D---- C:\Program Files\Spyware Doctor
2009-05-12 12:45:56 ----SHD---- C:\WINDOWS\Installer
2009-05-12 12:45:56 ----D---- C:\Config.Msi
2009-05-10 21:06:23 ----SD---- C:\Documents and Settings\Dell\Application Data\Microsoft
2009-05-10 17:41:57 ----D---- C:\WINDOWS\network diagnostic
2009-05-10 15:33:53 ----D---- C:\Program Files\TVAnts
2009-05-10 15:33:22 ----D---- C:\WINDOWS\system32
2009-05-10 15:33:13 ----D---- C:\downloads
2009-05-09 11:45:00 ----D---- C:\WINDOWS
2009-05-08 16:25:00 ----HD---- C:\WINDOWS\inf
2009-05-08 15:59:38 ----A---- C:\WINDOWS\win.ini
2009-05-08 15:58:59 ----D---- C:\Program Files\Windows Media Player
2009-05-08 15:57:24 ----D---- C:\WINDOWS\Help
2009-05-08 15:57:24 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-08 14:46:40 ----D---- C:\WINDOWS\system32\en-US
2009-05-08 14:46:40 ----D---- C:\WINDOWS\Media
2009-05-08 14:46:39 ----D---- C:\WINDOWS\system32\dllcache
2009-05-08 14:46:39 ----D---- C:\Program Files\Internet Explorer
2009-05-08 14:44:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-08 14:43:55 ----A---- C:\WINDOWS\imsins.BAK
2009-05-08 12:24:37 ----D---- C:\Program Files\McAfee
2009-05-08 11:45:24 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-08 11:45:23 ----RSD---- C:\WINDOWS\assembly
2009-05-07 10:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-06 21:49:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-06 17:01:12 ----RASH---- C:\boot.ini
2009-05-06 17:01:12 ----A---- C:\WINDOWS\system.ini
2009-05-06 13:14:28 ----D---- C:\Program Files\Common Files
2009-05-06 12:09:19 ----D---- C:\My Downloads
2009-05-06 12:06:35 ----D---- C:\Program Files\e-Sword
2009-05-04 15:11:07 ----D---- C:\Program Files\Flock
2009-05-02 12:51:43 ----D---- C:\Program Files\Norton Security Scan
2009-04-24 09:25:22 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-04-24 08:35:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-24 08:35:40 ----D---- C:\WINDOWS\WinSxS
2009-04-22 17:15:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-22 17:14:57 ----D---- C:\WINDOWS\system32\Nagasoft
2009-04-18 15:10:46 ----D---- C:\Program Files\TVUPlayer
2009-04-17 12:08:08 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 12:08:08 ----D---- C:\WINDOWS\AppPatch
2009-04-06 15:32:20 ----RSD---- C:\WINDOWS\Fonts
2009-03-30 09:39:57 ----D---- C:\WINDOWS\system32\Restore
2009-03-22 16:40:16 ----D---- C:\dell
2009-03-22 16:38:48 ----D---- C:\i386
2009-03-22 16:34:04 ----D---- C:\Program Files\2nd Speech Center
2009-03-22 16:33:50 ----D---- C:\Program Files\AGLOCO Viewbar
2009-03-22 16:33:43 ----D---- C:\Program Files\Allok MP3 to AMR Converter
2009-03-22 16:32:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-22 16:32:51 ----D---- C:\Program Files\Copernic Desktop Search 2
2009-03-22 16:32:50 ----D---- C:\Program Files\DAEMON Tools
2009-03-22 16:32:44 ----D---- C:\Program Files\Dell Network Assistant
2009-03-22 16:32:35 ----D---- C:\Program Files\DivX
2009-03-22 16:32:32 ----D---- C:\Program Files\DVD Decrypter
2009-03-22 16:32:26 ----D---- C:\Program Files\Dziobas Rar Player
2009-03-22 16:32:18 ----D---- C:\Program Files\Elprime Media Recovery
2009-03-22 16:32:14 ----D---- C:\Program Files\FLV Player
2009-03-22 16:32:13 ----D---- C:\Program Files\FLVPlayer
2009-03-22 16:32:11 ----D---- C:\Program Files\Freecorder Toolbar
2009-03-22 16:32:08 ----D---- C:\Program Files\Freecorder
2009-03-22 16:32:07 ----D---- C:\Program Files\G-Mailto
2009-03-22 16:32:06 ----D---- C:\Program Files\GigaTribe
2009-03-22 16:32:01 ----D---- C:\Program Files\Glary Utilities
2009-03-22 16:31:19 ----D---- C:\Program Files\GPLGS
2009-03-22 16:30:58 ----D---- C:\Program Files\Hard Drive Inspector
2009-03-22 16:30:54 ----D---- C:\Program Files\Hitman Pro
2009-03-22 16:29:27 ----D---- C:\Program Files\Joost
2009-03-22 16:29:23 ----D---- C:\Program Files\Kate's Video Toolkit
2009-03-22 16:28:54 ----D---- C:\Program Files\Microsoft Works
2009-03-22 16:28:51 ----D---- C:\Program Files\Modem Helper
2009-03-22 16:28:48 ----D---- C:\Program Files\Mp3 My Mp3 2.0
2009-03-22 16:28:28 ----D---- C:\Program Files\Norton Ghost
2009-03-22 16:28:22 ----D---- C:\Program Files\Orbitdownloader
2009-03-22 16:28:20 ----D---- C:\Program Files\PC Wizard 2007
2009-03-22 16:28:16 ----D---- C:\Program Files\Power DVD Ripper
2009-03-22 16:28:14 ----D---- C:\Program Files\Premium Booster
2009-03-22 16:28:13 ----D---- C:\Program Files\QuickTime
2009-03-22 16:28:11 ----D---- C:\Program Files\RAR Password Cracker
2009-03-22 16:28:04 ----D---- C:\Program Files\SKR
2009-03-22 16:28:04 ----D---- C:\Program Files\RegCure
2009-03-22 16:27:54 ----D---- C:\Program Files\SpeedBit Video Accelerator
2009-03-22 16:27:48 ----D---- C:\Program Files\SpywareBlaster
2009-03-22 16:27:43 ----D---- C:\Program Files\StreamDown v6.1
2009-03-21 17:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-15 22:41:22 ----D---- C:\Safety
2009-03-11 23:22:14 ----D---- C:\Program Files\Radio Dum Dum
2009-03-09 23:56:32 ----A---- C:\WINDOWS\stsystra.exe
2009-03-09 23:56:29 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-03-08 14:22:46 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:21:06 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:39:48 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:26 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:54 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----A---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:46 ----A---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-08 04:11:12 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-03-06 17:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-02-25 12:27:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-20 21:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2005-12-07 14408]
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-03-02 109608]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 V2IMount;V2IMount; C:\WINDOWS\system32\drivers\V2IMount.sys [2005-12-07 56240]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-13 21275]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-13 13696]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-01-13 13312]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-05-01 13568]
R2 sbbotdi;sbbotdi; \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-13 13568]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\pimjk.sys []
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-14 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2006-11-15 24736]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-03-01 21056]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-25 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPROEVENTMONITOR;VPROEVENTMONITOR; \??\C:\WINDOWS\system32\drivers\VProEventMonitor.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a4b5q0ax;a4b5q0ax; C:\WINDOWS\system32\drivers\a4b5q0ax.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-11-15 1678368]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-11-15 1962912]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2006-11-11 40352]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-12-22 71496]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-12-22 34184]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-12-22 170408]
S3 mferkdk;McAfee Inc.; C:\WINDOWS\system32\drivers\mferkdk.sys [2006-12-22 32008]
S3 mfesmfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfesmfk.sys [2006-12-22 37480]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys [2008-04-25 30946]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2006-11-11 487328]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-27 1429632]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-05-01 114753]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2005-12-07 53248]
R2 HDDSvc;HDD Information Service; C:\WINDOWS\system32\HDDSvc.exe [2007-06-13 189968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-11-15 109344]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2005-12-07 2066072]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-05-01 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-05-01 540745]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-03-01 3379264]
R2 WeOnlyDo wodAppUpdate Service;WeOnlyDo wodAppUpdate Service; C:\WINDOWS\system32\wodUpdSv.exe [2007-11-20 28144]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2006-05-01 262217]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 260592]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2009-03-09 174880]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2009-03-09 153200]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 VideoAcceleratorEngine;VideoAcceleratorEngine; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe [2009-03-09 219008]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2009-03-09 415312]
S4 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 614504]
S4 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe []
S4 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2535952]
S4 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe []
S4 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-04-12 427096]
S4 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2007-03-08 338016]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S4 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe []
S4 MPS9;McAfee Privacy Service; C:\PROGRA~1\McAfee\MPS\mps.exe []
S4 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe []

-----------------EOF-----------------

#6 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 May 2009 - 09:54 AM

info.txt logfile of random's system information tool 1.06 2009-05-15 17:39:57

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
10-Strike Network File Search-->"C:\Program Files\10-Strike Network File Search\unins000.exe"
2nd Speech Center 3.23.7.828-->"C:\Program Files\2nd Speech Center\unins000.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0 Professional - English, Franšais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-100000000002}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGLOCO Viewbar 1.00-->C:\Program Files\AGLOCO Viewbar\uninst.exe
Aimersoft Video Converter(Build 1.0.21)-->"C:\Program Files\Aimersoft\Video Converter\unins000.exe"
All Sound Recorder XP 2.26-->"C:\Program Files\All Sound Recorder XP\unins000.exe"
Allok MP3 to AMR Converter 3.0.2-->"C:\Program Files\Allok MP3 to AMR Converter\unins000.exe"
AnalogX HyperTrace-->C:\Program Files\AnalogX\HyperTrace\htraceu.exe
AnalogX NetStat Live-->C:\Program Files\AnalogX\NetStat Live\nslu.exe
AnalogX QuickDNS-->C:\Program Files\AnalogX\QuickDNS\qdnsu.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll,O
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Copernic Desktop Search - Home-->C:\Program Files\Copernic Desktop Search 2\uninst.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
del.icio.us Buttons for Internet Explorer-->MsiExec.exe /I{08F7CCA6-8590-4401-8B44-CEB09A909AAB}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Dziobas Rar Player 0.008.11-->"C:\Program Files\Dziobas Rar Player\unins000.exe"
Elprime Media Recovery 1.0-->"C:\Program Files\Elprime Media Recovery\unins000.exe"
e-Sword-->MsiExec.exe /I{97D86AAF-0473-4457-A35F-066C84E83CB0}
e-Sword-->MsiExec.exe /I{9B99DF2F-FE57-47E4-A8DF-CF731B48052A}
Final Uninstaller-->"C:\Program Files\FinalUninstaller\unins000.exe"
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Flock (2.0)-->C:\Program Files\Flock\uninstall\helper.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Folder Marker Home v 2.0-->"C:\Program Files\Folder Marker\unins000.exe"
Free Live TV-->MsiExec.exe /X{8FE63416-8881-4CDF-9E80-B3E2892BD98F}
Freecorder Toolbar 3.0 Application-->"C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~1\FREECO~2\UNWISE.EXE C:\PROGRA~1\FREECO~2\INSTALL.LOG
GigaTribe 2.35-->"C:\Program Files\GigaTribe\unins000.exe"
Glary Utilities 2.5.1-->"C:\Program Files\Glary Utilities\unins000.exe"
G-Mailto v1.32-->"C:\Program Files\G-Mailto\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
Hard Drive Inspector for Notebooks 2.42 build # 402-->C:\Program Files\Hard Drive Inspector\Uninst.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hitman Pro-->"C:\Program Files\Hitman Pro\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joost ™ Beta 1.1.4-->C:\Program Files\Joost\uninst.exe
Kate's Video Toolkit 1.8.23-->"C:\Program Files\Kate's Video Toolkit\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech« Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malayam Fonts 2.0-->C:\WINDOWS\unins000.exe
Match-Up!-->MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Net Transport 1.87.258-->"C:\Program Files\Xi\NetTransport 2\unins000.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Ghost 10.0-->MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}
Norton Security Scan-->MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Online TV Player 4-->"C:\Program Files\Online TV Player 4\unins000.exe"
Opera 9.62-->MsiExec.exe /X{8318FEFD-F467-44D6-82B8-129374BFE9B1}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
P2P Tv Plugin-->"C:\Program Files\P2P Tv Plugin\unins000.exe"
PC Wizard 2007.1.72-->"C:\Program Files\PC Wizard 2007\unins000.exe"
Power DVD Ripper 1.02-->"C:\Program Files\Power DVD Ripper\unins000.exe"
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Premium Booster-->C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Radio Dum Dum 1.5-->"C:\Program Files\Radio Dum Dum\unins000.exe"
RAR Password Recovery v1.1 RC17 (remove only)-->C:\Program Files\Intelore\RAR Password Recovery\uninstall.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Replay Media Catcher 3.02-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Security Task Manager 1.7e-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SpeedBit Video Accelerator-->C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SPVOD Player1.8-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe"
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
StreamDown-->"C:\Program Files\StreamDown v6.1\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.5.1-->C:\Program Files\TVUPlayer\uninst.exe
Uniblue SpyEraser-->"C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
XnView 1.96-->"C:\Program Files\XnView\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan (outdated)
FW: McAfee Personal Firewall

======System event log======

Computer Name: DD82LG2J
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88367
Source Name: bcm4sbxp
Time Written: 20090503170321.000000+180
Event Type: warning
User:

Computer Name: DD82LG2J
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88343
Source Name: bcm4sbxp
Time Written: 20090503161210.000000+180
Event Type: warning
User:

Computer Name: DD82LG2J
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88341
Source Name: bcm4sbxp
Time Written: 20090503161103.000000+180
Event Type: warning
User:

Computer Name: DD82LG2J
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88316
Source Name: bcm4sbxp
Time Written: 20090503155619.000000+180
Event Type: warning
User:

Computer Name: DD82LG2J
Event Code: 4
Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 88310
Source Name: bcm4sbxp
Time Written: 20090503133336.000000+180
Event Type: warning
User:

=====Application event log=====

Computer Name: DD82LG2J
Event Code: 20
Message:
Record Number: 25068
Source Name: Google Update
Time Written: 20090206135056.000000+180
Event Type: error
User: DD82LG2J\Dell

Computer Name: DD82LG2J
Event Code: 20
Message:
Record Number: 25067
Source Name: Google Update
Time Written: 20090206125054.000000+180
Event Type: error
User: DD82LG2J\Dell

Computer Name: DD82LG2J
Event Code: 4
Message: Service started

Record Number: 25058
Source Name: HDD Info Service
Time Written: 20090206123730.000000+180
Event Type:
User: NT AUTHORITY\SYSTEM

Computer Name: DD82LG2J
Event Code: 100
Message: Description: Error EC8F1C25: Your trial version of Norton Ghost has expired. To continue system protection please visit our web site.
Details: Operation aborted

Source: Norton Ghost

Record Number: 25047
Source Name: Norton Ghost
Time Written: 20090205190004.000000+180
Event Type: error
User:

Computer Name: DD82LG2J
Event Code: 4
Message: Service started

Record Number: 25038
Source Name: HDD Info Service
Time Written: 20090205170312.000000+180
Event Type:
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:24 AM

Posted 15 May 2009 - 10:53 AM

Hi dashy11,

Have you been playing with Registry Cleaners? :thumbup2: Because I know Registry Cleaners can break Windows. :)

The following is referring to RegCure .
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

Uninstall Ad-Aware SE Personal, as that is an old version.
You can download the new version of Ad-Aware Free


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java™ 6 Update 11
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7
    Java™ SE Runtime Environment 6 Update 1
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 May 2009 - 02:54 PM

Malwarebytes' Anti-Malware 1.36
Database version: 2137
Windows 5.1.2600 Service Pack 3

5/15/2009 10:39:20 PM
mbam-log-2009-05-15 (22-39-20).txt

Scan type: Quick Scan
Objects scanned: 92498
Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 8
Registry Data Items Infected: 8
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f50b3f5e-856e-4757-9bb1-b35d46ca7719} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhca40j0eeeg (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temp\UAC51d6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dell\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMa3d4e105.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMa3d4e105.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:24 AM

Posted 15 May 2009 - 03:25 PM

Hi dashy11,

Please tell me the antivirus program you are running?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 15 May 2009 - 03:54 PM

I had mcafee when i bought the laptop.well after sometime the period was over.i nolonger could update it.and recently it started showing errors.and i tried uninstalling it.but i don't know whether it is fully uninstalled.i can see the following in start up(msconfig):
Mskagent c:/program files/mcafee/msk/mskagent.exe but it is unchecked.
and also i can still see the folders "mcafee" and mcafee.com in program files.

my intention was to install some free antivirus after uninstalling mcafee. and i still havent installed any antivirus although i downloaded avast.

and one more thing.in the last scan using malwarebytes antimalware,during the removal process a message window came regarding regedit.it said something like "regedit is disabled and for quarantine and removal regedit is to be enabled"

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:24 AM

Posted 15 May 2009 - 04:29 PM

Hi dashy11,

To uninstall McAfee antivirus you need to run McAfee Consumer Product Removal tool


How to uninstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)

Summary: This document explains how to remove McAfee Consumer products using the McAfee Consumer Products Removal tool. This option should only be used as an alternative if you cannot remove your McAfee product through the normal Add/Remove Programs.

Affected Products:
McAfee Security Center
McAfee VirusScan
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SpamKiller
McAfee Wireless Network Security
McAfee SiteAdvisor
McAfee Data Backup
McAfee Network Manager
McAfee Easy Network
McAfee AntiSpyware
Affected Operating Systems:
Microsoft Windows 2000 Professional
Microsoft Windows XP Professional
Microsoft Windows XP Home
Microsoft Windows Vista

NOTE: This tool is not compatible with Microsoft Windows 98 or ME.



Description
Running the McAfee Consumer Product Removal tool (MCPR.exe) removes all 2005, 2006, and 2007 versions of McAfee consumer products.



Solution
Download and run the McAfee Removal tool
NOTE: Always be sure to uninstall your McAfee product through Add/Remove Programs, first. The following steps should only be taken if uninstalling through Add/Remove Programs has failed.

Download the removal tool from http://download.mcafee.com/products/licens...atches/MCPR.exe.
Click Save and save the file to any folder on the computer.
Navigate to the folder where the file is saved.
Make sure all McAfee application windows are closed.
Double-click MCPR.exe and the removal tool will start automatically.
Note: Windows Vista users must right-click and select Run as Administrator.
Once the removal tool is finished, you will be prompted to restart your computer. If you choose to restart later, your McAfee product will not be fully removed until you do.
Wait for the computer to restart.

All McAfee products are now removed from your computer.




The reason you are badly infected is that you are not running an antivirus. :thumbup2: Very dangerous in todays world. :)

Install Avast and run it. Then post the log it produces.

Edited by SifuMike, 15 May 2009 - 04:31 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 16 May 2009 - 12:22 AM

i tried to install avast but couldn't.setup encountered error.i tried several times including downloading again and trying installing it again.but failed.

Error Signature:
AppName: setupeng.exe AppVer: 4.8.1335.0 ModName: setupeng.exe
ModVer: 4.8.1335.0 Offset: 0002d615.

Attached Files



#13 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:24 AM

Posted 16 May 2009 - 10:00 AM

Hi dashy11,

Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus :!:

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThis log.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirus scan is not present which should be able to deal with most and prevent further reinfection.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 16 May 2009 - 10:31 AM

i couldn't install avira.as you said i downloaded and tried installing it.during the extracting stage the window just goes off.i tried several times.result is the same.

#15 dashy11

dashy11
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 16 May 2009 - 10:37 AM

when mcafee was there one of the problems i encountered was the inability to see mcafee scan window when i give a manual scan by right clicking file or folders.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users