Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sites registering Firefox 3.5.1 as IE6, javascript failing in isolated incidents, pop-ups


  • This topic is locked This topic is locked
11 replies to this topic

#1 Glotnot

Glotnot

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 31 July 2009 - 04:56 PM

Despite running Firefox 3.5.1, some websites well register my browser as Internet Explorer 6.

Not all; only some.

As well, javascript seems to work in certain cases and not in others. While most sites will load fine, features such as the Facebook chat bar will stay stationary instead of scrolling along at the bottom of the screen. This has, in fact, stopped me from being able to add the attachment.

A large number of pop-ups from PornPros, Gaming Harbor, life123, SmileyCentral, GamveVance, and sites advertising acai products and Christian dating sites also began to appear.

Firefox tabs will also occasionally close and bring themselves up in another window.

EDIT: Have discovered that actually logging on through IE6 appear to fix the java problem....At the least, the attachment bar loads.

DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 17:19:21.20 on Fri 07/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.846 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://neoseeker.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.0.850\HPIEAddOn.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: VisualTool: {f3a54897-9e68-b11e-a37a-4d1422ce9caa} - c:\program files\visualtool\VisualTool-2.dll
TB: {7D787886-3B24-401C-A7BC-AF950A1C3CAC} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: Search panel: {3271c2f5-fda2-a247-7711-2f809874973c} - c:\windows\system32\wmkafqlbsxto.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6]
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Pinnacle WebUpdater] "c:\program files\pinnacle\shared files\programs\webupdater\WebUpdater.exe" -s -f=UpdatePMC45.xml -url=http://cdn.pinnaclesys.com/SupportFiles
mRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\1q5t2o4j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://neoseeker.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\internet saving optimizer\3.4.0.4340\ff\components\NPFFAddOn.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-22 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-23 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-23 108552]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-7-22 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-22 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-7-22 434945]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-23 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-22 55640]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-10-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-23 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-22 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-1-21 109616]

=============== Created Last 30 ================

2009-07-31 15:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 05:19 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-23 02:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-23 02:46 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-23 02:45 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 02:41 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-23 02:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-23 02:30 <DIR> --d----- c:\program files\AVG
2009-07-23 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-22 23:19 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\AVG8
2009-07-22 23:19 <DIR> --d----- c:\program files\Trend Micro
2009-07-22 22:32 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Avira
2009-07-22 20:56 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-22 20:56 <DIR> --d----- c:\program files\Avira
2009-07-22 20:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-17 10:52 526,848 a------- c:\windows\system32\wmkafqlbsxto.dll
2009-07-16 04:51 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\TrojanHunter
2009-07-16 00:52 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-07-14 23:28 <DIR> --d----- c:\documents and settings\hp_administrator\Tracing
2009-07-14 23:21 <DIR> --d----- c:\program files\Microsoft
2009-07-14 23:20 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-14 23:16 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-14 20:02 377,528 a------- C:\AnalysisLog.sr0
2009-07-12 17:17 <DIR> --d----- c:\program files\Media Access Startup
2009-07-12 17:16 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-07-12 17:16 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-12 17:16 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-07-22 15:30 58,738 a------- c:\windows\system32\wmkafqlbsxto.dll-uninst.exe
2009-07-18 12:00 1,509,888 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 12:00 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll
2009-06-22 07:40 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-06-16 10:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 11:44 344,064 a------- c:\windows\system32\dllcache\localspl.dll
2009-05-07 11:44 344,064 -------- c:\windows\system32\localspl.dll
2007-10-04 18:10 138 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-02-18 12:13 370,642,875 a------- c:\program files\BOTS_setup(061123).exe
2007-02-08 06:36 446,511,633 a------- c:\program files\MapleStorySetup.exe
2007-02-05 20:58 359,112 a------- c:\program files\LimeWireWin.exe
2007-02-01 07:19 36,808,256 a------- c:\program files\iTunesSetup.exe
2007-01-17 18:24 7,235,678 a------- c:\program files\Cosmos_Release.zip
2007-01-03 01:37 283,960 a------- c:\program files\dxwebsetup.exe
2007-01-03 01:33 19,101,088 a------- c:\program files\cadv5.exe
2006-11-22 20:01 1,005,141 a------- c:\program files\wowclient-downloader.exe

============= FINISH: 17:20:14.76 ===============

Attached Files


Edited by Glotnot, 31 July 2009 - 09:40 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:13 AM

Posted 10 August 2009 - 11:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Glotnot

Glotnot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 10 August 2009 - 06:46 PM

Aspects of certain sites, such as Myspace chat boxes, the Facebook chat bar, and the attachment bar of this forum, don't work in Firefox.

A multitude of pop-ups began to appear.

Recently I lost the ability to right-click in the main Firefox window, though I retain the ability to right-click in the toolbar and on my desktop as well as any other open window.

Certain sites began to recognize Firefox as either being an older version, or being Internet Explorer 6.

This began between July 12th and July 16th.


DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 19:36:10.56 on Mon 08/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1117 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theprizeday.com/today.php
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.0.850\HPIEAddOn.dll
BHO: {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: {CDBFB47B-58A8-4111-BF95-06178DCE326D} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - No File
TB: {7D787886-3B24-401C-A7BC-AF950A1C3CAC} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
EB: Search panel: {3271c2f5-fda2-a247-7711-2f809874973c} - c:\windows\system32\wmkafqlbsxto.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Aim6]
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Pinnacle WebUpdater] "c:\program files\pinnacle\shared files\programs\webupdater\WebUpdater.exe" -s -f=UpdatePMC45.xml -url=http://cdn.pinnaclesys.com/SupportFiles
mRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [THGuard] "c:\program files\trojanhunter 5.0\THGuard.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks\norton cleanup\WCQuick.lnk
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\1q5t2o4j.default\
FF - prefs.js: browser.startup.homepage - hxxp://neoseeker.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\internet saving optimizer\3.4.0.4340\ff\components\NPFFAddOn.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-22 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-23 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-23 108552]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-7-22 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-22 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-7-22 434945]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-23 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-22 55656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-9-17 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-9-17 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-10-3 95832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-23 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-22 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-1-21 109616]

=============== Created Last 30 ================

2009-08-07 03:08 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-07 03:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-07 03:07 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 03:07 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 03:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-07 03:07 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 03:07 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-07 03:07 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 03:07 <DIR> --d----- C:\2c7ae58f2e2e363d088b0f676c
2009-08-07 03:07 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-06 00:56 <DIR> --d----- c:\program files\CCleaner
2009-07-31 23:25 <DIR> --d----- c:\program files\Microsoft
2009-07-31 15:40 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 05:19 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-23 02:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-23 02:46 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-23 02:45 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 02:41 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-23 02:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-23 02:30 <DIR> --d----- c:\program files\AVG
2009-07-23 02:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-22 23:19 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\AVG8
2009-07-22 23:19 <DIR> --d----- c:\program files\Trend Micro
2009-07-22 22:32 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Avira
2009-07-22 20:56 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-22 20:56 <DIR> --d----- c:\program files\Avira
2009-07-22 20:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-17 10:52 526,848 a------- c:\windows\system32\wmkafqlbsxto.dll
2009-07-16 04:51 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\TrojanHunter
2009-07-16 00:52 <DIR> --d----- c:\program files\TrojanHunter 5.0
2009-07-14 23:28 <DIR> --d----- c:\documents and settings\hp_administrator\Tracing
2009-07-14 23:20 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-14 23:16 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-14 20:02 377,528 a------- C:\AnalysisLog.sr0
2009-07-12 17:17 <DIR> --d----- c:\program files\Media Access Startup
2009-07-12 17:16 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-07-12 17:16 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-12 17:16 <DIR> --d----- c:\program files\DoubleD

==================== Find3M ====================

2009-07-22 15:30 58,738 a------- c:\windows\system32\wmkafqlbsxto.dll-uninst.exe
2009-07-18 12:00 1,509,888 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 12:00 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll
2009-06-22 07:40 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-06-16 10:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:24 1,291,264 a------- c:\windows\system32\dllcache\quartz.dll
2007-10-04 18:10 138 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2007-02-18 12:13 370,642,875 a------- c:\program files\BOTS_setup(061123).exe
2007-02-08 06:36 446,511,633 a------- c:\program files\MapleStorySetup.exe
2007-02-05 20:58 359,112 a------- c:\program files\LimeWireWin.exe
2007-02-01 07:19 36,808,256 a------- c:\program files\iTunesSetup.exe
2007-01-17 18:24 7,235,678 a------- c:\program files\Cosmos_Release.zip
2007-01-03 01:37 283,960 a------- c:\program files\dxwebsetup.exe
2007-01-03 01:33 19,101,088 a------- c:\program files\cadv5.exe
2006-11-22 20:01 1,005,141 a------- c:\program files\wowclient-downloader.exe

============= FINISH: 19:37:13.07 ===============

Attached Files


Edited by Glotnot, 10 August 2009 - 06:48 PM.


#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:13 AM

Posted 14 August 2009 - 02:46 AM

Hi Glotnot,


Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.



Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.MBAM log
3.RSIT log.txt and info.txt. Thanks.

#5 Glotnot

Glotnot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 14 August 2009 - 11:25 PM

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-14 22:34:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 89CB56C8 ZwAlertResumeThread
SSDT 89CC96C8 ZwAlertThread
SSDT 8A4CC258 ZwAllocateVirtualMemory
SSDT BAFAB39E ZwCreateKey
SSDT 89D63880 ZwCreateMutant
SSDT BAFAB394 ZwCreateThread
SSDT BAFAB3A3 ZwDeleteKey
SSDT BAFAB3AD ZwDeleteValueKey
SSDT 89D4B6F8 ZwFreeVirtualMemory
SSDT 89D11850 ZwImpersonateAnonymousToken
SSDT 89CAE6C8 ZwImpersonateThread
SSDT BAFAB3B2 ZwLoadKey
SSDT 8A73DC90 ZwMapViewOfSection
SSDT 89D26890 ZwOpenEvent
SSDT BAFAB380 ZwOpenProcess
SSDT 8A198770 ZwOpenProcessToken
SSDT BAFAB385 ZwOpenThread
SSDT 89CC76F8 ZwOpenThreadToken
SSDT BAFAB3BC ZwReplaceKey
SSDT BAFAB3B7 ZwRestoreKey
SSDT 89D5D6D0 ZwResumeThread
SSDT 89D3F6C8 ZwSetContextThread
SSDT 89CCB6F8 ZwSetInformationProcess
SSDT 89CAE700 ZwSetInformationThread
SSDT BAFAB3A8 ZwSetValueKey
SSDT 89D228D0 ZwSuspendProcess
SSDT 89D4C6C8 ZwSuspendThread
SSDT BAFAB38F ZwTerminateProcess
SSDT 89CD06C8 ZwTerminateThread
SSDT 89D4A6C8 ZwUnmapViewOfSection
SSDT 89C9E6F8 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}
Reg HKLM\SOFTWARE\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3024A848-7C77-6F90-8B14B36A94BB61F2}\{6CDD5654-07A8-13D8-C2EB636328E10F29}\{AF593ADC-BF32-7E11-B704756686EE805B}
Reg HKLM\SOFTWARE\Classes\CLSID\{3024A848-7C77-6F90-8B14B36A94BB61F2}\{6CDD5654-07A8-13D8-C2EB636328E10F29}\{AF593ADC-BF32-7E11-B704756686EE805B}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{406CE662-49A5-A824-9AD16CDB8C980A83}\{51810E7B-CC7B-50CD-91DC82E76A5CA55B}\{3C9B1055-B264-EADB-6986DE03867D1DB4}
Reg HKLM\SOFTWARE\Classes\CLSID\{406CE662-49A5-A824-9AD16CDB8C980A83}\{51810E7B-CC7B-50CD-91DC82E76A5CA55B}\{3C9B1055-B264-EADB-6986DE03867D1DB4}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{40886FA5-87BC-FDA7-0C1FAC01C243999B}\{19E564B2-522B-7AA8-1ACCCD0705265332}\{1F2DE655-6E2E-2DD5-8638E8D01A513D14}
Reg HKLM\SOFTWARE\Classes\CLSID\{40886FA5-87BC-FDA7-0C1FAC01C243999B}\{19E564B2-522B-7AA8-1ACCCD0705265332}\{1F2DE655-6E2E-2DD5-8638E8D01A513D14}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}
Reg HKLM\SOFTWARE\Classes\CLSID\{48418982-249C-E344-B1C048196FA2EDFD}\{A41EB0B4-3EE0-E472-B7C2AAEB5A9566C4}\{DB4C8A45-FEFF-6FD9-65B4662880A15182}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}
Reg HKLM\SOFTWARE\Classes\CLSID\{58108EA6-F0F8-838F-6C2A403DB017DCAF}\{7C3918A7-E77A-99CB-B21F6D376FB586C0}\{5E9787CE-D944-C377-C12E117E9C86E636}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}
Reg HKLM\SOFTWARE\Classes\CLSID\{62E758C6-EE56-67AB-7A3E2F088A108BC4}\{3E530B8E-E7D7-91CB-07329483978E2FFC}\{65FEF1D9-850D-2011-E21A2EE487AC8842}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7129CE56-6141-5E78-1B43C38ACD84D6F1}\{8114B6F0-1072-5EBB-3EE28A5CFE52E012}\{69EA7742-3579-BB32-476F346B94EBE888}
Reg HKLM\SOFTWARE\Classes\CLSID\{7129CE56-6141-5E78-1B43C38ACD84D6F1}\{8114B6F0-1072-5EBB-3EE28A5CFE52E012}\{69EA7742-3579-BB32-476F346B94EBE888}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{8472BA1A-B0FA-88F3-90386E614F860D47}\{66D81DF1-2E53-4A0F-1B744E2CE8CEDA56}\{65C0E586-2284-7A2C-F227063A6BD7FEE6}
Reg HKLM\SOFTWARE\Classes\CLSID\{8472BA1A-B0FA-88F3-90386E614F860D47}\{66D81DF1-2E53-4A0F-1B744E2CE8CEDA56}\{65C0E586-2284-7A2C-F227063A6BD7FEE6}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{98E28BE4-118A-EA39-3FE2FDF7E232D89B}\{DFE81EF0-16B2-5E63-9055890879FD5BFF}\{9E285E3F-FD34-EDAD-0EA00DDB13898C03}
Reg HKLM\SOFTWARE\Classes\CLSID\{98E28BE4-118A-EA39-3FE2FDF7E232D89B}\{DFE81EF0-16B2-5E63-9055890879FD5BFF}\{9E285E3F-FD34-EDAD-0EA00DDB13898C03}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A72C365C-2B28-0978-52A59749C0ABC09D}\{2A6BE869-A5EF-247E-F6A7B01E97A485BF}\{3251E462-487B-7BE8-3B3E094BA2D6C7C9}
Reg HKLM\SOFTWARE\Classes\CLSID\{A72C365C-2B28-0978-52A59749C0ABC09D}\{2A6BE869-A5EF-247E-F6A7B01E97A485BF}\{3251E462-487B-7BE8-3B3E094BA2D6C7C9}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AA58136B-E4D9-7C22-F318862907B73EF7}\{7320B164-7CDE-F0FA-3D718014E02662FF}\{717B3025-5806-2EEA-4DFCCD0F4E1E26A2}
Reg HKLM\SOFTWARE\Classes\CLSID\{AA58136B-E4D9-7C22-F318862907B73EF7}\{7320B164-7CDE-F0FA-3D718014E02662FF}\{717B3025-5806-2EEA-4DFCCD0F4E1E26A2}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B60CDB60-5376-6DCA-4461E93C2465DB73}\{FC4191BA-6A42-922A-A34EA95E47ABF03B}\{07043ED0-9EC9-0D6A-FB993C405174A321}
Reg HKLM\SOFTWARE\Classes\CLSID\{B60CDB60-5376-6DCA-4461E93C2465DB73}\{FC4191BA-6A42-922A-A34EA95E47ABF03B}\{07043ED0-9EC9-0D6A-FB993C405174A321}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}
Reg HKLM\SOFTWARE\Classes\CLSID\{D6C53DCC-FBE6-A484-895E707488E1192C}\{427B1CEB-CDC7-050B-E6202C9404952D54}\{86A51E58-9B8E-E4EB-26F8074E7F2FD295}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EB668333-F612-E1D7-2FB00B30B4B4E4AA}\{D1B6E034-64F3-148A-55D2E81E9958627F}\{B02B1958-B4EC-2E2F-D228BAC73E6936F4}
Reg HKLM\SOFTWARE\Classes\CLSID\{EB668333-F612-E1D7-2FB00B30B4B4E4AA}\{D1B6E034-64F3-148A-55D2E81E9958627F}\{B02B1958-B4EC-2E2F-D228BAC73E6936F4}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EE14E6F1-2126-B92D-85C1E367ED532B77}\{B41DACD9-CA91-C5AB-B721AF64407C4FEE}\{02A113E6-1FE6-618B-B5A2DF9FB3CCBD20}
Reg HKLM\SOFTWARE\Classes\CLSID\{EE14E6F1-2126-B92D-85C1E367ED532B77}\{B41DACD9-CA91-C5AB-B721AF64407C4FEE}\{02A113E6-1FE6-618B-B5A2DF9FB3CCBD20}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EE6F7F74-172B-2FB0-AEA279A1BF4D862C}\{E8F7F584-6580-7444-5DDA05E0F08E204D}\{B782894F-9CE8-F53C-F71000A030EC5F4C}
Reg HKLM\SOFTWARE\Classes\CLSID\{EE6F7F74-172B-2FB0-AEA279A1BF4D862C}\{E8F7F584-6580-7444-5DDA05E0F08E204D}\{B782894F-9CE8-F53C-F71000A030EC5F4C}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#uk.youtubecom\settings.sol 84 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H2F0X6B\footerLogo[1].gif 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\0H2F0X6B\lowerBarBG[1].jpg 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\listArea_tab_focus_r[1].gif 70 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\listArea_tab_r[1].gif 70 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\Mobile_Setup_32x32[1].png 4126 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].818543892 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].824118870 312 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].824733307 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].826181757 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].828437826 441 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].831345153 498 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].831529713 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].832824174 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].834188507 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].836600285 1188 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].83704028 338 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].838047269 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].842720705 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\SpellingBee[1].png 1773 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].784187966 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].961858692 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].963358503 158 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].967825504 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].96856482 178 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].968985878 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].970866827 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].971059933 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].974386684 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].977247415 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].97875244 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].980074792 755 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].980866230 266 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].982290067 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].993111611 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].9938018 12 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].995011666 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].997418870 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].998394847 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].998807547 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].898628970 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].903441733 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].903792610 703 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].905408715 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].906325626 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].910547645 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].915405078 286 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].916878551 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].919219822 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].922354042 318 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].92669184 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].930901366 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].931523055 43 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].931577830 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].932000512 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].932455479 48 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].708139441 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].708434646 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].845672755 225 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].846007407 40 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].849636889 312 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].849852542 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].851350621 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].851718587 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].854627290 769 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].855541533 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].855879996 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].861962360 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].863272595 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].863397219 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].864274171 1718 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].865006390 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].865802386 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].870114327 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].874428820 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].879694482 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].881903293 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].88774554 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].890864357 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].894921171 506 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].713944173 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].784593753 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].815921713 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].84276743 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].894940589 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].933506568 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].961577496 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].999141235 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].941116319 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].942097039 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].942339025 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].942745651 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].942749983 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].944148702 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].944601556 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].947877930 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].949027260 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].951350948 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].951672731 755 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].953618613 39 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].95527212 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].95821066 0 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GX6ZSHQR\gateway[1].961501238 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Outlook\Contents\Resources\zh_TW.lproj\Localizable.strings 56 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Outlook\Contents\Resources\zh_TW.lproj\locversion.plist 388 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Outlook\Contents\Windows\com.apple.Outlook 9458 bytes executable
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Info-Windows.plist 620 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\com.apple.safari.plist 394 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\da.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\da.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\da.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Dutch.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Dutch.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Dutch.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\English.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\English.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\English.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\fi.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\fi.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\fi.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\French.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\French.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\French.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\German.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\German.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\German.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Italian.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Italian.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Italian.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Japanese.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Japanese.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Japanese.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ko.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ko.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ko.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\no.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\no.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\no.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pl.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pl.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pl.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pt_PT.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pt_PT.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\pt_PT.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ru.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ru.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\ru.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Spanish.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Spanish.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\Spanish.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\sv.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\sv.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\sv.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_CN.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_CN.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_CN.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_TW.lproj 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_TW.lproj\Localizable.strings 54 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Resources\zh_TW.lproj\locversion.plist 386 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Windows 0 bytes
File C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Contents\Windows\com.apple.Safari 8520 bytes executable

---- EOF - GMER 1.0.15 ----





Malwarebytes' Anti-Malware 1.40
Database version: 2628
Windows 5.1.2600 Service Pack 2

8/14/2009 11:51:35 PM
mbam-log-2009-08-14 (23-51-35).txt

Scan type: Quick Scan
Objects scanned: 107920
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 36
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 32
Files Infected: 376

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51dc5693-d2ce-4381-8996-304fb68c9ab5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{844b827e-83d1-4621-a9ff-d681bca7920c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cc2d2315-e62e-454d-b183-9695708a1444} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2fd613ba-2d2b-429a-8acb-e97747c33dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3182a762-5196-4240-8055-0b3df17fefff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3a54897-9e68-b11e-a37a-4d1422ce9caa} (Adware.PlayMp3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3a54897-9e68-b11e-a37a-4d1422ce9caa} (Adware.PlayMp3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13552f8b-9db1-430c-507c-1bdd7de816d4} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7d787886-3b24-401c-a7bc-af950a1c3cac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\MediaVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\wmkafqlbsxto.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\MediaVideoCodec\install.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090810-191011.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-172212.044.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-172217.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-180316.736.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-180325.545.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-192621.825.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090712-214632.019.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-124654.164.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-151048.008.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-185810.973.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090713-215329.615.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090714-132134.079.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090714-183358.548.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090714-200151.635.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-155909.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-202103.396.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-202130.428.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090715-210313.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-015101.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-045342.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-123712.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-123933.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-132447.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090716-172331.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-104749.541.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-172622.181.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090717-210415.037.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-100930.469.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-102732.610.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-110415.032.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-155631.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-193546.672.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-195556.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-195557.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090718-222219.572.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-040711.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-165315.391.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-025152.377.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-181817.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-015733.732.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-125407.544.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-141700.794.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-020939.716.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-155416.700.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-163703.466.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-164324.107.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-165432.122.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171057.497.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171401.497.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171617.060.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171819.997.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171832.763.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-171913.575.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172136.466.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-172332.950.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-174708.669.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-210836.641.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-210946.847.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211101.517.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211303.054.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211305.498.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211944.319.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-212002.521.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-212032.235.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-212404.216.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-222817.560.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-224824.566.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-224946.005.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-224952.755.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-225601.244.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-225622.010.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-230850.847.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-230854.254.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-014249.987.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-014304.284.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-014501.659.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-024407.815.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-024545.049.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-041014.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-093151.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-093355.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-105457.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-174843.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-021942.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-022009.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-182715.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-195131.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-204751.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-092106.374.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-094340.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-191918.405.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-201731.030.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-041322.881.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-135955.973.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-170625.564.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-183350.539.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-220540.367.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-220542.961.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-040151.227.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-045517.055.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-193104.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-194828.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-104341.827.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-120310.530.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-191933.733.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-204054.874.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-000351.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-141042.359.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-154245.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-154248.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-181317.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-024607.388.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-024609.622.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-032147.872.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-095409.107.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-170255.513.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-225541.096.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-153723.262.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-160609.653.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-163807.871.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-193341.121.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170141.867.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170158.336.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-170203.914.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-214937.534.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-141526.660.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-185834.957.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-143917.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-210659.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-010745.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-010746.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-145554.699.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-145608.543.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-174853.246.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-141729.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-141734.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-141838.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-174753.758.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-190750.479.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-145652.624.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-145655.444.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-145813.873.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-145816.818.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-192535.982.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-102414.558.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-145807.798.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090810-065952.503.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090810-160807.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090810-192806.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090811-065204.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090811-165646.379.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090811-175318.376.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090811-201004.311.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090812-070543.139.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090812-173532.123.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090812-180849.498.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090812-195334.186.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090813-065227.125.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090813-183321.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090814-071557.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090814-161940.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090814-190222.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090814-191303.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090814-224726.296.log (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-191011.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-171702.638.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-172211.966.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-172217.638.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-180316.704.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-180325.514.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-192621.716.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-214632.003.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-124654.102.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-151047.977.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-185810.957.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-215329.600.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-132134.063.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-183358.533.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-200150.762.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-155907.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-202101.100.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-182302.069.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-202130.225.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090715-210307.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-015101.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-045342.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-123712.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-123933.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-132447.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090716-172331.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-104749.478.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-172622.119.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090717-210414.849.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-100930.438.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-102732.594.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-110415.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-155631.657.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-193546.657.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-195556.469.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-195557.360.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090718-222219.557.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-040711.499.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-165315.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-025152.361.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-181817.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-015733.654.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-125407.450.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-141700.763.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-020939.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-155416.685.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-163703.357.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-164324.075.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-165432.107.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171057.466.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171401.419.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171617.044.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171819.966.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171832.716.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-171913.544.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172136.435.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-172332.919.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-174708.654.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-210836.547.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-210946.831.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211101.470.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211303.023.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211305.467.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211944.288.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-212002.474.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-212032.204.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-212404.185.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-222815.774.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-224820.410.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-224945.989.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-224952.005.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-225601.072.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-225621.978.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-230850.832.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-230854.238.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-014249.206.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-014303.393.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-014501.581.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-024407.221.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-024545.018.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-041013.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-093146.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-093355.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-105454.765.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-174842.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-021942.390.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-022009.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-182713.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-195131.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-204751.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-092106.249.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-094340.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-191918.327.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-201730.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-041308.003.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-135955.629.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-170624.749.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-183349.617.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-220539.680.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-220542.930.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-040150.805.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-045516.851.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-193059.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-194826.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-104341.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-120310.452.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-191933.623.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090730-204054.311.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-000340.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-141040.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-154245.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-154248.093.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-181317.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-221602.138.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090731-222752.075.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-024607.185.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-024609.607.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-032147.716.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-095408.997.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-100900.513.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-170255.435.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090801-225540.971.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-153723.137.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-160609.590.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-163807.809.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090802-193341.059.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-170141.524.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-170158.320.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-170203.899.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090803-214937.377.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-141525.988.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090804-185834.535.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-143904.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090805-210658.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-010745.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-010746.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-145546.527.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-145608.527.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090806-174853.152.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-141726.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-141734.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-141838.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-174753.211.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090807-190750.198.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-145651.684.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-145655.428.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-145813.841.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-145816.802.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090808-192535.857.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-102414.277.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090809-145807.721.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-065952.268.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-160807.702.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090810-192806.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-065204.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-165645.426.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-175318.313.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090811-201004.061.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-070543.029.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-173531.670.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-180849.436.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090812-195333.936.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-065221.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090813-183320.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-071556.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-161940.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-190222.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-191303.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090814-224724.250.log (Adware.DoubleD) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

#6 Glotnot

Glotnot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 14 August 2009 - 11:26 PM

.Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-14 23:10:58
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (1%) free of 229 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:16 PM, on 8/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - (no file)
O3 - Toolbar: (no name) - {7D787886-3B24-401C-A7BC-AF950A1C3CAC} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdatePMC45.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16445 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-23 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-07-31 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3A54897-9E68-B11E-A37A-4D1422CE9CAA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7D787886-3B24-401C-A7BC-AF950A1C3CAC}
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-27 1008896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe [2006-10-17 389120]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-10-26 176128]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-22 52840]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-10-24 1056928]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-23 1948440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-02-23 1103480]
"Steam"=c:\program files\steam\steam.exe [2009-06-12 1217784]
"Aim6"= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-23 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoActiveDesktop"=0
"NoFolderOptions"=0
"NoSimpleStartMenu"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe"="C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{882ac454-765d-11dc-9623-0018f34198d9}]
shell\AutoRun\command - J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac78a44e-6f5e-11dc-960b-0018f34198d9}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2009-08-14 23:10:58 ----D---- C:\rsit
2009-08-14 22:54:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-08-14 22:54:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-14 22:54:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 03:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:02:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 03:01:49 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-10 19:52:04 ----SHD---- C:\Config.Msi
2009-08-08 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-08 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-07 03:08:30 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 03:08:25 ----D---- C:\Program Files\MSBuild
2009-08-07 03:08:23 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 03:08:16 ----D---- C:\Program Files\Reference Assemblies
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-07 03:07:35 ----D---- C:\2c7ae58f2e2e363d088b0f676c
2009-08-07 03:07:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-07 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-06 00:56:50 ----D---- C:\Program Files\CCleaner
2009-07-31 23:25:33 ----D---- C:\Program Files\Microsoft
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\java.exe
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-31 15:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-29 03:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-23 05:19:43 ----HD---- C:\$AVG8.VAULT$
2009-07-23 02:46:17 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-23 02:40:57 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-23 02:30:15 ----D---- C:\Program Files\AVG
2009-07-23 02:29:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-22 23:19:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVG8
2009-07-22 23:19:02 ----D---- C:\Program Files\Trend Micro
2009-07-22 22:32:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Avira
2009-07-22 20:56:47 ----D---- C:\Program Files\Avira
2009-07-22 20:56:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-22 16:50:09 ----A---- C:\VundoFix.txt
2009-07-17 10:52:08 ----A---- C:\WINDOWS\system32\wmkafqlbsxto.dll
2009-07-16 04:51:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2009-07-16 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-16 00:52:23 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-07-16 00:52:22 ----D---- C:\Program Files\TrojanHunter 5.0
2009-07-15 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 23:20:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-14 23:16:06 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-12 17:17:01 ----D---- C:\Program Files\Media Access Startup
2009-07-12 17:16:55 ----D---- C:\Program Files\Internet Saving Optimizer
2009-07-12 17:16:42 ----D---- C:\Program Files\System Search Dispatcher
2009-07-12 17:16:27 ----D---- C:\Program Files\DoubleD
2009-06-15 20:51:11 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-06-15 20:51:00 ----D---- C:\Program Files\AIM Toolbar
2009-06-15 20:51:00 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar

======List of files/folders modified in the last 2 months======

2009-08-14 23:10:09 ----D---- C:\WINDOWS\Prefetch
2009-08-14 23:01:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2009-08-14 22:54:02 ----D---- C:\WINDOWS\system32\drivers
2009-08-14 22:54:00 ----D---- C:\Program Files
2009-08-14 22:53:54 ----D---- C:\WINDOWS
2009-08-14 22:47:37 ----D---- C:\Program Files\Mozilla Firefox
2009-08-14 22:42:52 ----D---- C:\Program Files\Steam
2009-08-14 22:42:16 ----D---- C:\WINDOWS\Temp
2009-08-14 22:42:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-14 22:41:30 ----D---- C:\Program Files\DNA
2009-08-14 22:40:56 ----D---- C:\WINDOWS\Registration
2009-08-14 22:39:03 ----D---- C:\WINDOWS\Minidump
2009-08-14 03:08:57 ----D---- C:\WINDOWS\system32
2009-08-14 03:07:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-14 03:01:55 ----HD---- C:\WINDOWS\inf
2009-08-14 03:01:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-13 22:33:12 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-13 04:03:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 03:12:55 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 03:05:47 ----SHD---- C:\WINDOWS\Installer
2009-08-13 03:02:35 ----D---- C:\Program Files\Outlook Express
2009-08-12 20:54:42 ----D---- C:\Program Files\AIMTunes
2009-08-11 21:10:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2009-08-11 21:10:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-10 20:59:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 19:53:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-08 05:24:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-08 03:04:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-07 03:34:15 ----RSD---- C:\WINDOWS\assembly
2009-08-07 03:14:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 03:13:53 ----D---- C:\WINDOWS\WinSxS
2009-08-07 03:08:22 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 03:07:53 ----D---- C:\WINDOWS\system32\spool
2009-08-07 03:03:55 ----D---- C:\Program Files\Internet Explorer
2009-08-06 00:59:42 ----D---- C:\WINDOWS\Debug
2009-08-05 05:11:47 ----N---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 23:25:26 ----D---- C:\Program Files\Windows Live
2009-07-31 23:23:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2009-07-31 15:39:34 ----D---- C:\Program Files\Java
2009-07-29 21:10:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\QQ Games Plugin
2009-07-25 11:50:41 ----D---- C:\temp
2009-07-25 11:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-07-23 04:33:04 ----D---- C:\Program Files\Symantec
2009-07-23 04:33:04 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-23 04:19:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-23 04:19:11 ----D---- C:\Program Files\Common Files
2009-07-23 04:12:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2009-07-23 04:12:31 ----SD---- C:\WINDOWS\Tasks
2009-07-22 21:20:24 ----D---- C:\Program Files\VisualTool
2009-07-22 17:47:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2009-07-22 15:30:03 ----A---- C:\WINDOWS\system32\wmkafqlbsxto.dll-uninst.exe
2009-07-18 16:28:24 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-18 12:00:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 12:00:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 04:58:44 ----D---- C:\Program Files\music_now
2009-07-15 20:48:17 ----D---- C:\Program Files\HP Games
2009-07-15 20:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-15 05:44:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-12 18:03:24 ----A---- C:\WINDOWS\win.ini
2009-07-02 10:18:21 ----RASH---- C:\boot.ini
2009-07-02 10:18:21 ----A---- C:\WINDOWS\system.ini
2009-06-26 11:59:38 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-26 11:59:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-26 11:59:35 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-06-26 11:59:23 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-26 11:59:23 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-26 11:59:20 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-26 11:59:19 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-26 11:59:15 ----N---- C:\WINDOWS\system32\inseng.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-06-26 11:59:14 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-06-26 11:59:13 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-26 11:59:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-26 11:59:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\danim.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\cdfview.dll
2009-06-26 11:59:11 ----A---- C:\WINDOWS\system32\browseui.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqise.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqad.dll
2009-06-25 04:44:41 ----N---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-06-22 07:49:04 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-06-22 07:26:06 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-06-16 10:55:16 ----N---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:55:16 ----N---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 20:51:20 ----D---- C:\Program Files\AIM6
2009-06-15 20:50:54 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-15 20:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-23 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-23 108552]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-10-18 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 NPDriver;Norton UnErase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-10-18 31680]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090610.001\symidsco.sys []
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-23 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-01-22 192104]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-22 169576]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NProtectService;Norton UnErase Protection; C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE [2005-10-03 95832]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-18 66872]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-05-11 1160848]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE [2005-10-03 176193]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-09-19 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-08-08 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-31 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-08-14 23:11:23

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Live Pool-->"C:\Program Files\3D Live Pool\unins000.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoPrinter 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83741F6A-0E7B-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BIAS SoundSoap 2.0-->MsiExec.exe /I{45D3CD3E-7715-4341-8441-A3A6409FCDE4}
Bioshock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cakewalk Pyro 5-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
City of Villains/City of Heroes (remove only)-->"C:\Program Files\City of Heroes\uninstall.exe"
Connection Keep Alive-->MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Download Manager 2.3.5-->C:\Program Files\Download Manager\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Shrink 3.1.6-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDXCopy Xpress 3.0.1-->"C:\Program Files\321Studios\Xpress\uninstall.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Galactic Civilizations II-->C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameSpy Software-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
Internet Saving Optimizer-->"C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jardinains!-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-Jardinains!.dat
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Access Startup-->"C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NaturalMotion endorphin 2.7.1-->"C:\Program Files\NaturalMotion\endorphin 2.7.1 Learning Edition\unins000.exe"
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton SystemWorks 2006 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe" /X
Norton SystemWorks 2006-->MsiExec.exe /I{71E7B3F5-CFAF-4C1E-B494-528E28707937}
Norton SystemWorks-->MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton Utilities-->MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
NSW_DRM_COLLECTION-->MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion - Fighter's Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2276CCD-7998-463D-8240-A1A3F58B0FA3}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - The Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - The Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power Video Converter 1.4.6-->"C:\Program Files\Power Video Converter\unins000.exe"
Punch! Interior Design Suite-->C:\PROGRA~1\PUNCH!~2\UNWISE.EXE C:\PROGRA~1\PUNCH!~2\INSTALL.LOG
Punch! Super Home Suite-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Search Assistant Mysidesearch-->C:\WINDOWS\system32\wmkafqlbsxto.dll-uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TEW2008-->C:\PROGRA~1\GDS\TEW2008\UNWISE.EXE C:\PROGRA~1\GDS\TEW2008\INSTALL.LOG
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VisualTool-->C:\Program Files\VisualTool\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AntiVir Desktop
AV: AVG Anti-Virus Free
FW: Norton Internet Worm Protection (disabled)

======System event log======

Computer Name: YOUR-4DACD0EA75
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 59143
Source Name: Cdrom
Time Written: 20090613175848.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 59142
Source Name: Cdrom
Time Written: 20090613175842.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 59141
Source Name: Cdrom
Time Written: 20090613175837.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 59140
Source Name: Cdrom
Time Written: 20090613175829.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 59139
Source Name: Cdrom
Time Written: 20090613175823.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\WINDOWS\Temp\tmp172A.tmp

Record Number: 50747
Source Name: Avira AntiVir
Time Written: 20090722222203.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E2A1488.tmp

Record Number: 50746
Source Name: Avira AntiVir
Time Written: 20090722222154.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E2A1488.tmp

Record Number: 50745
Source Name: Avira AntiVir
Time Written: 20090722222154.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\WINDOWS\Temp\tmp1729.tmp

Record Number: 50744
Source Name: Avira AntiVir
Time Written: 20090722222150.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DFD48BA.tmp

Record Number: 50743
Source Name: Avira AntiVir
Time Written: 20090722222141.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\backburner\;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"MAYA_SCRIPT_PATH"=C:\PROGRAM FILES\NATURALMOTION\ENDORPHIN 2.7.1 LEARNING EDITION\RESOURCES\THIRD PARTY\MAYA\SCRIPTS
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks a lot for this.

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:13 AM

Posted 15 August 2009 - 12:55 AM

Hi Glotnot,




I do not recommend that you have more than one anti virus product installed and running on your computer at a time. In your case, you have an AVG, Symantec, and Avira .
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".
It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to Add/Remove Porgrams in the control panel and remove 2 of three programs in the following.

AVG Free 8.5
Avira AntiVir Premium
Symantec


If you have decided to remove Symantec, you should download Norton Removl Tool to remove the leftoves of Norton product.



I also notice there are some unwanted programs installed in your system. Those unwanted programs are sometimes malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight


J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 14.
LimeWire 4.18.8
Internet Saving Optimizer
Search Assistant Mysidesearch
Viewpoint Media Player


and click on Change/Remove to remove it.

After that, you should download and install the Java Runtime Environment (JRE) 6 Update 16 from Here .



Step1


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: (no name) - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - (no file)
O3 - Toolbar: (no name) - {7D787886-3B24-401C-A7BC-AF950A1C3CAC} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: http://*.trymedia.com (HKLM)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


After that, i would like you to rerun MBAM and post the fresh log into this thread.


Step2


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step3


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.Fresh MBAM log
2.KAS Scan Report
3.Fresh Rist log

Tell me how your pc is acting now.

#8 Glotnot

Glotnot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 16 August 2009 - 12:21 PM

I was unable to run Kaspersky on Firefox and had to use it on Internet Explorer.

On Firefox, it tells me "Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.", though it has no problem running on other browsers and I downloaded JRE 6 Update 16 as you recommended.

Likewise, the Attachments bar for this site fails to load on Firefox, but worked when I tried it on Safari, and sites like Facebook are still very screwy.

But the pop-ups have stopped, and I can right click again in the Firefox browser window.

Malwarebytes' Anti-Malware 1.40
Database version: 2628
Windows 5.1.2600 Service Pack 2

8/16/2009 1:18:08 PM
mbam-log-2009-08-16 (13-18-08).txt

Scan type: Quick Scan
Objects scanned: 108968
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 16, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 16, 2009 06:31:35
Records in database: 2634103
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 329706
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 07:16:56


File name / Threat / Threats count
D:\I386\APPS\APP02906\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
D:\I386\APPS\APP02906\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

Selected area has been scanned.





Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-16 13:09:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (0%) free of 229 GB
Total RAM: 2046 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:36 PM, on 8/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdatePMC45.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12206 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-07-31 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe [2006-10-17 389120]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-10-26 176128]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-10-24 1056928]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-15 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-02-23 1103480]
"Steam"=c:\program files\steam\steam.exe [2009-06-12 1217784]
"Aim6"= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoActiveDesktop"=0
"NoFolderOptions"=0
"NoSimpleStartMenu"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe"="C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zSFE.tmp\SymNRT.exe"="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zSFE.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{882ac454-765d-11dc-9623-0018f34198d9}]
shell\AutoRun\command - J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac78a44e-6f5e-11dc-960b-0018f34198d9}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2009-08-16 01:00:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\java.exe
2009-08-14 23:10:58 ----D---- C:\rsit
2009-08-14 22:54:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-08-14 22:54:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-14 22:54:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 03:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:02:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 03:01:49 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-08 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-08 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-07 03:08:30 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 03:08:25 ----D---- C:\Program Files\MSBuild
2009-08-07 03:08:23 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 03:08:16 ----D---- C:\Program Files\Reference Assemblies
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-07 03:07:35 ----D---- C:\2c7ae58f2e2e363d088b0f676c
2009-08-07 03:07:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-07 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-06 00:56:50 ----D---- C:\Program Files\CCleaner
2009-07-31 23:25:33 ----D---- C:\Program Files\Microsoft
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-31 15:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-29 03:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-23 05:19:43 ----HD---- C:\$AVG8.VAULT$
2009-07-23 02:46:17 ----N---- C:\WINDOWS\system32\avgrsstx.dll.install_backup
2009-07-23 02:30:15 ----D---- C:\Program Files\AVG
2009-07-22 23:19:02 ----D---- C:\Program Files\Trend Micro
2009-07-22 22:32:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Avira
2009-07-22 20:56:47 ----D---- C:\Program Files\Avira
2009-07-22 20:56:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-22 16:50:09 ----A---- C:\VundoFix.txt
2009-07-17 10:52:08 ----A---- C:\WINDOWS\system32\wmkafqlbsxto.dll
2009-07-16 04:51:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2009-07-16 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-16 00:52:23 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-07-16 00:52:22 ----D---- C:\Program Files\TrojanHunter 5.0
2009-07-15 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 23:20:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-14 23:16:06 ----D---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 2 months======

2009-08-16 13:09:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2009-08-16 12:28:55 ----D---- C:\Program Files\Mozilla Firefox
2009-08-16 12:22:35 ----D---- C:\WINDOWS
2009-08-16 02:44:04 ----D---- C:\WINDOWS\Prefetch
2009-08-16 02:15:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-16 02:14:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 02:14:14 ----HD---- C:\WINDOWS\inf
2009-08-16 01:00:01 ----D---- C:\WINDOWS\system32
2009-08-16 01:00:01 ----D---- C:\WINDOWS\Debug
2009-08-15 18:11:01 ----D---- C:\WINDOWS\system32\drivers
2009-08-15 18:10:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2009-08-15 18:10:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-15 16:18:11 ----D---- C:\Program Files\Steam
2009-08-15 16:17:34 ----D---- C:\Program Files\DNA
2009-08-15 16:16:36 ----D---- C:\WINDOWS\Temp
2009-08-15 16:14:50 ----D---- C:\WINDOWS\Registration
2009-08-15 16:00:19 ----SHD---- C:\WINDOWS\Installer
2009-08-15 15:59:36 ----D---- C:\Program Files\Java
2009-08-15 15:50:51 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-15 15:50:50 ----D---- C:\Program Files
2009-08-15 15:24:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-15 15:23:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-14 22:39:03 ----D---- C:\WINDOWS\Minidump
2009-08-14 03:01:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-13 22:33:12 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-13 04:03:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 03:12:55 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 03:02:35 ----D---- C:\Program Files\Outlook Express
2009-08-12 20:54:42 ----D---- C:\Program Files\AIMTunes
2009-08-10 20:59:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 19:53:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-08 05:24:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-07 03:34:15 ----RSD---- C:\WINDOWS\assembly
2009-08-07 03:14:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 03:13:53 ----D---- C:\WINDOWS\WinSxS
2009-08-07 03:08:22 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 03:07:53 ----D---- C:\WINDOWS\system32\spool
2009-08-07 03:03:55 ----D---- C:\Program Files\Internet Explorer
2009-08-05 05:11:47 ----N---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 23:25:26 ----D---- C:\Program Files\Windows Live
2009-07-31 23:23:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2009-07-29 21:10:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\QQ Games Plugin
2009-07-25 11:50:41 ----D---- C:\temp
2009-07-25 11:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-07-23 04:19:11 ----D---- C:\Program Files\Common Files
2009-07-23 04:12:31 ----SD---- C:\WINDOWS\Tasks
2009-07-22 21:20:24 ----D---- C:\Program Files\VisualTool
2009-07-22 17:47:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2009-07-18 16:28:24 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-18 12:00:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 12:00:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 04:58:44 ----D---- C:\Program Files\music_now
2009-07-15 20:48:17 ----D---- C:\Program Files\HP Games
2009-07-15 20:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-15 05:44:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-12 18:03:24 ----A---- C:\WINDOWS\win.ini
2009-07-02 10:18:21 ----RASH---- C:\boot.ini
2009-07-02 10:18:21 ----A---- C:\WINDOWS\system.ini
2009-06-26 11:59:38 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-26 11:59:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-26 11:59:35 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-06-26 11:59:23 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-26 11:59:23 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-26 11:59:20 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-26 11:59:19 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-26 11:59:15 ----N---- C:\WINDOWS\system32\inseng.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-06-26 11:59:14 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-06-26 11:59:13 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-26 11:59:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-26 11:59:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\danim.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\cdfview.dll
2009-06-26 11:59:11 ----A---- C:\WINDOWS\system32\browseui.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqise.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqad.dll
2009-06-25 04:44:41 ----N---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-06-22 07:49:04 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-06-22 07:26:06 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-10-18 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-10-18 31680]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
R4 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-18 66872]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-08-08 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-31 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:13 AM

Posted 16 August 2009 - 01:19 PM

Hi Glotnot,



Run by HP_Administrator at 2009-08-16 13:09:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (0%) free of 229 GB


In your log header, your system seems to run out of drive space. Your hard drive is almost full. Having too little free space on your hard drive can compromise system performance.

I suggest you move pictures, music, etc. to an external drive or USB stick if you have one and uninstall any programs that are never or hardly ever used. You should leave at least 15% free space for system partition.

The kas online scanner has detected 2 infected files. I think it coming from the default factory installation. It would be a false positive. I will leave it as it should be. After that, please do the following:


Step1

Go to Start > Run and copy/paste the following bold into the Run box and click OK:

cmd /c del /a/f/q "C:\WINDOWS\system32\wmkafqlbsxto.dll"

A Dos window will open and close again. This is normal.



Step2

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
After running GooredFix, please reboot your pc and start your FF and check if you can access Facebook properly. If not, proceed the next step.


Step3

Click Start>Run>Type CMD>A command prompt DOS window will open. Type/Paste ipconfig /flushdns and then press Enter to purge the DNS resolver cache.

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

In Firefox, go Tools > Options > Advanced > Network > Settings and tick 'No Proxy', then 'OK' your way out.

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Start your FF> Tools menu> Clear Private data , check all boxes and press clear private data now button

Please close all your browsers. Click on Start / Run, Enter the following command:

firefox -safe-mode

Click Continue In Safe Mode. This starts Firefox in its Safe Mode. While you are in Safe Mode, your settings will reverted back to their defaults. Tell me if you can access Facebook normally.

If not, go to next step.

Keep going to firefox in Safe Mode.

In the open window, check the following boxes.

Disable all add-ons
Reset Toolbars and Controls
Reset all your user preferences to FireFox Defaults
Restore Default Search Engines.

Click on "Make the changes and restart" Then, start your FF to test if you can access Facebook properly.

If the problem still persists, you are well advised to remove it completely including add-ons, profile data, directories and install a new one. but you can backup your bookmarks from Here if you don't know how . For more info:

http://kb.mozillazine.org/Uninstalling_Firefox

http://wvistathemes.com/windows/completely...nstall-firefox/

http://www.mozilla.com/en-US/firefox/ie.html


In your next reply, please post back:


1.GooredFix log
2.RSIT log.txt and info.txt. (Before running Rist, go to C:\rist to delete the rist folder)

Tell me how things went.

Edited by sundavis, 16 August 2009 - 01:27 PM.


#10 Glotnot

Glotnot
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:13 AM

Posted 17 August 2009 - 03:39 PM

GooredFix by jpshortstuff (12.07.09)
Log created at 21:25 on 16/08/2009 (HP_Administrator)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:08 23/07/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [20:00 15/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [07:09 07/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:59 15/08/2009]

-=E.O.F=-





Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-17 16:30:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 92 GB (40%) free of 229 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:39 PM, on 8/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdatePMC45.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11823 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-07-31 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Pinnacle WebUpdater"=C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe [2006-10-17 389120]
"PMCRemote"=C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2006-10-26 176128]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-10-24 1056928]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-15 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-08 94208]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-02-23 1103480]
"Steam"=c:\program files\steam\steam.exe [2009-06-12 1217784]
"Aim6"= []
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848]
""= []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoActiveDesktop"=0
"NoFolderOptions"=0
"NoSimpleStartMenu"=0
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Autodesk\backburner\monitor.exe"="C:\Program Files\Autodesk\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\backburner\manager.exe"="C:\Program Files\Autodesk\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\backburner\server.exe"="C:\Program Files\Autodesk\backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe"="C:\Program Files\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zSFE.tmp\SymNRT.exe"="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\7zSFE.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b669257-5bd0-11db-93e6-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{882ac454-765d-11dc-9623-0018f34198d9}]
shell\AutoRun\command - J:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac78a44e-6f5e-11dc-960b-0018f34198d9}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 2 months======

2009-08-17 16:30:31 ----D---- C:\rsit
2009-08-16 20:46:45 ----SHD---- C:\Config.Msi
2009-08-16 01:00:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-15 16:00:11 ----A---- C:\WINDOWS\system32\java.exe
2009-08-14 22:54:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-08-14 22:54:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-14 22:54:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 03:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-13 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:02:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-13 03:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 03:01:49 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-08-08 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-08 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-07 03:08:30 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 03:08:25 ----D---- C:\Program Files\MSBuild
2009-08-07 03:08:23 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 03:08:16 ----D---- C:\Program Files\Reference Assemblies
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-07 03:07:36 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-07 03:07:35 ----D---- C:\2c7ae58f2e2e363d088b0f676c
2009-08-07 03:07:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-07 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-06 00:56:50 ----D---- C:\Program Files\CCleaner
2009-07-31 23:25:33 ----D---- C:\Program Files\Microsoft
2009-07-31 15:40:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-31 15:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-29 03:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-23 05:19:43 ----HD---- C:\$AVG8.VAULT$
2009-07-23 02:30:15 ----D---- C:\Program Files\AVG
2009-07-22 23:19:02 ----D---- C:\Program Files\Trend Micro
2009-07-22 22:32:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Avira
2009-07-22 20:56:47 ----D---- C:\Program Files\Avira
2009-07-22 20:56:47 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-22 16:50:09 ----A---- C:\VundoFix.txt
2009-07-16 04:51:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2009-07-16 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-16 00:52:23 ----R---- C:\WINDOWS\system32\streamhlp.dll
2009-07-16 00:52:22 ----D---- C:\Program Files\TrojanHunter 5.0
2009-07-15 03:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 23:20:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-14 23:16:06 ----D---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 2 months======

2009-08-17 16:30:38 ----D---- C:\WINDOWS\Prefetch
2009-08-17 16:25:38 ----D---- C:\Program Files\Mozilla Firefox
2009-08-17 16:23:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2009-08-17 15:48:53 ----D---- C:\WINDOWS
2009-08-16 22:34:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-16 21:41:58 ----D---- C:\Program Files\Steam
2009-08-16 21:41:26 ----D---- C:\Program Files\DNA
2009-08-16 21:40:51 ----D---- C:\WINDOWS\Temp
2009-08-16 21:40:51 ----D---- C:\WINDOWS\Registration
2009-08-16 21:40:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 21:39:35 ----D---- C:\Program Files\Common Files
2009-08-16 21:39:34 ----D---- C:\WINDOWS\system32
2009-08-16 21:38:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-16 21:16:31 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-16 21:09:37 ----SHD---- C:\WINDOWS\Installer
2009-08-16 21:08:48 ----RSD---- C:\WINDOWS\assembly
2009-08-16 21:08:46 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-08-16 21:08:26 ----D---- C:\Program Files\Electronic Arts
2009-08-16 21:07:41 ----D---- C:\Program Files
2009-08-16 20:47:30 ----HD---- C:\WINDOWS\inf
2009-08-16 20:47:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-16 20:46:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-16 19:04:27 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2009-08-16 19:04:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-16 02:15:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-16 01:00:01 ----D---- C:\WINDOWS\Debug
2009-08-15 18:11:01 ----D---- C:\WINDOWS\system32\drivers
2009-08-15 15:59:36 ----D---- C:\Program Files\Java
2009-08-15 15:50:51 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-15 15:24:45 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-08-14 22:39:03 ----D---- C:\WINDOWS\Minidump
2009-08-14 03:01:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-13 04:03:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 03:12:55 ----D---- C:\WINDOWS\system32\Setup
2009-08-13 03:02:35 ----D---- C:\Program Files\Outlook Express
2009-08-12 20:54:42 ----D---- C:\Program Files\AIMTunes
2009-08-10 20:59:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-07 03:14:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 03:13:53 ----D---- C:\WINDOWS\WinSxS
2009-08-07 03:08:22 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 03:07:53 ----D---- C:\WINDOWS\system32\spool
2009-08-07 03:03:55 ----D---- C:\Program Files\Internet Explorer
2009-08-05 05:11:47 ----N---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 23:25:26 ----D---- C:\Program Files\Windows Live
2009-07-31 23:23:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2009-07-29 21:10:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\QQ Games Plugin
2009-07-25 11:50:41 ----D---- C:\temp
2009-07-25 11:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-07-23 04:12:31 ----SD---- C:\WINDOWS\Tasks
2009-07-22 21:20:24 ----D---- C:\Program Files\VisualTool
2009-07-22 17:47:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2009-07-18 16:28:24 ----D---- C:\Program Files\Messenger Plus! Live
2009-07-18 12:00:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 12:00:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 04:58:44 ----D---- C:\Program Files\music_now
2009-07-15 20:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-15 05:44:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-12 18:03:24 ----A---- C:\WINDOWS\win.ini
2009-07-02 10:18:21 ----RASH---- C:\boot.ini
2009-07-02 10:18:21 ----A---- C:\WINDOWS\system.ini
2009-06-26 11:59:38 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-26 11:59:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-26 11:59:35 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-06-26 11:59:23 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-26 11:59:23 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-26 11:59:20 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-26 11:59:19 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-26 11:59:15 ----N---- C:\WINDOWS\system32\inseng.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-26 11:59:15 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-06-26 11:59:14 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-06-26 11:59:13 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-26 11:59:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-26 11:59:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\danim.dll
2009-06-26 11:59:11 ----N---- C:\WINDOWS\system32\cdfview.dll
2009-06-26 11:59:11 ----A---- C:\WINDOWS\system32\browseui.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqutil.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqupgrd.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqtrig.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsnap.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqsec.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrtdep.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqrt.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqqm.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqoa.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqise.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqdscli.dll
2009-06-25 14:36:08 ----A---- C:\WINDOWS\system32\mqad.dll
2009-06-25 04:44:41 ----N---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:44:41 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqtgsvc.exe
2009-06-22 07:49:23 ----A---- C:\WINDOWS\system32\mqbkup.exe
2009-06-22 07:49:04 ----A---- C:\WINDOWS\system32\mqsvc.exe
2009-06-22 07:26:06 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-10-18 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-10-18 31680]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 npkcrypt;npkcrypt; \??\C:\Program Files\NEXON\MapleStory\npkcrypt.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect; C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-18 66872]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-08-08 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-31 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.06 2009-08-17 16:30:43

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoPrinter 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83741F6A-0E7B-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Battlefield 2142 Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BIAS SoundSoap 2.0-->MsiExec.exe /I{45D3CD3E-7715-4341-8441-A3A6409FCDE4}
Bioshock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cakewalk Pyro 5-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
City of Villains/City of Heroes (remove only)-->"C:\Program Files\City of Heroes\uninstall.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Download Manager 2.3.5-->C:\Program Files\Download Manager\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Shrink 3.1.6-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDXCopy Xpress 3.0.1-->"C:\Program Files\321Studios\Xpress\uninstall.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion - Fighter's Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2276CCD-7998-463D-8240-A1A3F58B0FA3}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - The Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - The Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - The Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Pinnacle MediaCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe" -l0x9
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power Video Converter 1.4.6-->"C:\Program Files\Power Video Converter\unins000.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TEW2008-->C:\PROGRA~1\GDS\TEW2008\UNWISE.EXE C:\PROGRA~1\GDS\TEW2008\INSTALL.LOG
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VisualTool-->C:\Program Files\VisualTool\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}

=====HijackThis Backups=====

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-08-15]
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2009-08-15]
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file) [2009-08-15]
O15 - Trusted Zone: http://*.trymedia.com (HKLM) [2009-08-15]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-08-15]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-08-15]
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-08-15]

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: YOUR-4DACD0EA75
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 59373
Source Name: W32Time
Time Written: 20090620230745.000000-240
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 59352
Source Name: W32Time
Time Written: 20090619230757.000000-240
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 1001
Message:
Record Number: 59348
Source Name: SAVRT
Time Written: 20090619200053.000000-240
Event Type: warning
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2

Record Number: 59300
Source Name: Service Control Manager
Time Written: 20090619015105.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 59266
Source Name: W32Time
Time Written: 20090618102543.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: YOUR-4DACD0EA75
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 50820
Source Name: crypt32
Time Written: 20090722224614.000000-240
Event Type: error
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'TR/Dldr.Vapsup'
in the file
C:\WINDOWS\Temp\tmp2.tmp

Record Number: 50819
Source Name: Avira AntiVir
Time Written: 20090722224559.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 50806
Source Name: Adobe Active File Monitor
Time Written: 20090722224235.000000-240
Event Type:
User:

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\WINDOWS\Temp\tmp1785.tmp

Record Number: 50796
Source Name: Avira AntiVir
Time Written: 20090722224054.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-4DACD0EA75
Event Code: 4113
Message: AntiVir has detected 'ADSPY/AdSpy.Gen'
in the file
C:\WINDOWS\Temp\tmp1784.tmp

Record Number: 50795
Source Name: Avira AntiVir
Time Written: 20090722224049.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\backburner\;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"MAYA_SCRIPT_PATH"=
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------




Everything is working now, thank you so very much.

Everything began to work upon completion of this part of Step 3:

Click on "Make the changes and restart" Then, start your FF to test if you can access Facebook properly.


Again, thank you very much. I wish something I could say could better illustrate how happy I am to have my computer back in working order.

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:13 AM

Posted 18 August 2009 - 02:45 AM

Hi Glotnot,




I am to have my computer back in working order

That sounds good. :)

Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Now, your system appears to be clear now. :thumbup2: If you have no remaining issues on your pc, let's do some tidy up.


Step1

Download OTC by OldTimer and save it to your desktop.
  • Double click OTC and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update SP3

    Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE. It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.
    Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system. I recommend that you visit the link above and apply the SP3 patch.

  • Update all these programs regularly - Make sure you update all the programs. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:13 AM

Posted 18 August 2009 - 10:59 PM

Since this issue appears resolved. This Topic is closed.

Glad we could help. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users