Thank you for your response, SifuMike. I've downloaded the programs requested. Below are the logs from each:
checkup.txt:
Results of screen317's Security Check version 0.98.3
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
`````````````````````````````` Windows Firewall Disabled!
AVGFree8.5
``````````````````````````````
Anti-malware/Other Utilities Check:
`````````````````````````````` Out of date Spybot installed! Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender Signatures
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java 6 Update 13
``````````````````````````````
Process Check:
objlist.exe by Laurent
`````````````````````````````` Windows Defender MsMpEng.exe is disabled! Windows Defender MSASCui.exe is disabled! AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Spybot SDHelper is disabled! Spybot - Search & Destroy TeaTimer.exe
``````````````````````````````
DNS Vulnerability Check:
`````````````````````````````` GOOD! (Somewhat random)
Scan took 34 seconds.
`````````End of Log```````````[/quote]
GooredLog.txt:GooredFix v1.92 by jpshortstuff
Log created at 12:33 on 24/05/2009 running Option #1 (User)
Firefox version 3.0.10 (en-GB)
=====Suspect Goored Entries=====
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
RSIT's log.txt:pizzapie
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-05-24 12:34:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (2%) free of 76 GB
Total RAM: 2047 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:32, on 24/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\User\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\GooredFix.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [A00FF5059.exe] C:\WINDOWS\TEMP\_A00FF5059.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\kgzlakkcj2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\kgzlakkcj2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [A00FF5059.exe] C:\WINDOWS\TEMP\_A00FF5059.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftu...b?1189807731062O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) -
http://www.yougamers.com/systeminfo/MSC3.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8405 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1450960922-839522115-1004.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2006-02-28 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2006-02-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-08-04 185632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-18 148888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-18 1947928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv.exe -o []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-17 1830128]
"Google Update"=C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-18 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2007-04-09 262184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipCount]
C:\Program Files\ClipCount 2.0\ClipCount.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
dslagent.exe USB []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
NvMCTray.dll,NvTaskbarInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\DOCUME~1\User\LOCALS~1\Temp\SSUPDATE.EXE [2008-05-28 158960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-08-04 185632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
C:\PROGRA~1\Belkin\USBF5D~1\WIRELE~1\BELKIN~1.EXE [2005-10-28 1404928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WA-T1.lnk]
C:\PROGRA~1\PLEXUS\WA-T1\UI.exe [2008-05-05 1314816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2
"IDriverT"=3
"AntiVirService"=3
"AntiVirScheduler"=2
"PnkBstrA"=2
"SeaPort"=2
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-05-17 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-18 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
"F:\StubInstaller.exe"="F:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"="F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"="F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="F:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of DutyŪ 4 - Modern Warfare"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Steam\SteamApps\common\empire total war\Empire.exe"="F:\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:avgtray"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 3 months======
2009-05-24 12:34:13 ----D---- C:\rsit
2009-05-23 17:48:04 ----D---- C:\Program Files\Mozilla Firefox
2009-05-22 18:53:12 ----D---- C:\Program Files\CCleaner
2009-05-21 22:53:05 ----A---- C:\WINDOWS\system32\vp_setup.exe.bat
2009-05-21 17:48:49 ----D---- C:\Documents and Settings\User\Application Data\ImgBurn
2009-05-21 17:45:39 ----D---- C:\Program Files\ImgBurn
2009-05-18 21:50:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-18 20:32:00 ----D---- C:\Program Files\Trend Micro
2009-05-18 19:08:41 ----HD---- C:\WINDOWS\PIF
2009-05-18 17:36:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-18 17:36:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-18 17:36:20 ----A---- C:\WINDOWS\system32\java.exe
2009-05-18 16:50:27 ----D---- C:\Documents and Settings\User\Application Data\Opera
2009-05-17 21:17:08 ----D---- C:\Program Files\SpywareBlaster
2009-05-17 12:56:04 ----HD---- C:\$AVG8.VAULT$
2009-05-17 12:33:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-07 17:32:34 ----D---- C:\WINDOWS\ie8updates
2009-05-07 17:30:58 ----D---- C:\WINDOWS\WBEM
2009-05-07 17:29:46 ----HDC---- C:\WINDOWS\ie8
2009-05-03 23:16:29 ----D---- C:\Program Files\Audacity
2009-05-03 22:32:03 ----A---- C:\WINDOWS\system32\NCTWMAFile2.dll
2009-05-03 22:32:03 ----A---- C:\WINDOWS\system32\NCTAudioInformation2.dll
2009-05-03 22:32:03 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2009-05-03 22:32:03 ----A---- C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2009-05-03 22:32:03 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-05-03 22:32:02 ----A---- C:\WINDOWS\system32\lame_enc.dll
2009-05-03 22:32:01 ----D---- C:\Program Files\Free Mp3WmaOgg Converter
2009-05-02 17:38:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2009-05-02 17:30:58 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-04-29 17:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-04-22 00:20:44 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2009-04-22 00:20:44 ----A---- C:\WINDOWS\system32\xlive.dll
2009-04-22 00:19:06 ----A---- C:\WINDOWS\system32\xlive.dll.cat
2009-04-17 16:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 16:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 16:21:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 16:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 16:18:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 16:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-17 16:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 10:37:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-03-29 14:11:34 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-03-29 14:10:29 ----D---- C:\Program Files\Microsoft Sync Framework
2009-03-29 14:09:05 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-03-29 14:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-03-29 14:05:51 ----D---- C:\Program Files\Microsoft
2009-03-29 14:05:35 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-29 13:58:37 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-21 20:14:35 ----D---- C:\WINDOWS\system32\Lang
2009-03-21 20:08:10 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-03-21 20:08:10 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-03-21 20:08:02 ----D---- C:\WINDOWS\system32\RTCOM
2009-03-21 20:07:32 ----A---- C:\WINDOWS\SoundMan.exe
2009-03-21 20:07:32 ----A---- C:\WINDOWS\SkyTel.exe
2009-03-21 20:07:31 ----A---- C:\WINDOWS\RtlUpd.exe
2009-03-21 20:07:29 ----A---- C:\WINDOWS\RTLCPL.exe
2009-03-21 20:07:26 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-03-21 20:07:25 ----A---- C:\WINDOWS\MicCal.exe
2009-03-21 20:07:19 ----D---- C:\Program Files\Realtek
2009-03-21 20:07:19 ----A---- C:\WINDOWS\alcwzrd.exe
2009-03-21 20:07:19 ----A---- C:\WINDOWS\Alcmtr.exe
2009-03-21 20:06:55 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-03-20 16:57:29 ----D---- C:\Documents and Settings\User\Application Data\The Creative Assembly
2009-03-20 15:23:04 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-03-20 15:23:04 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-03-20 15:23:02 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-03-20 15:23:00 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-03-20 15:23:00 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-03-20 15:22:59 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-03-20 15:22:59 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-03-20 15:22:58 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-03-20 15:22:58 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-03-20 15:22:57 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-03-20 15:22:56 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-03-20 15:22:56 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-03-20 15:22:55 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-03-11 18:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 18:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 18:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 14:54:01 ----A---- C:\WINDOWS\system32\CNBJMON2.DLL
2009-03-08 14:22:46 ----N---- C:\WINDOWS\system32\ieframe.dll.mui
2009-03-08 14:22:30 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-03-08 14:22:18 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-03-08 14:21:06 ----N---- C:\WINDOWS\system32\advpack.dll.mui
2009-03-08 14:20:54 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-03-08 04:39:48 ----N---- C:\WINDOWS\system32\ieframe.dll
2009-03-08 04:34:48 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-03-08 04:32:26 ----N---- C:\WINDOWS\system32\msfeeds.dll
2009-03-08 04:32:22 ----N---- C:\WINDOWS\system32\iertutil.dll
2009-03-08 04:31:54 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2009-03-08 04:31:52 ----N---- C:\WINDOWS\system32\msfeedsbs.dll
2009-03-08 04:31:52 ----N---- C:\WINDOWS\system32\icardie.dll
2009-03-08 04:22:46 ----N---- C:\WINDOWS\system32\ieui.dll
2009-03-08 04:11:12 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-28 02:58:21 ----D---- C:\Program Files\MSECache
2009-02-27 05:56:38 ----A---- C:\WINDOWS\system32\SET2F.tmp
2009-02-25 16:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
======List of files/folders modified in the last 3 months======
2009-05-24 12:34:30 ----D---- C:\WINDOWS\Prefetch
2009-05-24 12:33:38 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2009-05-24 12:32:32 ----D---- C:\WINDOWS\Temp
2009-05-24 12:15:15 ----D---- C:\WINDOWS\Internet Logs
2009-05-24 02:14:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-23 20:24:44 ----D---- C:\WINDOWS\system32
2009-05-23 17:48:16 ----D---- C:\Documents and Settings\User\Application Data\Mozilla
2009-05-23 17:48:04 ----RD---- C:\Program Files
2009-05-23 17:43:27 ----SHD---- C:\WINDOWS\Installer
2009-05-23 17:35:52 ----D---- C:\WINDOWS\system32\drivers
2009-05-23 16:17:24 ----D---- C:\WINDOWS
2009-05-23 10:30:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-22 21:06:14 ----SH---- C:\boot.ini
2009-05-22 21:06:14 ----A---- C:\WINDOWS\win.ini
2009-05-22 21:06:14 ----A---- C:\WINDOWS\system.ini
2009-05-22 19:20:23 ----A---- C:\WINDOWS\wininit.ini
2009-05-20 15:58:12 ----D---- C:\WINDOWS\Minidump
2009-05-20 13:41:54 ----A---- C:\WINDOWS\lexstat.ini
2009-05-18 17:40:03 ----SD---- C:\WINDOWS\Tasks
2009-05-18 17:36:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-18 17:35:56 ----D---- C:\Program Files\Java
2009-05-17 20:39:16 ----D---- C:\Documents and Settings\User\Application Data\Lavasoft
2009-05-17 20:39:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-17 12:04:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-17 12:03:20 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-12 18:37:42 ----D---- C:\Documents and Settings\User\Application Data\mIRC
2009-05-12 16:31:30 ----D---- C:\Program Files\mIRC
2009-05-07 17:55:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-07 17:55:32 ----D---- C:\WINDOWS\Help
2009-05-07 17:55:32 ----D---- C:\Program Files\Internet Explorer
2009-05-07 17:32:40 ----HD---- C:\WINDOWS\inf
2009-05-07 17:31:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-07 17:31:13 ----A---- C:\WINDOWS\imsins.BAK
2009-05-07 17:31:00 ----D---- C:\WINDOWS\system32\config
2009-05-07 17:30:58 ----D---- C:\WINDOWS\system32\en-us
2009-05-07 17:30:49 ----D---- C:\WINDOWS\Media
2009-05-06 22:01:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-04 00:28:06 ----D---- C:\Documents and Settings\User\Application Data\Skype
2009-05-04 00:09:03 ----D---- C:\Documents and Settings\User\Application Data\skypePM
2009-05-03 23:12:56 ----D---- C:\Program Files\Mp3 My Mp3 2.0
2009-05-03 02:17:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-02 21:36:28 ----D---- C:\WINDOWS\system32\DirectX
2009-05-02 20:48:18 ----D---- C:\RTW
2009-04-30 20:11:04 ----D---- C:\WINDOWS\system32\wbem
2009-04-30 20:10:58 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-30 17:03:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-18 09:19:35 ----D---- C:\WINDOWS\AppPatch
2009-04-16 15:32:29 ----A---- C:\WINDOWS\BlendSettings.ini
2009-04-12 08:13:39 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2009-04-10 11:29:58 ----AC---- C:\WINDOWS\cdplayer.ini
2009-04-01 04:15:31 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-30 01:16:19 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-03-29 14:49:57 ----RSD---- C:\WINDOWS\assembly
2009-03-29 14:49:57 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-29 14:11:35 ----D---- C:\Program Files\Common Files\System
2009-03-29 14:11:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-29 14:11:04 ----D---- C:\Program Files\Windows Live
2009-03-29 14:10:30 ----D---- C:\WINDOWS\WinSxS
2009-03-29 14:05:17 ----RSD---- C:\WINDOWS\Fonts
2009-03-29 13:58:37 ----D---- C:\Program Files\Common Files
2009-03-28 13:01:07 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-03-21 15:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-20 14:32:53 ----AC---- C:\WINDOWS\system32\wpa.bak
2009-03-10 14:55:22 ----D---- C:\WINDOWS\pss
2009-03-08 14:09:26 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-03-08 04:41:16 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-03-08 04:34:58 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-08 04:34:56 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-03-08 04:34:48 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-03-08 04:34:30 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-03-08 04:34:28 ----A---- C:\WINDOWS\system32\url.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-03-08 04:34:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-03-08 04:33:40 ----A---- C:\WINDOWS\system32\corpol.dll
2009-03-08 04:33:26 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-03-08 04:33:16 ----A---- C:\WINDOWS\system32\jscript.dll
2009-03-08 04:33:08 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-03-08 04:33:06 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-03-08 04:33:02 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-03-08 04:32:56 ----A---- C:\WINDOWS\system32\admparse.dll
2009-03-08 04:32:54 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-03-08 04:32:52 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-03-08 04:32:50 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-03-08 04:32:48 ----A---- C:\WINDOWS\system32\advpack.dll
2009-03-08 04:32:46 ----A---- C:\WINDOWS\system32\inseng.dll
2009-03-08 04:32:04 ----A---- C:\WINDOWS\system32\mstime.dll
2009-03-08 04:31:56 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-03-08 04:31:44 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-03-08 04:31:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-03-08 04:31:36 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-03-08 04:31:26 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-03-08 04:31:18 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-03-08 04:31:02 ----A---- C:\WINDOWS\system32\mshta.exe
2009-03-08 04:22:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-03-06 17:31:59 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-06 15:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 00:04:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-02-28 02:59:12 ----D---- C:\Program Files\Microsoft Office
2009-02-26 17:45:19 ----D---- C:\Program Files\Microsoft Silverlight
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 36864]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-18 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-18 108552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-22 21419]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-12-14 278984]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-12-14 25416]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;USB PC Cam Plus; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanusb;BT Voyager 100 ADSL Modem; C:\WINDOWS\system32\DRIVERS\gwausb.sys [2003-04-28 276904]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 qbdriwtsetegerxu;qbdriwtsetegerxu; C:\WINDOWS\system32\drivers\qbdriwtsetegerxu.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-18 298776]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-18 152984]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 avast!Antivirus;avast!Antivirus; C:\WINDOWS\System32\avast!Antivirus.exe -k netsvcs []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 getPlusŪ Helper;getPlusŪ Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2006-12-17 47656]
S4 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2007-02-12 202792]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-12-11 66872]
S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S4 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
-----------------EOF-----------------
RSIT's info.txt:info.txt logfile of random's system information tool 1.06 2009-05-24 12:34:36
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AltoMP3 Gold 5.12-->C:\Program Files\AltoMP3 Gold\uninst.exe
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir PersonalEdition Classic-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BT Voyager 100 ADSL Modem-->C:\Program Files\BT Voyager 100 ADSL Modem\uninstall.exe
Call of DutyŪ 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Empire: Total War-->"F:\Steam\steam.exe" steam://uninstall/10500
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Fallout Mod Manager 0.9.5-->"C:\Program Files\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe"
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hidden & Dangerous 2 -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{83437081-8186-4F63-BD39-4BE8A691E055}
Hidden & Dangerous 2 Sabre Squadron-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E2222809-FDED-4C7E-8F25-2337A8F39F03} /l2057
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
home box office Screen Saver-->C:\WINDOWS\system32\home box office.scr /u
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Appliance Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{FC1B9A15-52FD-4882-962A-D6CDC8597671}\setup\hpzscr01.exe -datfile hphscr16.dat -showdisconnect -forcereboot
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Last.fm 1.5.1.29527-->"C:\Program Files\Last.fm\unins000.exe"
Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War : Kingdoms : Americas-->C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia-->C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades-->C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic-->C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Morrowind-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rise of Nations Gold-->"C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
S.T.A.L.K.E.R. - Shadow of Chernobyl-->"F:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SkypeâĒ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartCamera Ver 2.1-->MsiExec.exe /X{9527450C-64B3-11D5-9B31-000021116B62}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
Text Tally 1.3-->"C:\Program Files\TextTally\unins000.exe"
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
TWL541U-->C:\Program Files\InstallShield Installation Information\{59061D20-CFC3-4C2E-8B41-9243678ACE8D}\setup.exe -runfromtemp -l0x0009 -removeonly
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB PC Cam Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B9724615-DC4C-49C6-B741-44CFE412CDAF} /l1033
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VDownloader 0.77-->"C:\Program Files\VDOWNLOADER\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: AVG Anti-Virus Free
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic (outdated)
FW: ZoneAlarm Firewall
======System event log======
Computer Name: USER-9B87E89013
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 24556
Source Name: Tcpip
Time Written: 20090513173213.000000+060
Event Type: warning
User:
Computer Name: USER-9B87E89013
Event Code: 52
Message: The driver has detected that device \Device\Harddisk1\DR1 has predicted that it will fail.
Immediately back up your data and replace your hard disk drive. A failure
may be imminent.
Record Number: 24555
Source Name: Disk
Time Written: 20090513172658.000000+060
Event Type: warning
User:
Computer Name: USER-9B87E89013
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 24554
Source Name: Tcpip
Time Written: 20090513165645.000000+060
Event Type: warning
User:
Computer Name: USER-9B87E89013
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 24544
Source Name: Tcpip
Time Written: 20090513163730.000000+060
Event Type: warning
User:
Computer Name: USER-9B87E89013
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 24521
Source Name: Tcpip
Time Written: 20090513074650.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: USER-9B87E89013
Event Code: 12001
Message:
Record Number: 25126
Source Name: usnjsvc
Time Written: 20090228172859.000000+000
Event Type:
User:
Computer Name: USER-9B87E89013
Event Code: 12001
Message:
Record Number: 25090
Source Name: usnjsvc
Time Written: 20090227221653.000000+000
Event Type:
User:
Computer Name: USER-9B87E89013
Event Code: 12001
Message:
Record Number: 25075
Source Name: usnjsvc
Time Written: 20090227210747.000000+000
Event Type:
User:
Computer Name: USER-9B87E89013
Event Code: 12001
Message:
Record Number: 25062
Source Name: usnjsvc
Time Written: 20090227191945.000000+000
Event Type:
User:
Computer Name: USER-9B87E89013
Event Code: 12001
Message:
Record Number: 25040
Source Name: usnjsvc
Time Written: 20090227172121.000000+000
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
-----------------EOF-----------------Directly copied and pasted everything from the above text files into the quote tags. I hope this helps.
In the time since I posted the original message and now, I have been attempting to remove the problem myself, no doubt it will be useful to hear what measures I took and the results that occurred;
1) Ran AVG free 8.5 (manually updated, could not auto-update), Spybot S&D, SUPERantispyware, Malwarebyte's Antimalware. The last two would not update, 'server access forbidden'. Found and deleted a few things, but clearly not the right things, since the problem remained.
Edit: Ran JavaRa here also.
2) Ran Autoruns to see what process were running at startup. The things of note that I can remember were frmwrk.exe, autochk.dll, javinette.dll and AshEvtSvc.exe. Stopped them running at startup.
3) Used Search & Destroy Fileshredder and got rid of all cache files and cookies from all browsers.
4) Created Avira Rescue CD and booted from it. Scanned and found a 2 (if memory serves) warnings. Problem remained.
5) Created BitDefender Rescue CD 2009, booted from it. Ran scanner and rootkit checker, the scanner found some infected files (about 3 if memory serves) and deleted them. Their rootkit checker found nothing of note.
6) Ran the scanners mentioned above, only this time they updated with no trouble. Left them running for several hours, they picked up quite a lot, about 30-35 things on average; trojan horses, registry changes, SUPERantispyware picked up rootkit entries (2 if memory serves). Deleted the lot and rebooted.
7) Reinstalled Firefox 3.0.10 clean (used fileshredder to get rid of overlay.xul, manually deleted everything else). So far the problem seems to have been tentatively solved; overlay.xul in the extension file of Firefox is not reappearing, I can see my hidden files now and the temp file no longer has a load of random number exes and various other random letter things ("randomletters.randomletters" - which would respawn upon delete) in it (which kept trying to access the internet; Zonealarm frequently came up with things like "91579015.exe is trying to access the internet"). The only weird thing I can see so far is that the folders on my desktop have an odd white border around them. I am unsure of whether to declare victory or not, hopefully the above logs will help.
Apologies for the veritable essay, thought every bit of info would be useful.
Edited by SifuMike, 24 May 2009 - 10:02 AM.
removed quote boxes