Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Google Searches And Other Issues


  • This topic is locked This topic is locked
14 replies to this topic

#1 dhillen

dhillen

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 26 June 2009 - 01:11 PM

For about a month now I haven't been able to use any search engines, except MySpace. Everytime I do I am either redirected when I click a link or the engine itself will not load up. Also, I am now unable to use my CD Burner. I've tried using different malware software but everytime I download one I am unable to open it. Any help would be appriciated. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:00 AM, on 6/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html ... TP&M=W3622
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Amazon Unbox.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://mywebcast.cc/tvants/tvants.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/Act ... Client.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonW ... ontrol.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.128,85.255.112.142
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7523 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 27 June 2009 - 03:34 PM

Hello dhillen,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

**************

Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 27 June 2009 - 06:05 PM

Here is what came up in the Notepad document:




Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
ESETSmartSecurity
WindowsLiveOneCaresafetyscanner
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
Spybot - Search & Destroy
HijackThis 2.0.2
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot SDHelper is disabled!
ESET ESET Smart Security ekrn.exe
ESET ESET Smart Security egui.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)

Scan took 40 seconds.
`````````End of Log```````````




Also, I am unable to use Malwarebytes. It will not open for me to run tge program.

Edited by dhillen, 27 June 2009 - 06:29 PM.


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 27 June 2009 - 07:19 PM

Hi dhillen,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java SE Runtime Environment 6 Update 1
    Java 6 Update 3
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586.exe to install the newest version.

Also, I am unable to use Malwarebytes. It will not open for me to run tge program.




If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool.exe
Proceed installing the renamed installer of MBAM.

If MBAM will not run, go to the program directory of MBAM (e.g. C:\Program FIles\Malwarebytes Antimalware\) then rename mbam.exe to newtool.exe, double click newtool.exe to proceed in running a Full Scan.

The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 27 June 2009 - 07:21 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 27 June 2009 - 09:23 PM

Seems as if everything is working ok now! Here is the log after I ran the scan:


Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

6/27/2009 10:11:00 PM
mbam-log-2009-06-27 (22-11-00).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 197747
Time elapsed: 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.128,85.255.112.142 -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Owner\XP Deluxe Protector (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\Owner\Start Menu\XP Deluxe Protector.LNK (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 27 June 2009 - 09:29 PM

Hi dhillen,

Let make sure it is gone. :thumbup2:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 28 June 2009 - 01:24 PM

Here is the long one:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-28 14:23:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (21%) free of 72 GB
Total RAM: 503 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:30 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3622
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://mywebcast.cc/tvants/tvants.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7225 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-27 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"VX6000"=C:\WINDOWS\vVX6000.exe [2006-10-13 994096]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-01 29744]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-06-10 1447168]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-27 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcdc963-46e0-11dc-9731-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af503ba3-b408-11dc-b699-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df53717d-4af7-11dc-831d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-06-28 14:23:26 ----D---- C:\rsit
2009-06-27 21:36:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-27 21:36:37 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-27 21:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-27 21:36:36 ----A---- C:\WINDOWS\system32\java.exe
2009-06-27 19:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 05:10:54 ----A---- C:\WINDOWS\system32\CF27960.exe
2009-06-24 05:08:07 ----A---- C:\WINDOWS\system32\CF27418.exe
2009-06-24 05:06:45 ----A---- C:\WINDOWS\system32\CF27150.exe
2009-06-24 05:05:20 ----A---- C:\WINDOWS\system32\CF26866.exe
2009-06-24 05:03:47 ----A---- C:\WINDOWS\system32\CF26369.exe
2009-06-24 05:02:41 ----D---- C:\Qoobox
2009-06-24 05:02:37 ----A---- C:\Bug.txt
2009-06-24 04:45:15 ----D---- C:\Program Files\Trend Micro
2009-06-16 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-16 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-16 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-16 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-15 21:27:19 ----D---- C:\WINDOWS\ie8updates
2009-06-15 21:25:24 ----HDC---- C:\WINDOWS\ie8
2009-06-14 23:07:15 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-14 13:23:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\XceedCry.dll
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\XceedBkp.dll
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-06-14 12:23:12 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-06-07 00:16:26 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-06 10:36:03 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-06 02:09:57 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-06 02:09:35 ----D---- C:\Program Files\Lavasoft
2009-06-06 02:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-06 01:48:12 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-06-05 21:54:51 ----D---- C:\Documents and Settings\Owner\Application Data\ESET
2009-06-05 21:52:05 ----D---- C:\Program Files\ESET
2009-06-05 21:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-06-03 15:25:08 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-06-03 15:24:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-03 12:56:48 ----D---- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2009-05-18 02:56:28 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-18 02:56:26 ----D---- C:\Program Files\DivX
2009-05-16 03:09:00 ----D---- C:\WINDOWS\Prefetch
2009-05-16 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-16 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-16 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-15 14:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-15 14:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-15 14:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-15 14:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-15 14:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-15 14:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-15 14:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-15 14:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-15 14:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-15 14:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-15 14:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-15 14:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-15 14:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-15 14:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-15 14:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-15 14:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-15 14:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-15 13:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-15 13:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-15 13:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-15 13:57:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-15 13:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-15 13:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-15 13:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-15 13:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-15 13:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-15 13:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-15 13:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-05-15 13:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-15 13:48:20 ----D---- C:\WINDOWS\system32\scripting
2009-05-15 13:48:19 ----D---- C:\WINDOWS\l2schemas
2009-05-15 13:48:17 ----D---- C:\WINDOWS\system32\en
2009-05-15 13:48:16 ----D---- C:\WINDOWS\system32\bits
2009-05-15 13:42:34 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-15 13:37:46 ----D---- C:\WINDOWS\network diagnostic
2009-05-15 13:31:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-15 13:31:37 ----D---- C:\WINDOWS\EHome
2009-05-15 03:00:47 ----D---- C:\967bcf0047b8c1c8205741ebd02f64
2009-05-13 20:13:18 ----A---- C:\WINDOWS\Diner Dash Seasonal Snack Pack Uninstall Log.txt
2009-05-13 20:13:00 ----A---- C:\WINDOWS\Cooking Dash Uninstall Log.txt
2009-04-26 14:35:26 ----D---- C:\Program Files\Windows Sidebar
2009-04-26 04:28:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-26 04:23:12 ----D---- C:\Documents and Settings\Owner\Application Data\Nero
2009-04-26 04:03:02 ----A---- C:\WINDOWS\Irremote.ini
2009-04-26 03:41:55 ----D---- C:\Program Files\Nero
2009-04-26 03:41:18 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-04-26 03:41:17 ----D---- C:\Program Files\Common Files\Nero
2009-04-26 03:41:01 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-04-20 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-20 03:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-20 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-20 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-20 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-20 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-20 01:06:15 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 00:30:24 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-04-12 00:28:57 ----D---- C:\Program Files\Common Files\Jasc Software Inc
2009-04-12 00:28:24 ----D---- C:\Program Files\Jasc Software Inc
2009-04-12 00:28:24 ----D---- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc

======List of files/folders modified in the last 3 months======

2009-06-28 01:01:24 ----D---- C:\WINDOWS\Temp
2009-06-27 22:19:07 ----D---- C:\Program Files\AIMTunes
2009-06-27 22:13:50 ----D---- C:\WINDOWS\system32
2009-06-27 22:13:49 ----D---- C:\WINDOWS\system32\drivers
2009-06-27 22:13:15 ----D---- C:\Config.Msi
2009-06-27 22:12:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-27 21:39:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-27 21:36:41 ----SHD---- C:\WINDOWS\Installer
2009-06-27 21:36:14 ----D---- C:\Program Files\Java
2009-06-27 21:33:09 ----D---- C:\Program Files\Common Files
2009-06-27 19:08:45 ----D---- C:\Program Files
2009-06-26 18:53:29 ----D---- C:\Documents and Settings\Owner\Application Data\BitTorrent
2009-06-26 17:13:46 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-06-26 14:08:34 ----D---- C:\WINDOWS
2009-06-26 02:22:44 ----D---- C:\temp
2009-06-25 14:51:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 14:31:41 ----D---- C:\Documents and Settings\All Users\Application Data\Amazon
2009-06-24 04:00:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-23 23:54:00 ----HD---- C:\WINDOWS\inf
2009-06-20 09:12:51 ----D---- C:\Program Files\Magic Video Converter
2009-06-16 03:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-16 03:02:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-16 03:02:12 ----D---- C:\Program Files\Microsoft Works
2009-06-16 03:01:38 ----A---- C:\WINDOWS\imsins.BAK
2009-06-16 03:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-15 21:54:02 ----D---- C:\WINDOWS\system32\en-US
2009-06-15 21:54:01 ----D---- C:\WINDOWS\Media
2009-06-15 21:54:01 ----D---- C:\WINDOWS\Help
2009-06-15 21:54:01 ----D---- C:\Program Files\Internet Explorer
2009-06-15 20:42:05 ----SD---- C:\WINDOWS\Tasks
2009-06-14 23:07:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-06 23:26:19 ----D---- C:\WINDOWS\Minidump
2009-06-06 02:10:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-06 02:09:30 ----D---- C:\WINDOWS\WinSxS
2009-06-06 01:49:43 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-06-05 19:49:56 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2009-06-03 12:59:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-01 09:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-17 22:13:04 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-05-17 22:12:04 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem.txt
2009-05-16 03:10:11 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-16 03:09:04 ----A---- C:\WINDOWS\setuplog.txt
2009-05-16 03:08:35 ----D---- C:\WINDOWS\system32\Setup
2009-05-16 03:08:35 ----D---- C:\WINDOWS\AppPatch
2009-05-16 03:08:34 ----D---- C:\WINDOWS\system32\wbem
2009-05-16 03:08:33 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 03:07:38 ----D---- C:\WINDOWS\security
2009-05-15 14:04:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-15 13:55:29 ----D---- C:\Program Files\Messenger
2009-05-15 13:48:54 ----D---- C:\WINDOWS\ime
2009-05-15 13:48:22 ----D---- C:\WINDOWS\system32\usmt
2009-05-15 13:48:16 ----D---- C:\WINDOWS\PeerNet
2009-05-15 13:48:16 ----D---- C:\Program Files\Movie Maker
2009-05-15 13:42:11 ----D---- C:\WINDOWS\system32\Restore
2009-05-15 13:42:10 ----D---- C:\WINDOWS\system32\npp
2009-05-15 13:42:06 ----D---- C:\WINDOWS\msagent
2009-05-15 13:42:02 ----D---- C:\WINDOWS\srchasst
2009-05-15 13:42:00 ----D---- C:\Program Files\NetMeeting
2009-05-15 13:41:55 ----D---- C:\WINDOWS\system32\Com
2009-05-15 13:41:51 ----D---- C:\Program Files\Windows Media Player
2009-05-15 13:41:49 ----D---- C:\Program Files\Windows NT
2009-05-15 13:41:49 ----D---- C:\Program Files\Outlook Express
2009-05-15 13:41:37 ----D---- C:\Program Files\Common Files\System
2009-05-15 13:41:09 ----D---- C:\WINDOWS\system32\oobe
2009-05-15 13:41:04 ----D---- C:\WINDOWS\system
2009-05-15 13:35:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-15 13:21:37 ----RSD---- C:\WINDOWS\assembly
2009-05-13 01:15:55 ----A---- C:\WINDOWS\system32\wininet.dll
2009-05-13 01:15:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-05-07 11:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-01 23:45:54 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2009-04-30 17:22:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-30 17:22:32 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-30 17:22:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-30 17:22:32 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-30 17:22:31 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 07:21:08 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-26 03:41:04 ----D---- C:\WINDOWS\system32\DirectX
2009-04-25 04:26:39 ----A---- C:\WINDOWS\Cooking Dash Setup Log.txt
2009-04-15 10:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-04-12 00:28:57 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-06-10 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-13 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 2383152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-27 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-08-09 172032]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
S2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-06-10 19200]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-01 29744]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

_________________________________________

And here is the small one:

info.txt logfile of random's system information tool 1.06 2009-06-28 14:23:35

======Uninstall list======

-->"C:\Program Files\eMachines Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\eMachines Games\eMachines Game Console\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Family Feud 2\Uninstall.exe"
-->"C:\Program Files\eMachines Games\FATE\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\eMachines Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\eMachines Games\Virtual Villagers - A New Home\Uninstall.exe"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M06-00A0-42HU-P90P-WA5T-K74K-M5XU-2U01"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M09-00A0-6CM4-CE63-ET59-2ZEL-EWK3-2498"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0A-07A0-6TKK-X89P-L42E-9WUE-EPW4-7P7M"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0C-00A0-0CE5-WA9P-MW8Z-HH71-M4X5-AW0L"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0E-00A0-A0UE-KH1E-XM1M-Z54A-PTET-AM29"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M11-00A0-AMZ3-XW40-WK0L-72LP-MCL7-0LAM"
-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M13-00A0-98KT-MK5M-LX0Z-KC3E-MPZ5-2035"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation (Blu-ray Disc Authoring Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E31-58A3-9812-X4A8-K477-8K1E-63C2"
Activation (Blu-ray Video Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EE0-XCA7-99A1-2MA8-E72K-1355-96M7"
Activation (Gracenote Plug-in)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EC0-5K89-1827-54M2-M898-7C49-8EKE"
Activation (Nero 9 HD)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5EA0-AMAA-1804-M5K7-E848-2KCK-C8KK"
Activation (Nero BackItUp 4)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E11-1X6K-19C9-X853-MM96-C5EM-AC3X"
Activation (Nero MediaHome 4)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E60-4XM8-9912-ME51-4XK9-K238-A9KC"
Activation (Nero Move it)-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="5E90-AX74-190X-44M1-K337-470X-68E3"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
BigFix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blu-ray Disc Authoring Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M13-00A0-94WK-X62E-WL1U-A2EX-UUE5-47AU"
Blu-ray Video Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0E-00A0-7AWW-C65U-KUC0-T21X-H7LC-830T"
Blu-ray/HD DVD Video Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M15-00A0-9EX5-K26H-PA50-6HCK-PUX7-269U"
ConvertXtoDVD 2.2.3.258-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DTS Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M14-00A0-3HHP-TW20-P019-55MZ-XCP2-7869"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EasyWorship 2006-->"C:\Program Files\Softouch\EasyWorship\unins000.exe"
eMachines Connect-->MsiExec.exe /I{DF86A72C-4585-4D75-B592-968C8C6604A1}
eMachines Games-->"C:\Program Files\eMachines Games\Uninstall.exe"
ESET Smart Security-->MsiExec.exe /I{58E05C78-4785-443D-8A1B-CBFF49C2A84E}
Free YouTube Download 1.3-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Gracenote Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0C-00A0-05K7-HW76-KLC0-HX9P-LEEC-341Z"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
Lords of the Realm II-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\Lords2\Uninst.isu
Magic Video Converter Trial Version (English) 8.0.2.18-->"C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
mp3PRO Plug-in-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M16-00A0-88CM-H39W-U714-7WT6-M9M6-5K6U"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 HD-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M0A-07A0-42EZ-KW30-H71Z-WA8A-WPUE-8C66"
Nero BackItUp 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M11-00A0-38EE-MW24-M2AE-L12T-XAK7-5246"
Nero InCD-Reader-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M17-00A0-AKM9-K66H-LM17-5LWX-H2C7-9298"
Nero MediaHome 4-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M06-00A0-9LCA-W67U-LX37-P378-P1ME-1T2P"
Nero Move it-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M09-00A0-38HZ-UZ0L-C93K-K11T-TUUC-1Z57"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B38D54F6-C8C3-4420-8708-ADEAEB4F4CF9}\Setup.exe" anything
SecurDisc Viewer-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="7M18-00A0-AMXM-KW18-CM35-58L8-CTE7-4E89"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCM5K.inf
Uninstall 1.0.0.0-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
V CAST Music Manager -->C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

======System event log======

Computer Name: DEREKSBEAST
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
AFD
easdrv
epfwtdi
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
StarOpen
Tcpip

Record Number: 10391
Source Name: Service Control Manager
Time Written: 20090607001659.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 7001
Message: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 10390
Source Name: Service Control Manager
Time Written: 20090607001659.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 7001
Message: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 10389
Source Name: Service Control Manager
Time Written: 20090607001659.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 7001
Message: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 10388
Source Name: Service Control Manager
Time Written: 20090607001659.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 7001
Message: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 10387
Source Name: Service Control Manager
Time Written: 20090607001659.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: DEREKSBEAST
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 2281
Source Name: ASP.NET 2.0.50727.0
Time Written: 20080411030240.000000-240
Event Type: warning
User:

Computer Name: DEREKSBEAST
Event Code: 1517
Message: Windows saved user DEREKSBEAST\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2260
Source Name: Userenv
Time Written: 20080409163523.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DEREKSBEAST
Event Code: 1000
Message: Faulting application lords2.exe, version 0.0.0.0, faulting module lords2.exe, version 0.0.0.0, fault address 0x00046ad5.

Record Number: 2258
Source Name: Application Error
Time Written: 20080409130125.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 1000
Message: Faulting application lords2.exe, version 0.0.0.0, faulting module lords2.exe, version 0.0.0.0, fault address 0x00046ad5.

Record Number: 2250
Source Name: Application Error
Time Written: 20080409120300.000000-240
Event Type: error
User:

Computer Name: DEREKSBEAST
Event Code: 1517
Message: Windows saved user DEREKSBEAST\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2243
Source Name: Userenv
Time Written: 20080409030754.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 28 June 2009 - 02:03 PM

Why did you run ComboFix on your own? :thumbup2: You may have shot yourself in the foot.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 28 June 2009 - 02:28 PM

Well my computer is running ok now. It seems like everything is good.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 28 June 2009 - 03:49 PM

Sounds like you got lucky. :thumbup2: NEVER run combofix on your own. If you do, then dont blame but yourself if your computer crashes.

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint



Reboot and post a fresh RSIT info. tx log (not the info.txt).

Edited by SifuMike, 28 June 2009 - 03:50 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 28 June 2009 - 06:07 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-28 19:08:28
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (21%) free of 72 GB
Total RAM: 503 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:08:34 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\anotify.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=W3622
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://mywebcast.cc/tvants/tvants.cab
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWire...loadControl.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-27 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"VX6000"=C:\WINDOWS\vVX6000.exe [2006-10-13 994096]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-01 29744]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-06-10 1447168]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-27 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-10-06 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcdc963-46e0-11dc-9731-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df53717d-4af7-11dc-831d-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-06-28 14:23:26 ----D---- C:\rsit
2009-06-27 21:36:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-27 21:36:37 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-27 21:36:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-27 21:36:36 ----A---- C:\WINDOWS\system32\java.exe
2009-06-27 19:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 05:10:54 ----A---- C:\WINDOWS\system32\CF27960.exe
2009-06-24 05:08:07 ----A---- C:\WINDOWS\system32\CF27418.exe
2009-06-24 05:06:45 ----A---- C:\WINDOWS\system32\CF27150.exe
2009-06-24 05:05:20 ----A---- C:\WINDOWS\system32\CF26866.exe
2009-06-24 05:03:47 ----A---- C:\WINDOWS\system32\CF26369.exe
2009-06-24 05:02:41 ----D---- C:\Qoobox
2009-06-24 05:02:37 ----A---- C:\Bug.txt
2009-06-24 04:45:15 ----D---- C:\Program Files\Trend Micro
2009-06-16 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-16 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-16 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-16 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-15 21:27:19 ----D---- C:\WINDOWS\ie8updates
2009-06-15 21:25:24 ----HDC---- C:\WINDOWS\ie8
2009-06-14 23:07:15 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-14 13:23:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\XceedCry.dll
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\XceedBkp.dll
2009-06-14 12:48:34 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL
2009-06-14 12:23:12 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-06-07 00:16:26 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-06 10:36:03 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-06 02:09:57 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-06 02:09:35 ----D---- C:\Program Files\Lavasoft
2009-06-06 02:09:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-06 01:48:12 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-06-05 21:54:51 ----D---- C:\Documents and Settings\Owner\Application Data\ESET
2009-06-05 21:52:05 ----D---- C:\Program Files\ESET
2009-06-05 21:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-06-03 15:25:08 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-06-03 15:24:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-03 12:56:48 ----D---- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2009-05-18 02:56:28 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-18 02:56:26 ----D---- C:\Program Files\DivX
2009-05-16 03:09:00 ----D---- C:\WINDOWS\Prefetch
2009-05-16 03:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-16 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-16 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-15 14:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-15 14:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-15 14:03:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-15 14:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-15 14:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-15 14:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-15 14:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-15 14:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-15 14:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-15 14:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-05-15 14:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-05-15 14:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-15 14:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-15 14:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-15 14:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-15 14:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-15 14:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-05-15 13:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-15 13:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-15 13:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-15 13:57:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-15 13:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-05-15 13:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-15 13:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-15 13:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-15 13:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-15 13:55:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-15 13:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-05-15 13:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-15 13:48:20 ----D---- C:\WINDOWS\system32\scripting
2009-05-15 13:48:19 ----D---- C:\WINDOWS\l2schemas
2009-05-15 13:48:17 ----D---- C:\WINDOWS\system32\en
2009-05-15 13:48:16 ----D---- C:\WINDOWS\system32\bits
2009-05-15 13:42:34 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-15 13:37:46 ----D---- C:\WINDOWS\network diagnostic
2009-05-15 13:31:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-15 13:31:37 ----D---- C:\WINDOWS\EHome
2009-05-15 03:00:47 ----D---- C:\967bcf0047b8c1c8205741ebd02f64
2009-05-13 20:13:18 ----A---- C:\WINDOWS\Diner Dash Seasonal Snack Pack Uninstall Log.txt
2009-05-13 20:13:00 ----A---- C:\WINDOWS\Cooking Dash Uninstall Log.txt
2009-04-26 14:35:26 ----D---- C:\Program Files\Windows Sidebar
2009-04-26 04:28:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-26 04:23:12 ----D---- C:\Documents and Settings\Owner\Application Data\Nero
2009-04-26 04:03:02 ----A---- C:\WINDOWS\Irremote.ini
2009-04-26 03:41:55 ----D---- C:\Program Files\Nero
2009-04-26 03:41:18 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-04-26 03:41:17 ----D---- C:\Program Files\Common Files\Nero
2009-04-26 03:41:01 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-04-20 03:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-20 03:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-20 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-20 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-20 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-20 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-20 01:06:15 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-12 00:30:24 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-04-12 00:28:57 ----D---- C:\Program Files\Common Files\Jasc Software Inc
2009-04-12 00:28:24 ----D---- C:\Program Files\Jasc Software Inc
2009-04-12 00:28:24 ----D---- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc

======List of files/folders modified in the last 3 months======

2009-06-28 19:02:16 ----D---- C:\WINDOWS\Temp
2009-06-28 19:02:02 ----D---- C:\WINDOWS\system32
2009-06-28 19:00:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-28 18:56:40 ----D---- C:\Program Files
2009-06-28 15:06:40 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-06-28 15:06:30 ----D---- C:\Program Files\DVDVideoSoft
2009-06-28 15:05:12 ----D---- C:\temp
2009-06-28 15:03:08 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-06-28 14:23:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-27 22:19:07 ----D---- C:\Program Files\AIMTunes
2009-06-27 22:13:49 ----D---- C:\WINDOWS\system32\drivers
2009-06-27 22:13:15 ----D---- C:\Config.Msi
2009-06-27 21:36:41 ----SHD---- C:\WINDOWS\Installer
2009-06-27 21:36:14 ----D---- C:\Program Files\Java
2009-06-27 21:33:09 ----D---- C:\Program Files\Common Files
2009-06-26 18:53:29 ----D---- C:\Documents and Settings\Owner\Application Data\BitTorrent
2009-06-26 14:08:34 ----D---- C:\WINDOWS
2009-06-25 14:51:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 14:31:41 ----D---- C:\Documents and Settings\All Users\Application Data\Amazon
2009-06-24 04:00:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-23 23:54:00 ----HD---- C:\WINDOWS\inf
2009-06-20 09:12:51 ----D---- C:\Program Files\Magic Video Converter
2009-06-16 03:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-16 03:02:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-16 03:02:12 ----D---- C:\Program Files\Microsoft Works
2009-06-16 03:01:38 ----A---- C:\WINDOWS\imsins.BAK
2009-06-16 03:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-15 21:54:02 ----D---- C:\WINDOWS\system32\en-US
2009-06-15 21:54:01 ----D---- C:\WINDOWS\Media
2009-06-15 21:54:01 ----D---- C:\WINDOWS\Help
2009-06-15 21:54:01 ----D---- C:\Program Files\Internet Explorer
2009-06-15 20:42:05 ----SD---- C:\WINDOWS\Tasks
2009-06-14 23:07:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-06 23:26:19 ----D---- C:\WINDOWS\Minidump
2009-06-06 02:10:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-06 02:09:30 ----D---- C:\WINDOWS\WinSxS
2009-06-06 01:49:43 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2009-06-05 19:49:56 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2009-06-03 12:59:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-01 09:51:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-17 22:13:04 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-05-17 22:12:04 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem.txt
2009-05-16 03:10:11 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-16 03:09:04 ----A---- C:\WINDOWS\setuplog.txt
2009-05-16 03:08:35 ----D---- C:\WINDOWS\system32\Setup
2009-05-16 03:08:35 ----D---- C:\WINDOWS\AppPatch
2009-05-16 03:08:34 ----D---- C:\WINDOWS\system32\wbem
2009-05-16 03:08:33 ----RSD---- C:\WINDOWS\Fonts
2009-05-16 03:07:38 ----D---- C:\WINDOWS\security
2009-05-15 14:04:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-15 13:55:29 ----D---- C:\Program Files\Messenger
2009-05-15 13:48:54 ----D---- C:\WINDOWS\ime
2009-05-15 13:48:22 ----D---- C:\WINDOWS\system32\usmt
2009-05-15 13:48:16 ----D---- C:\WINDOWS\PeerNet
2009-05-15 13:48:16 ----D---- C:\Program Files\Movie Maker
2009-05-15 13:42:11 ----D---- C:\WINDOWS\system32\Restore
2009-05-15 13:42:10 ----D---- C:\WINDOWS\system32\npp
2009-05-15 13:42:06 ----D---- C:\WINDOWS\msagent
2009-05-15 13:42:02 ----D---- C:\WINDOWS\srchasst
2009-05-15 13:42:00 ----D---- C:\Program Files\NetMeeting
2009-05-15 13:41:55 ----D---- C:\WINDOWS\system32\Com
2009-05-15 13:41:51 ----D---- C:\Program Files\Windows Media Player
2009-05-15 13:41:49 ----D---- C:\Program Files\Windows NT
2009-05-15 13:41:49 ----D---- C:\Program Files\Outlook Express
2009-05-15 13:41:37 ----D---- C:\Program Files\Common Files\System
2009-05-15 13:41:09 ----D---- C:\WINDOWS\system32\oobe
2009-05-15 13:41:04 ----D---- C:\WINDOWS\system
2009-05-15 13:35:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-15 13:21:37 ----RSD---- C:\WINDOWS\assembly
2009-05-13 01:15:55 ----A---- C:\WINDOWS\system32\wininet.dll
2009-05-13 01:15:55 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-05-07 11:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-01 23:45:54 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2009-04-30 17:22:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-30 17:22:32 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-30 17:22:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-30 17:22:32 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-30 17:22:31 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 07:21:08 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-26 03:41:04 ----D---- C:\WINDOWS\system32\DirectX
2009-04-25 04:26:39 ----A---- C:\WINDOWS\Cooking Dash Setup Log.txt
2009-04-15 10:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2009-04-12 00:28:57 ----D---- C:\Program Files\Common Files\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-06-10 30728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-10-06 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-02-13 47360]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 69692]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 2383152]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-27 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-08-09 172032]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-06-10 19200]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-01 29744]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []

-----------------EOF-----------------

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 28 June 2009 - 06:32 PM

Looks good. :thumbup2:

Delete RSIT and Security Check from your destop.

Please read and follow

Simple and easy ways to keep your computer safe and secure on the Internet
as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

Now your good to go. :)
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 dhillen

dhillen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 28 June 2009 - 10:18 PM

Thank you so much!

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 28 June 2009 - 10:24 PM

Your very welcome. I hope your computer continues to run smoothly. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:55 PM

Posted 04 July 2009 - 06:24 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users