Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clickover.cn redirects


  • This topic is locked This topic is locked
22 replies to this topic

#1 Neco

Neco

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 10 August 2009 - 02:11 PM

Yesterday my computer got attacked by System Security 2009 but I think I cleaned that all up. Now when ever i google something I get redirected by clickover.cn. I have run Windows Defender and Spybot with some Trojans and viruses found and deleted but I still get redirected. Internet Explorer is my main browser but I use Firefox to browse the internet.

Hijackthis.log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:30 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Desktop Media\mediadetect.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GM5266E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5266E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe C:\DOCUME~1\OWNER~1.YOU\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [1A:KkTrayServer] C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229795413837
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229795618519
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://play.battlefield-heroes.com/static/...er_4.0.11.0.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file)
O20 - AppInit_DLLs: druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95da8d3cabb5c) (gupdate1c95da8d3cabb5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14333 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 12 August 2009 - 09:35 PM

Hello Neco,


I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint

***************

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

***************

We need to disable your Spybot Teatimer and Windows Defender Real-time Protection as they may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Edited by SifuMike, 12 August 2009 - 09:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 12:10 AM

I noticed something last night called SKYNET showing up on MBAM every time so I installed GMER.exe and in red there was SKYNET(forgot the full name) and then I deleted it. Don't know if that's a problem or not. Why is Scholastic's I SPY Spooky Mansion anti-malware?

Results of screen317's Security Check version 0.98.7
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner


Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:

WinPatrol 2009
Scholastic's I SPY Spooky Mansion
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
WinPatrol winpatrol.exe is disabled!


``````````````````````````````
DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

Malwarebytes' Anti-Malware 1.40
Database version: 2589
Windows 5.1.2600 Service Pack 3

8/13/2009 12:09:35 AM
mbam-log-2009-08-13 (00-09-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 338546
Time elapsed: 2 hour(s), 26 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:53 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GM5266E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5266E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe C:\DOCUME~1\OWNER~1.YOU\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [1A:KkTrayServer] C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229795413837
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229795618519
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://play.battlefield-heroes.com/static/...er_4.0.11.0.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file)
O20 - AppInit_DLLs: druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95da8d3cabb5c) (gupdate1c95da8d3cabb5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

--
End of file - 15266 bytes

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 13 August 2009 - 09:02 AM

I noticed something last night called SKYNET showing up on MBAM every time so I installed GMER.exe and in red there was SKYNET(forgot the full name) and then I deleted it. Don't know if that's a problem or not.


Yes, it is a big problem. You should not have run GMER without my approval. :thumbup2:

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it prolongs handling your log and make the job for both of us more difficult.

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove one of these.
Avira AntiVir Antivirus or AVG Free Antivirus

Looks like you have been running Malwarebytes many times. I want to see the first run of Malwarebytes so I can see what it found.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire MBAM report in your next reply

Edited by SifuMike, 13 August 2009 - 09:07 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 12:43 PM

Sorry school is starting up soon and I will be using this computer a lot so I started getting disparate. The first time I ran MBAM was a long time ago.

Malwarebytes' Anti-Malware 1.32
Database version: 1632
Windows 5.1.2600 Service Pack 3

1/8/2009 4:58:04 PM
mbam-log-2009-01-08 (16-58-04).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 19675
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 16
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\byXQHAtU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qfmcwppl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iifgHbBS.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af880088-deda-4a00-81c1-a6337059dfa2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af880088-deda-4a00-81c1-a6337059dfa2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifghbbs (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af880088-deda-4a00-81c1-a6337059dfa2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3c59bf39 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf4552-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxqhatu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxqhatu -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\byXQHAtU.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\UtAHQXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UtAHQXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfmcwppl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lppwcmfq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rakmdlkd83indfgnbu.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\iifgHbBS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 13 August 2009 - 03:10 PM

I need to look deeper.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 03:16 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-13 15:14:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 85 GB (28%) free of 300 GB
Total RAM: 2030 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:32 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\RSIT.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GM5266E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5266E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe C:\DOCUME~1\OWNER~1.YOU\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [1A:KkTrayServer] C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229795413837
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229795618519
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://play.battlefield-heroes.com/static/...er_4.0.11.0.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file)
O20 - AppInit_DLLs: druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95da8d3cabb5c) (gupdate1c95da8d3cabb5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

--
End of file - 15053 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007UA.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-12 1191424]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"SteelSeries World of Warcraft MMO Gaming Mouse"=C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [2009-05-13 414720]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-11 2000152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-11 149280]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-07-27 341312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2009-07-30 1935360]
"PlayNC Launcher"= []
"Google Update"=C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 133104]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"SODCPreLoad"=C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe [2009-05-21 40960]
"1A:KkTrayServer"=C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe [2006-03-28 108544]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-12-18 2304960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-07-27 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2008-10-01 800256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fssui.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1226539143\EE\AOLHostManager.exe [2004-11-03 125528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-07-13 9134080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2008-11-18 323216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe [2009-08-09 38184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-03-29 375296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-07-15 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Talk]
C:\Program Files\NCH Swift Sound\Talk\talk.exe [2009-03-27 704516]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe [2008-11-10 9017648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wefi]
C:\Program Files\WeFi\WeFi.exe [2009-03-29 501760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [2008-12-12 157312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-891C2B43EF^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2007-11-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-11 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1226539143\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1226539143\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel® Viiv™ Media Server"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel® Remoting Service"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\PLAYXPERT\CoreImpl.exe"="C:\Program Files\PLAYXPERT\CoreImpl.exe:*:Enabled:CoreImpl"
"C:\Program Files\PLAYXPERT\PXP.exe"="C:\Program Files\PLAYXPERT\PXP.exe:*:Enabled:PLAYXPERT"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam.exe"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\dxwebsetup.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\dxwebsetup.exe:*:Enabled:dxwebsetup.exe"
"C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe"="C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\Steam\steamapps\31th296\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\31th296\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\steamapps\31th296\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe"="C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer"
"C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Temp\Rar$EX00.656\Gang Garrison 2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Temp\Rar$EX00.656\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\Cam's Stuff\Gang Garrison 2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\Cam's Stuff\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2"
"C:\Program Files\Steam\steamapps\31th296\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\31th296\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe"="C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Puzzlegeddon Demo\Puzzlegeddon.exe"="C:\Program Files\Puzzlegeddon Demo\Puzzlegeddon.exe:*:Enabled:Puzzlegeddon Demo"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe"="C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"C:\Program Files\Steam\steamapps\31th296\darwinia demo\darwinia.exe"="C:\Program Files\Steam\steamapps\31th296\darwinia demo\darwinia.exe:*:Enabled:Darwinia Demo"
"C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe"="C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe:*:Enabled:Monster Trucks Nitro Demo"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\pwi_AllFiles_v2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\pwi_AllFiles_v2.exe:*:Enabled:pwi_AllFiles_v2"
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe"="C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\NCH Swift Sound\Talk\talk.exe"="C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Disabled:Express Talk"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe"="C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:*:Enabled:Games for Windows - LIVE"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\Program Files\Vogster Entertainment\CrimeCraft BT\Binaries\CrimeCraft.exe"="C:\Program Files\Vogster Entertainment\CrimeCraft BT\Binaries\CrimeCraft.exe:*:Enabled:CrimeCraft"
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Xfire\dppm_source.exe"="C:\Program Files\Xfire\dppm_source.exe:*:Enabled:Dyyno P2P Source Application"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe"="C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe:*:Enabled:Lotus Symphony"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\31th296\the ship dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\31th296\the ship dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Steam\steamapps\31th296\the ship\ship.exe"="C:\Program Files\Steam\steamapps\31th296\the ship\ship.exe:*:Enabled:ship"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\GALA-NET\Rappelz\RappelzConfig.exe"="C:\Program Files\GALA-NET\Rappelz\RappelzConfig.exe:*:Enabled:RappelzConfig.exe"
"C:\Program Files\teeworlds\teeworlds-0.5.1-win32\teeworlds_srv.exe"="C:\Program Files\teeworlds\teeworlds-0.5.1-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753594f4-b11f-11dd-b294-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe


======List of files/folders created in the last 3 months======

2009-08-13 15:14:12 ----D---- C:\rsit
2009-08-12 20:41:37 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol
2009-08-12 20:41:20 ----D---- C:\Program Files\BillP Studios
2009-08-12 18:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 18:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 18:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 18:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 18:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 18:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 18:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 18:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 18:03:23 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-12 18:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-12 18:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\java.exe
2009-08-11 09:36:12 ----HD---- C:\$AVG8.VAULT$
2009-08-11 00:09:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-11 00:09:22 ----D---- C:\Program Files\AVG
2009-08-11 00:09:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-08-11 00:01:54 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\AVG8
2009-08-10 13:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 13:12:45 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-10 13:12:45 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com
2009-08-10 02:52:37 ----A---- C:\WINDOWS\wininit.ini
2009-08-10 02:32:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-10 02:32:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 01:22:35 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-09 21:40:48 ----D---- C:\Program Files\Windows Defender
2009-08-09 17:20:52 ----D---- C:\Documents and Settings\All Users\Application Data\12436714
2009-08-09 02:30:55 ----A---- C:\Program Files\jxwagfh.txt
2009-08-08 21:35:14 ----D---- C:\Mp3 Output
2009-08-08 21:35:11 ----A---- C:\WINDOWS\system32\mp3Media2.dll
2009-08-08 21:35:10 ----D---- C:\Program Files\Smallvideosoft
2009-08-08 18:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-07 18:03:46 ----D---- C:\f447dd62f3f81609cc552e7384
2009-08-07 18:03:36 ----D---- C:\WINDOWS\SxsCaPendDel
2009-07-31 19:51:19 ----HD---- C:\Documents and Settings\All Users\Application Data\esClient
2009-07-31 19:51:06 ----D---- C:\Program Files\echospin
2009-07-31 15:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-30 23:56:14 ----D---- C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
2009-07-30 23:51:03 ----D---- C:\Program Files\Timeline Interactive
2009-07-30 00:26:19 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\skypePM
2009-07-30 00:24:58 ----RD---- C:\Program Files\Skype
2009-07-30 00:24:49 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-29 15:18:55 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\WebApps
2009-07-23 20:57:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-07-21 18:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-07-21 03:39:18 ----D---- C:\Program Files\DVDVideoSoft
2009-07-21 03:39:18 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-21 03:28:39 ----D---- C:\WINDOWS\system32\windows media
2009-07-21 03:28:25 ----D---- C:\Program Files\Windows Media Components
2009-07-20 20:09:18 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries
2009-07-20 20:09:04 ----D---- C:\Program Files\SteelSeries
2009-07-20 19:29:10 ----D---- C:\Program Files\iTouchMidi
2009-07-20 16:02:03 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-18 22:09:13 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\id Software
2009-07-18 22:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-07-18 00:11:21 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Yahoo!
2009-07-18 00:11:15 ----D---- C:\Program Files\CCleaner
2009-07-17 22:39:23 ----D---- C:\WINDOWS\F579118563414E21A47F41B57AC749B5.TMP
2009-07-17 22:39:05 ----D---- C:\Program Files\Netdevil
2009-07-17 21:16:18 ----D---- C:\WINDOWS\system32\AGEIA
2009-07-17 21:16:18 ----D---- C:\Program Files\AGEIA Technologies
2009-07-17 14:24:30 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Realtime Soft
2009-07-17 14:24:25 ----D---- C:\Program Files\UltraMon
2009-07-17 14:24:25 ----D---- C:\Program Files\Common Files\Realtime Soft
2009-07-17 14:24:24 ----D---- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2009-07-16 23:06:44 ----D---- C:\Program Files\Emote
2009-07-16 18:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-16 02:32:44 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\VoipBuster
2009-07-16 02:31:42 ----D---- C:\Program Files\VoipBuster.com
2009-07-16 02:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-07-16 01:57:30 ----D---- C:\WINDOWS\nview
2009-07-16 01:57:30 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-07-16 01:52:32 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-16 00:41:37 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-16 00:41:37 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-16 00:41:36 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-16 00:41:34 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-15 17:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 17:27:26 ----D---- C:\Program Files\QuickTime
2009-07-15 17:26:22 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-07-15 16:23:30 ----D---- C:\Program Files\WeFi
2009-07-15 16:19:11 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform
2009-07-09 17:37:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(3)
2009-07-09 17:37:09 ----D---- C:\Program Files\SteelSeries(2)
2009-07-08 22:42:30 ----D---- C:\WINDOWS\nview(2)
2009-07-08 22:24:45 ----D---- C:\Program Files\SpeedFan
2009-07-08 22:09:40 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-06 17:11:50 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Prism
2009-07-05 12:33:24 ----D---- C:\Program Files\Call of Duty
2009-07-03 12:37:29 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(2)
2009-07-02 17:47:35 ----D---- C:\Program Files\id Software
2009-07-01 22:16:31 ----D---- C:\Program Files\UrbanTerror
2009-07-01 15:04:58 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\OpenArena
2009-06-29 12:10:51 ----D---- C:\Program Files\VUGames
2009-06-27 20:47:23 ----D---- C:\Program Files\Sun(2)
2009-06-14 13:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-06-14 13:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-14 13:47:45 ----DC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-14 13:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-14 13:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\keystone.exe
2009-06-10 08:29:32 ----A---- C:\WINDOWS\system32\nview.dll
2009-06-10 08:29:30 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(6).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(5).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(4).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(3).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(2).dll
2009-06-10 08:29:12 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-06-10 08:29:06 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-06-10 08:29:02 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-06-10 08:29:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-06-10 08:28:58 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-06-10 08:28:52 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(6).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(5).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(4).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(3).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(2).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(6).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(5).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(4).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(3).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(2).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(9).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(8).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(7).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(6).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(5).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(4).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(3).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(2).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(10).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-06-10 08:28:48 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-06-02 18:41:17 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2009-06-02 11:21:29 ----D---- C:\Program Files\QMixer
2009-06-01 15:51:07 ----D---- C:\Program Files\Textorizer
2009-05-31 17:33:07 ----D---- C:\Program Files\Scorched3D
2009-05-31 16:18:13 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Teeworlds
2009-05-31 16:18:01 ----D---- C:\Program Files\teeworlds
2009-05-31 10:14:37 ----D---- C:\Program Files\GALA-NET
2009-05-31 08:27:56 ----A---- C:\WINDOWS\spookydisplay.ini
2009-05-31 08:26:24 ----D---- C:\Program Files\Scholastic
2009-05-31 00:02:49 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Mumble
2009-05-31 00:02:09 ----D---- C:\Program Files\Mumble
2009-05-30 19:51:31 ----D---- C:\Program Files\Stardock
2009-05-28 17:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-05-25 12:52:44 ----D---- C:\Program Files\Sierra
2009-05-25 01:26:11 ----D---- C:\Program Files\ResetDRM
2009-05-24 23:35:04 ----D---- C:\Program Files\PFPortChecker
2009-05-24 21:25:44 ----D---- C:\NVIDIA
2009-05-24 21:09:22 ----D---- C:\Program Files\RadarSync
2009-05-24 20:19:24 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2009-05-24 15:55:59 ----D---- C:\Program Files\Cheat Engine
2009-05-24 15:55:59 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-05-24 15:55:59 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2009-05-24 02:31:16 ----D---- C:\Program Files\Flash Movie Player
2009-05-24 00:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-05-23 09:23:49 ----D---- C:\Program Files\Common Files\DirectX
2009-05-22 20:24:27 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VisionManaged.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\vision71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VGeom71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VBaseUI80.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VBaseUI71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\vBase80.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\vBase71.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\PhysXCore.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\PhysXCooking.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxExtensions.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxCooking.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxCharacter.dll
2009-05-22 20:24:24 ----A---- C:\WINDOWS\system32\MSVCP71D.dll
2009-05-22 20:24:24 ----A---- C:\WINDOWS\system32\libsndfile-1.dll
2009-05-22 20:24:23 ----A---- C:\WINDOWS\system32\d3dx9d_34.dll
2009-05-22 20:22:21 ----D---- C:\Program Files\I-Fluid Demo
2009-05-21 20:52:20 ----D---- C:\Program Files\IBM
2009-05-20 21:44:20 ----D---- C:\Program Files\Chami
2009-05-17 01:25:12 ----D---- C:\Program Files\America's Army
2009-05-16 20:53:10 ----D---- C:\Program Files\Warcraft III
2009-05-16 13:18:56 ----D---- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
2009-05-16 13:03:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-15 20:11:37 ----A---- C:\WINDOWS\BlendSettings.ini

======List of files/folders modified in the last 3 months======

2009-08-13 15:14:15 ----D---- C:\WINDOWS\Prefetch
2009-08-13 15:03:10 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 13:42:10 ----SD---- C:\WINDOWS\Tasks
2009-08-13 12:39:32 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 12:39:32 ----D---- C:\WINDOWS\system32
2009-08-13 12:39:01 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-13 12:38:34 ----AD---- C:\WINDOWS
2009-08-13 12:37:58 ----D---- C:\WINDOWS\Debug
2009-08-13 12:37:54 ----D---- C:\WINDOWS\Temp
2009-08-13 01:14:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-12 22:21:01 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-08-12 21:39:44 ----D---- C:\Program Files
2009-08-12 21:39:44 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-12 21:35:43 ----SHD---- C:\System Volume Information
2009-08-12 21:35:43 ----D---- C:\WINDOWS\system32\Restore
2009-08-12 21:16:04 ----D---- C:\WINDOWS\Registration
2009-08-12 21:15:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-12 21:12:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-08-12 18:04:55 ----HD---- C:\Config.Msi
2009-08-12 18:04:51 ----SHD---- C:\WINDOWS\Installer
2009-08-12 18:04:38 ----HD---- C:\WINDOWS\inf
2009-08-12 18:04:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-12 18:03:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 18:03:48 ----D---- C:\Program Files\Outlook Express
2009-08-12 00:40:03 ----D---- C:\WINDOWS\Minidump
2009-08-11 17:12:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-11 17:11:42 ----D---- C:\Program Files\Common Files
2009-08-10 13:30:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-10 13:12:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-10 02:17:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\GetRightToGo
2009-08-10 01:59:56 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Xfire
2009-08-10 01:27:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 01:24:29 ----RSD---- C:\WINDOWS\assembly
2009-08-10 01:24:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-09 23:45:53 ----D---- C:\Program Files\Xfire
2009-08-09 23:44:56 ----D---- C:\Program Files\Steam
2009-08-09 21:59:09 ----D---- C:\Program Files\Saga
2009-08-09 21:58:42 ----D---- C:\Program Files\Savage 2 - A Tortured Soul
2009-08-09 21:50:27 ----D---- C:\Program Files\Microsoft Games
2009-08-09 21:48:15 ----D---- C:\Program Files\DefenseGridDemo
2009-08-09 21:47:34 ----D---- C:\Program Files\EA GAMES
2009-08-09 21:40:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-09 00:57:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-08 18:02:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-07 18:07:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 18:07:25 ----D---- C:\WINDOWS\WinSxS
2009-08-07 18:04:22 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 18:04:19 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 18:04:16 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 18:01:59 ----D---- C:\Program Files\Internet Explorer
2009-08-07 12:48:27 ----D---- C:\Program Files\World of Warcraft
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 15:52:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-08-01 15:44:25 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 15:07:34 ----D---- C:\Program Files\City of Heroes
2009-07-31 15:45:10 ----D---- C:\Program Files\Java
2009-07-31 00:30:28 ----D---- C:\WINDOWS\system32\DirectX
2009-07-31 00:29:35 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-29 19:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-28 02:08:23 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\gtk-2.0
2009-07-26 16:29:25 ----SD---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Microsoft
2009-07-21 03:28:39 ----D---- C:\WINDOWS\RegisteredPackages
2009-07-20 20:09:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-20 20:09:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-19 08:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 08:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 22:09:02 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-17 14:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 18:08:06 ----A---- C:\WINDOWS\win.ini
2009-07-16 18:07:20 ----D---- C:\Program Files\Microsoft Works
2009-07-16 03:35:49 ----D---- C:\WINDOWS\Help
2009-07-15 17:51:48 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Apple Computer
2009-07-15 17:50:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-15 17:29:02 ----D---- C:\Program Files\iTunes
2009-07-15 17:28:42 ----D---- C:\Program Files\iPod
2009-07-15 17:28:42 ----D---- C:\Program Files\Common Files\Apple
2009-07-15 16:26:45 ----D---- C:\WINDOWS\system32\config
2009-07-15 16:26:15 ----D---- C:\WINDOWS\system32\wbem
2009-07-15 16:24:05 ----D---- C:\Program Files\Chex Quest Complete
2009-07-15 16:22:40 ----D---- C:\Program Files\PLAYXPERT
2009-07-15 16:22:14 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-15 16:22:09 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-08 23:52:59 ----A---- C:\WINDOWS\DUMP736a.tmp
2009-07-08 22:09:39 ----D---- C:\Program Files\Yahoo!
2009-07-06 17:00:28 ----D---- C:\Program Files\Electronic Arts
2009-07-05 13:30:03 ----D---- C:\Program Files\Algodoo Phun Edition_OLD
2009-07-02 11:57:30 ----D---- C:\Program Files\NCH Software
2009-07-01 12:24:28 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Ventrilo
2009-06-29 11:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 06:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 06:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 03:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-27 18:11:40 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SPORE
2009-06-27 15:01:15 ----A---- C:\WINDOWS\system.ini
2009-06-27 15:01:13 ----D---- C:\WINDOWS\pss
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 13:44:02 ----D---- C:\WINDOWS\ie7updates
2009-06-12 07:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 07:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 09:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(15).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(14).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(13).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(12).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(10).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(5).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(4).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(3).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(2).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(10).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(5).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(4).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(3).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(2).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(10).dll
2009-06-10 01:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 14:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-31 14:11:46 ----D---- C:\Program Files\RocketDock
2009-05-31 08:26:17 ----D---- C:\WINDOWS\system
2009-05-30 12:02:00 ----D---- C:\Website
2009-05-26 08:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-25 13:50:11 ----D---- C:\Program Files\PB
2009-05-24 00:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-23 01:13:51 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\My Battle for Middle-earth™ II Files
2009-05-21 20:51:05 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-16 20:53:44 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-16 15:03:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-05-16 13:04:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Google
2009-05-16 13:00:04 ----D---- C:\Program Files\Google
2009-05-15 19:35:10 ----D---- C:\Program Files\Bethesda Softworks
2009-05-14 21:30:10 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-11 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-11 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-11 108552]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-12 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-11-12 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-18 103360]
R3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2005-09-16 206080]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-06-19 43264]
R3 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem; C:\WINDOWS\system32\DRIVERS\KuirKbdFltr.sys [2008-11-18 26016]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem; C:\WINDOWS\system32\DRIVERS\KuirMouFltr.sys [2008-11-18 23200]
R3 Mo3Fltr;MMO Mouse; C:\WINDOWS\system32\drivers\Mo3Fltr.sys [2008-04-15 11136]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 vvfhjnjd;vvfhjnjd; C:\WINDOWS\system32\drivers\fjur.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\aujasnkj.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2008-11-12 29184]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-17 21744]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-07-27 188416]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-11 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-07-27 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-11 153376]
R2 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-07-10 25600]
R2 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-07-27 163840]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-08-01 189104]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2008-11-12 172032]
R2 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-07-27 425984]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-03-10 93960]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-12-12 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-12-12 5117568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate1c95da8d3cabb5c;Google Update Service (gupdate1c95da8d3cabb5c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-16 2736890]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-12-12 243840]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-13 15:14:35

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->MsiExec.exe /I{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}
-->MsiExec.exe /X{16DDE3E0-98D6-40AC-BCF0-5EAB81965AE3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aimersoft Video Converter(Build 1.0.20)-->"C:\Program Files\Aimersoft\Video Converter\unins000.exe"
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Any Video Converter 2.7.0-->"C:\Program Files\Any Video Converter\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12910
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Editor 4-->"C:\Program Files\AVS4YOU\AVSVideoEditor4\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield Vietnam™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Big Biz Tycoon 2-->C:\WINDOWS\unvise32.exe C:\Program Files\Activision Value\Big Biz Tycoon 2\uninstal.log
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Blackhawk Striker 2-->"C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cellfactor Revolution -->C:\Program Files\Timeline Interactive\Cellfactor Revolution\uninst.exe
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Crayon Physics Deluxe Demo - release 52-->"C:\Program Files\Crayon Physics Deluxe Demo\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
CryEngine®2 Sandbox™2-->MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curse Client-->C:\Program Files\Curse\uninstall.exe
D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17530
Darwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1502
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
Desktop Media 1.7-->"C:\Program Files\Desktop Media\unins000.exe"
Digital Guitar Tuner 2.3-->"C:\Program Files\Digital Guitar Tuner 2.3\unins000.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Earth Browser-->MsiExec.exe /X{AD8EA1C9-A637-5144-F46E-36C7945A0BB6}
Echospin Delivery Wizard-->RunDll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\esProxy.inf,DefaultUninstall
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Talk-->C:\Program Files\NCH Swift Sound\Talk\uninst.exe
Fast Food Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68BC4189-F35A-4ED2-8FBE-137AE9D8CCCA}\setup.exe"
FATE-->"C:\Program Files\Gateway Games\FATE\Uninstall.exe"
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Flash Movie Player 1.5-->C:\Program Files\Flash Movie Player\uninst.exe
Flash to Video Encoder-->"C:\Program Files\GeoVid\Flash to Video Encoder\unins000.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameSpy Comrade-->MsiExec.exe /X{7C2E4E9B-0B88-48B6-B7B0-E3F3DF0A239D}
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gateway Game Console-->"C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Gears-->MsiExec.exe /I{2A9C3F41-DACA-37AB-84FB-2E6193C42151}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life Deathmatch: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/360
Half-Life Dedicated Server Update Tool-->C:\srcds\UNWISE.EXE C:\srcds\INSTALL.LOG
Half-Life: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/280
HandBrake 0.9.3-->C:\Program Files\HandBrake\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961-v4)-->"C:\WINDOWS\$NtUninstallKB895961-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
IBM Lotus Symphony-->MsiExec.exe /X{ead711fd-8c81-4d1b-b933-d38df9b66a21}
I-Fluid 1.0-->"C:\Program Files\I-Fluid Demo\unins000.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{DA327C6D-D8F1-4587-B4DE-10C39BF6B891} /qb!
ISOMagic-->C:\Program Files\ISOMagic\Uninstall.exe
iTouchMidi WIN 1.0.7-->C:\Program Files\iTouchMidi\uninst.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_4422c4a\Setup.exe /APR-REMOVE
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
LEGO® Batman™-->C:\Program Files\InstallShield Installation Information\{398AB469-77FC-4935-820B-D419388C0A6A}\Setup.exe -runfromtemp -l0x0409
Linksys Wireless-G PCI Network Adapter with SpeedBooster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft XNA Framework Redistributable 2.0-->MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
Monster Trucks Nitro Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16630
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Moyea FLV to Video Converter Pro 2 version: 2.0.15.0-->"C:\Program Files\Moyea\FLV to Video Converter Pro 2\unins000.exe"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{6710FE30-27F7-492B-A660-D31D4A898A43}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multiwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1540
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Peggle Nights (remove only)-->"C:\Program Files\PopCap Games\Peggle Nights\Uninstall.exe"
PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe
Phun beta 4.22-->"C:\Program Files\Algodoo Phun Edition_OLD\unins000.exe"
PitchPerfect Uninstall-->C:\Program Files\NCH Swift Sound\PitchPerfect\uninst.exe
PLAYXPERT In-Game Platform-->"C:\WINDOWS\PLAYXPERT In-Game Platform\uninstall.exe" "/U:C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform\Uninstall\uninstall.xml"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
Puzzlegeddon Demo-->C:\Program Files\Puzzlegeddon Demo\uninstall.exe
Quake Live Mozilla Plugin-->MsiExec.exe /I{65AA2584-00B9-4900-B519-1D7FD06FB124}
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RadarSync-->C:\Program Files\RadarSync\uninst.exe
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
RPG Maker 2003 v1.08-->"C:\Program Files\rpg2003\unins000.exe"
Scholastic's I SPY Spooky Mansion-->C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Scorched3D 42.1-->C:\Program Files\Scorched3D\uninst.exe
ScreenStream-->C:\Program Files\NCH Software\ScreenStream\uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
SlingPlayer-->"C:\Program Files\InstallShield Installation Information\{E2741785-8993-4BB6-A76F-35244DC4FFB0}\setup.exe" -runfromtemp -l0x0409 -removeonly
SlingPlayer-->MsiExec.exe /X{E2741785-8993-4BB6-A76F-35244DC4FFB0}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Strong Bad - Strong Bad Episode 4 - Dangeresque 3-->C:\Program Files\Telltale Games\Strong Bad\Uninstall Episode 4 - Dangeresque 3.exe
Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough-->C:\Program Files\Telltale Games\Strong Bad\Uninstall Episode 5 - 8-Bit Is Enough.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Battle for Middle-earth ™-->C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
The Ship Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2403
The Ship Single Player-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2420
The Ship Tutorial-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2430
The Ship-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2400
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
theHunter-->MsiExec.exe /X{4C5C8219-5CEF-4B63-AD21-48FA76CAF7FC}
Titan Quest Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4590
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->J:\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Uninstall KkMenu docklet for Stardock Object Dock-->"C:\Program Files\Stardock\ObjectDock\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoPad Video Editor-->C:\Program Files\NCH Software\VideoPad\uninst.exe
VoipBuster-->"C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
Warhammer Online - Age of Reckoning-->C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
Warmonger-->"C:\Program Files\Netdevil\Warmonger\uninstall.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WeFi 3.6.0.7-->C:\Program Files\WeFi\uninst.exe
West Point Bridge Designer 2007-->C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/06/2008 1.0.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\mo3_D1849431A870C9F017A98B3718F8FD334DD6E75F\mo3.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media DRM Reset-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\resetdrm.inf,Uninstall
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinX DVD Author 5.5-->"C:\Program Files\WinX DVD Author 5.5\unins000.exe"
Wondershare Video Converter Platinum(Build 4.0.6.1)-->"C:\Program Files\Wondershare\Video Converter Platinum\unins000.exe"
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft MMO Gaming Mouse-->C:\Program Files\InstallShield Installation Information\{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x

=====HijackThis Backups=====

O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com [2009-08-10]
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com [2009-08-10]
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com [2009-08-10]
O1 - Hosts: 82.98.231.89 onlinenotifyq.net [2009-08-10]
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com [2009-08-10]
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com [2009-08-10]
O1 - Hosts: 82.98.231.89 best-click-scanner.info [2009-08-10]
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com [2009-08-10]
O2 - BHO: (no name) - {C1C82137-E3F0-42D4-9A1C-DCF68F8A5556} - (no file) [2009-08-10]
O2 - BHO: (no name) - {AF880088-DEDA-4A00-81C1-A6337059DFA2} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free
AV: Avira AntiVir PersonalEdition
AV: McAfee VirusScan (disabled)
FW: (disabled)

======System event log======

Computer Name: PINKERTON
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 12430
Source Name: W32Time
Time Written: 20090807084713.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 12393
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 7000
Message: The Google Update Service (gupdate1c95da8d3cabb5c) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 12392
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c95da8d3cabb5c) service to connect.

Record Number: 12391
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 115
Message: The service could not bind instance 1. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 12389
Source Name: W3SVC
Time Written: 20090806190759.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11813
Source Name: PerfDisk
Time Written: 20090524145626.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11812
Source Name: PerfDisk
Time Written: 20090524145625.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11811
Source Name: PerfDisk
Time Written: 20090524145625.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11810
Source Name: PerfDisk
Time Written: 20090524145624.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11809
Source Name: PerfDisk
Time Written: 20090524145624.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   43.31KB   10 downloads
  • Attached File  log.txt   82.47KB   11 downloads


#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 13 August 2009 - 03:22 PM

We are going any further until you uninstall one of the two antivirus programs!
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 04:01 PM

AVG should be gone now. Sorry.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 13 August 2009 - 05:22 PM

Good. Do you still get redirected by clickover.cn?

Now run RSIT and post the log.txt
and info.txt logs

Edited by SifuMike, 13 August 2009 - 05:27 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 06:43 PM

No I don't think so. I want to make sure my computer is totally clean though.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-13 18:39:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 85 GB (28%) free of 300 GB
Total RAM: 2030 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:55 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\RSIT.exe
C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...P&M=GM5266E
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...P&M=GM5266E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe C:\DOCUME~1\OWNER~1.YOU\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [1A:KkTrayServer] C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229795413837
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229795618519
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - https://kingsisle.hs.llnwd.net/e1/static/th...ameLauncher.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - http://play.battlefield-heroes.com/static/...er_4.0.11.0.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file)
O20 - AppInit_DLLs: druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95da8d3cabb5c) (gupdate1c95da8d3cabb5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

--
End of file - 14460 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007UA.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-12 1191424]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"SteelSeries World of Warcraft MMO Gaming Mouse"=C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [2009-05-13 414720]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-11 149280]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-07-27 341312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2009-07-30 1935360]
"PlayNC Launcher"= []
"Google Update"=C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 133104]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"SODCPreLoad"=C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe [2009-05-21 40960]
"1A:KkTrayServer"=C:\Program Files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe [2006-03-28 108544]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-12-18 2304960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-07-27 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2008-10-01 800256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2009-02-06 3325952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fssui.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1226539143\EE\AOLHostManager.exe [2004-11-03 125528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-07-13 9134080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe [2008-11-18 323216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe [2009-08-09 38184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-03-29 375296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-07-15 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Talk]
C:\Program Files\NCH Swift Sound\Talk\talk.exe [2009-03-27 704516]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]
C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe [2008-11-10 9017648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wefi]
C:\Program Files\WeFi\WeFi.exe [2009-03-29 501760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
c:\Program Files\Zune\ZuneLauncher.exe [2008-12-12 157312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-891C2B43EF^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
C:\PROGRA~1\Sony\SONYPI~1\PMBCore\SPUVOL~1.EXE [2007-11-22 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="druyww.dll mqvnnt.dll l C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=177
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1226539143\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1226539143\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel® Viiv™ Media Server"
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel® Remoting Service"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\PLAYXPERT\CoreImpl.exe"="C:\Program Files\PLAYXPERT\CoreImpl.exe:*:Enabled:CoreImpl"
"C:\Program Files\PLAYXPERT\PXP.exe"="C:\Program Files\PLAYXPERT\PXP.exe:*:Enabled:PLAYXPERT"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam.exe"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\dxwebsetup.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\dxwebsetup.exe:*:Enabled:dxwebsetup.exe"
"C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe"="C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\Steam\steamapps\31th296\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\31th296\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\steamapps\31th296\garrysmod\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\GameSpy\Comrade\Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe"="C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer"
"C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Temp\Rar$EX00.656\Gang Garrison 2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Local Settings\Temp\Rar$EX00.656\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\Cam's Stuff\Gang Garrison 2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\Cam's Stuff\Gang Garrison 2.exe:*:Enabled:Gang Garrison 2"
"C:\Program Files\Steam\steamapps\31th296\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\31th296\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\31th296\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe"="C:\Program Files\Turbine\Dungeons & Dragons Online - Stormreach\dndclient.exe:*:Enabled:dndclient"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Puzzlegeddon Demo\Puzzlegeddon.exe"="C:\Program Files\Puzzlegeddon Demo\Puzzlegeddon.exe:*:Enabled:Puzzlegeddon Demo"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe"="C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3sp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe"="C:\Program Files\Steam\steamapps\common\call of duty 4\iw3mp.exe:*:Enabled:Call of Duty 4: Modern Warfare"
"C:\Program Files\Steam\steamapps\31th296\darwinia demo\darwinia.exe"="C:\Program Files\Steam\steamapps\31th296\darwinia demo\darwinia.exe:*:Enabled:Darwinia Demo"
"C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe"="C:\Program Files\Steam\steamapps\common\monster trucks nitro demo\MonsterTrucksNitro.exe:*:Enabled:Monster Trucks Nitro Demo"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\pwi_AllFiles_v2.exe"="C:\Documents and Settings\Owner.YOUR-891C2B43EF\Desktop\pwi_AllFiles_v2.exe:*:Enabled:pwi_AllFiles_v2"
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe"="C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\EA GAMES\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\NCH Swift Sound\Talk\talk.exe"="C:\Program Files\NCH Swift Sound\Talk\talk.exe:*:Disabled:Express Talk"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe"="C:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLive.exe:*:Enabled:Games for Windows - LIVE"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\Program Files\Vogster Entertainment\CrimeCraft BT\Binaries\CrimeCraft.exe"="C:\Program Files\Vogster Entertainment\CrimeCraft BT\Binaries\CrimeCraft.exe:*:Enabled:CrimeCraft"
"C:\Program Files\America's Army Deploy Client\AADeployClient.exe"="C:\Program Files\America's Army Deploy Client\AADeployClient.exe:*:Enabled:AADeployClient"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Xfire\dppm_source.exe"="C:\Program Files\Xfire\dppm_source.exe:*:Enabled:Dyyno P2P Source Application"
"C:\Program Files\America's Army\System\ArmyOps.exe"="C:\Program Files\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe"="C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.200810171336\win32\x86\symphony.exe:*:Enabled:Lotus Symphony"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\31th296\the ship dedicated server\srcds.exe"="C:\Program Files\Steam\steamapps\31th296\the ship dedicated server\srcds.exe:*:Enabled:srcds"
"C:\Program Files\Steam\steamapps\31th296\the ship\ship.exe"="C:\Program Files\Steam\steamapps\31th296\the ship\ship.exe:*:Enabled:ship"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\Program Files\GALA-NET\Rappelz\RappelzConfig.exe"="C:\Program Files\GALA-NET\Rappelz\RappelzConfig.exe:*:Enabled:RappelzConfig.exe"
"C:\Program Files\teeworlds\teeworlds-0.5.1-win32\teeworlds_srv.exe"="C:\Program Files\teeworlds\teeworlds-0.5.1-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753594f4-b11f-11dd-b294-806d6172696f}]
shell\AutoRun\command - E:\Setup.exe


======List of files/folders created in the last 3 months======

2009-08-13 18:39:48 ----D---- C:\rsit
2009-08-12 20:41:37 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol
2009-08-12 20:41:20 ----D---- C:\Program Files\BillP Studios
2009-08-12 18:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 18:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 18:04:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 18:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 18:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 18:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 18:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 18:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 18:03:23 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-12 18:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-12 18:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-11 17:12:35 ----A---- C:\WINDOWS\system32\java.exe
2009-08-10 13:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 13:12:45 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-10 13:12:45 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com
2009-08-10 02:52:37 ----A---- C:\WINDOWS\wininit.ini
2009-08-10 02:32:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-10 02:32:43 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 01:22:35 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-09 21:40:48 ----D---- C:\Program Files\Windows Defender
2009-08-09 17:20:52 ----D---- C:\Documents and Settings\All Users\Application Data\12436714
2009-08-09 02:30:55 ----A---- C:\Program Files\jxwagfh.txt
2009-08-08 21:35:14 ----D---- C:\Mp3 Output
2009-08-08 21:35:11 ----A---- C:\WINDOWS\system32\mp3Media2.dll
2009-08-08 21:35:10 ----D---- C:\Program Files\Smallvideosoft
2009-08-08 18:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-07 18:03:46 ----D---- C:\f447dd62f3f81609cc552e7384
2009-08-07 18:03:36 ----D---- C:\WINDOWS\SxsCaPendDel
2009-07-31 19:51:19 ----HD---- C:\Documents and Settings\All Users\Application Data\esClient
2009-07-31 19:51:06 ----D---- C:\Program Files\echospin
2009-07-31 15:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-30 23:56:14 ----D---- C:\WINDOWS\C6996F17923349EB8084E73E5272DAF4.TMP
2009-07-30 23:51:03 ----D---- C:\Program Files\Timeline Interactive
2009-07-30 00:26:19 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\skypePM
2009-07-30 00:24:58 ----RD---- C:\Program Files\Skype
2009-07-30 00:24:49 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-29 15:18:55 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\WebApps
2009-07-23 20:57:06 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-07-21 18:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2009-07-21 03:39:18 ----D---- C:\Program Files\DVDVideoSoft
2009-07-21 03:39:18 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-07-21 03:28:39 ----D---- C:\WINDOWS\system32\windows media
2009-07-21 03:28:25 ----D---- C:\Program Files\Windows Media Components
2009-07-20 20:09:18 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries
2009-07-20 20:09:04 ----D---- C:\Program Files\SteelSeries
2009-07-20 19:29:10 ----D---- C:\Program Files\iTouchMidi
2009-07-20 16:02:03 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-18 22:09:13 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\id Software
2009-07-18 22:09:01 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-07-18 00:11:21 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Yahoo!
2009-07-18 00:11:15 ----D---- C:\Program Files\CCleaner
2009-07-17 22:39:23 ----D---- C:\WINDOWS\F579118563414E21A47F41B57AC749B5.TMP
2009-07-17 22:39:05 ----D---- C:\Program Files\Netdevil
2009-07-17 21:16:18 ----D---- C:\WINDOWS\system32\AGEIA
2009-07-17 21:16:18 ----D---- C:\Program Files\AGEIA Technologies
2009-07-17 14:24:30 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Realtime Soft
2009-07-17 14:24:25 ----D---- C:\Program Files\UltraMon
2009-07-17 14:24:25 ----D---- C:\Program Files\Common Files\Realtime Soft
2009-07-17 14:24:24 ----D---- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2009-07-16 23:06:44 ----D---- C:\Program Files\Emote
2009-07-16 18:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 18:06:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 18:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-16 02:32:44 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\VoipBuster
2009-07-16 02:31:42 ----D---- C:\Program Files\VoipBuster.com
2009-07-16 02:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-07-16 01:57:30 ----D---- C:\WINDOWS\nview
2009-07-16 01:57:30 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-07-16 01:52:32 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-16 00:41:38 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-16 00:41:37 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-16 00:41:37 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-16 00:41:36 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-07-16 00:41:34 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-07-15 17:28:38 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 17:27:26 ----D---- C:\Program Files\QuickTime
2009-07-15 17:26:22 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-07-15 16:23:30 ----D---- C:\Program Files\WeFi
2009-07-15 16:19:11 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform
2009-07-09 17:37:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(3)
2009-07-09 17:37:09 ----D---- C:\Program Files\SteelSeries(2)
2009-07-08 22:42:30 ----D---- C:\WINDOWS\nview(2)
2009-07-08 22:24:45 ----D---- C:\Program Files\SpeedFan
2009-07-08 22:09:40 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-06 17:11:50 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Prism
2009-07-05 12:33:24 ----D---- C:\Program Files\Call of Duty
2009-07-03 12:37:29 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(2)
2009-07-02 17:47:35 ----D---- C:\Program Files\id Software
2009-07-01 22:16:31 ----D---- C:\Program Files\UrbanTerror
2009-07-01 15:04:58 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\OpenArena
2009-06-29 12:10:51 ----D---- C:\Program Files\VUGames
2009-06-27 20:47:23 ----D---- C:\Program Files\Sun(2)
2009-06-14 13:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-06-14 13:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-14 13:47:45 ----DC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-14 13:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-14 13:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\keystone.exe
2009-06-10 08:29:32 ----A---- C:\WINDOWS\system32\nview.dll
2009-06-10 08:29:30 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(6).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(5).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(4).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(3).dll
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi(2).dll
2009-06-10 08:29:12 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-06-10 08:29:06 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-06-10 08:29:02 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-06-10 08:29:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-06-10 08:28:58 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-06-10 08:28:52 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(6).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(5).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(4).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(3).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32(2).exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(6).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(5).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(4).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(3).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray(2).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(9).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(8).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(7).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(6).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(5).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(4).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(3).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(2).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl(10).dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-06-10 08:28:48 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-06-02 18:41:17 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2009-06-02 11:21:29 ----D---- C:\Program Files\QMixer
2009-06-01 15:51:07 ----D---- C:\Program Files\Textorizer
2009-05-31 17:33:07 ----D---- C:\Program Files\Scorched3D
2009-05-31 16:18:13 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Teeworlds
2009-05-31 16:18:01 ----D---- C:\Program Files\teeworlds
2009-05-31 10:14:37 ----D---- C:\Program Files\GALA-NET
2009-05-31 08:27:56 ----A---- C:\WINDOWS\spookydisplay.ini
2009-05-31 08:26:24 ----D---- C:\Program Files\Scholastic
2009-05-31 00:02:49 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Mumble
2009-05-31 00:02:09 ----D---- C:\Program Files\Mumble
2009-05-30 19:51:31 ----D---- C:\Program Files\Stardock
2009-05-28 17:13:15 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-05-25 12:52:44 ----D---- C:\Program Files\Sierra
2009-05-25 01:26:11 ----D---- C:\Program Files\ResetDRM
2009-05-24 23:35:04 ----D---- C:\Program Files\PFPortChecker
2009-05-24 21:25:44 ----D---- C:\NVIDIA
2009-05-24 21:09:22 ----D---- C:\Program Files\RadarSync
2009-05-24 20:19:24 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2009-05-24 15:55:59 ----D---- C:\Program Files\Cheat Engine
2009-05-24 15:55:59 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-05-24 15:55:59 ----A---- C:\WINDOWS\system32\D3DX81ab.dll
2009-05-24 02:31:16 ----D---- C:\Program Files\Flash Movie Player
2009-05-24 00:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-05-23 09:23:49 ----D---- C:\Program Files\Common Files\DirectX
2009-05-22 20:24:27 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VisionManaged.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\vision71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VGeom71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VBaseUI80.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\VBaseUI71.dll
2009-05-22 20:24:26 ----A---- C:\WINDOWS\system32\vBase80.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\vBase71.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\PhysXCore.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\PhysXCooking.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxExtensions.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxCooking.dll
2009-05-22 20:24:25 ----A---- C:\WINDOWS\system32\NxCharacter.dll
2009-05-22 20:24:24 ----A---- C:\WINDOWS\system32\MSVCP71D.dll
2009-05-22 20:24:24 ----A---- C:\WINDOWS\system32\libsndfile-1.dll
2009-05-22 20:24:23 ----A---- C:\WINDOWS\system32\d3dx9d_34.dll
2009-05-22 20:22:21 ----D---- C:\Program Files\I-Fluid Demo
2009-05-21 20:52:20 ----D---- C:\Program Files\IBM
2009-05-20 21:44:20 ----D---- C:\Program Files\Chami
2009-05-17 01:25:12 ----D---- C:\Program Files\America's Army
2009-05-16 20:53:10 ----D---- C:\Program Files\Warcraft III
2009-05-16 13:18:56 ----D---- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client
2009-05-16 13:03:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-15 20:11:37 ----A---- C:\WINDOWS\BlendSettings.ini

======List of files/folders modified in the last 3 months======

2009-08-13 17:31:59 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 17:02:47 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-08-13 16:48:00 ----D---- C:\WINDOWS\Prefetch
2009-08-13 16:05:04 ----D---- C:\Program Files
2009-08-13 16:00:53 ----D---- C:\WINDOWS\system32\inetsrv
2009-08-13 15:59:29 ----SD---- C:\WINDOWS\Tasks
2009-08-13 15:58:53 ----D---- C:\WINDOWS\Registration
2009-08-13 15:58:52 ----D---- C:\WINDOWS\Temp
2009-08-13 15:57:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 15:56:48 ----AD---- C:\WINDOWS
2009-08-13 15:56:21 ----D---- C:\WINDOWS\system32
2009-08-13 15:54:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 15:54:38 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 12:37:58 ----D---- C:\WINDOWS\Debug
2009-08-13 01:14:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-12 21:39:44 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-12 21:35:43 ----SHD---- C:\System Volume Information
2009-08-12 21:35:43 ----D---- C:\WINDOWS\system32\Restore
2009-08-12 18:04:55 ----HD---- C:\Config.Msi
2009-08-12 18:04:51 ----SHD---- C:\WINDOWS\Installer
2009-08-12 18:04:38 ----HD---- C:\WINDOWS\inf
2009-08-12 18:04:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-12 18:03:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 18:03:48 ----D---- C:\Program Files\Outlook Express
2009-08-12 00:40:03 ----D---- C:\WINDOWS\Minidump
2009-08-11 17:12:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-11 17:11:42 ----D---- C:\Program Files\Common Files
2009-08-10 13:30:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-10 13:12:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-10 02:17:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\GetRightToGo
2009-08-10 01:59:56 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Xfire
2009-08-10 01:27:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 01:24:29 ----RSD---- C:\WINDOWS\assembly
2009-08-10 01:24:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-09 23:45:53 ----D---- C:\Program Files\Xfire
2009-08-09 23:44:56 ----D---- C:\Program Files\Steam
2009-08-09 21:59:09 ----D---- C:\Program Files\Saga
2009-08-09 21:58:42 ----D---- C:\Program Files\Savage 2 - A Tortured Soul
2009-08-09 21:50:27 ----D---- C:\Program Files\Microsoft Games
2009-08-09 21:48:15 ----D---- C:\Program Files\DefenseGridDemo
2009-08-09 21:47:34 ----D---- C:\Program Files\EA GAMES
2009-08-09 21:40:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-09 00:57:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-08 18:02:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-07 18:07:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-07 18:07:25 ----D---- C:\WINDOWS\WinSxS
2009-08-07 18:04:22 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-07 18:04:19 ----D---- C:\WINDOWS\system32\en-US
2009-08-07 18:04:16 ----RSD---- C:\WINDOWS\Fonts
2009-08-07 18:01:59 ----D---- C:\Program Files\Internet Explorer
2009-08-07 12:48:27 ----D---- C:\Program Files\World of Warcraft
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 15:52:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-08-01 15:44:25 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-01 15:07:34 ----D---- C:\Program Files\City of Heroes
2009-07-31 15:45:10 ----D---- C:\Program Files\Java
2009-07-31 00:30:28 ----D---- C:\WINDOWS\system32\DirectX
2009-07-31 00:29:35 ----HD---- C:\WINDOWS\msdownld.tmp
2009-07-29 19:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-28 02:08:23 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\gtk-2.0
2009-07-26 16:29:25 ----SD---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Microsoft
2009-07-21 03:28:39 ----D---- C:\WINDOWS\RegisteredPackages
2009-07-20 20:09:15 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-20 20:09:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-19 08:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 08:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 22:09:02 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-17 14:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 18:08:06 ----A---- C:\WINDOWS\win.ini
2009-07-16 18:07:20 ----D---- C:\Program Files\Microsoft Works
2009-07-16 03:35:49 ----D---- C:\WINDOWS\Help
2009-07-15 17:51:48 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Apple Computer
2009-07-15 17:50:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-15 17:29:02 ----D---- C:\Program Files\iTunes
2009-07-15 17:28:42 ----D---- C:\Program Files\iPod
2009-07-15 17:28:42 ----D---- C:\Program Files\Common Files\Apple
2009-07-15 16:26:45 ----D---- C:\WINDOWS\system32\config
2009-07-15 16:26:15 ----D---- C:\WINDOWS\system32\wbem
2009-07-15 16:24:05 ----D---- C:\Program Files\Chex Quest Complete
2009-07-15 16:22:40 ----D---- C:\Program Files\PLAYXPERT
2009-07-15 16:22:14 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-15 16:22:09 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-08 23:52:59 ----A---- C:\WINDOWS\DUMP736a.tmp
2009-07-08 22:09:39 ----D---- C:\Program Files\Yahoo!
2009-07-06 17:00:28 ----D---- C:\Program Files\Electronic Arts
2009-07-05 13:30:03 ----D---- C:\Program Files\Algodoo Phun Edition_OLD
2009-07-02 11:57:30 ----D---- C:\Program Files\NCH Software
2009-07-01 12:24:28 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Ventrilo
2009-06-29 11:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 06:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 06:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 03:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-27 18:11:40 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\SPORE
2009-06-27 15:01:15 ----A---- C:\WINDOWS\system.ini
2009-06-27 15:01:13 ----D---- C:\WINDOWS\pss
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 13:44:02 ----D---- C:\WINDOWS\ie7updates
2009-06-12 07:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 07:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 09:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(15).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(14).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(13).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(12).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod(10).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(5).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(4).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(3).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(2).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi(10).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(9).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(8).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(7).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(6).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(5).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(4).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(3).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(2).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(11).dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp(10).dll
2009-06-10 01:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 14:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-31 14:11:46 ----D---- C:\Program Files\RocketDock
2009-05-31 08:26:17 ----D---- C:\WINDOWS\system
2009-05-30 12:02:00 ----D---- C:\Website
2009-05-26 08:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-25 13:50:11 ----D---- C:\Program Files\PB
2009-05-24 00:59:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-23 01:13:51 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\My Battle for Middle-earth™ II Files
2009-05-21 20:51:05 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-16 20:53:44 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-16 15:03:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-05-16 13:04:16 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Google
2009-05-16 13:00:04 ----D---- C:\Program Files\Google
2009-05-15 19:35:10 ----D---- C:\Program Files\Bethesda Softworks
2009-05-14 21:30:10 ----D---- C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-02-02 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-02-02 9464]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-12 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-11-12 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-12-18 103360]
R3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2005-09-16 206080]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BCM43XX;Linksys Wireless-G PCI Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-22 369024]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2006-06-19 43264]
R3 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem; C:\WINDOWS\system32\DRIVERS\KuirKbdFltr.sys [2008-11-18 26016]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem; C:\WINDOWS\system32\DRIVERS\KuirMouFltr.sys [2008-11-18 23200]
R3 Mo3Fltr;MMO Mouse; C:\WINDOWS\system32\drivers\Mo3Fltr.sys [2008-04-15 11136]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-02 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 vvfhjnjd;vvfhjnjd; C:\WINDOWS\system32\drivers\fjur.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2008-11-12 29184]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-17 21744]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 QCEmerald;Logitech QuickCam Web; C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-07-27 188416]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-07-27 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-11 153376]
R2 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-07-27 163840]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-10-20 96256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-01 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-08-01 189104]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2008-11-12 172032]
R2 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-07-27 425984]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-03-10 93960]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-12-12 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-12-12 5117568]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 gupdate1c95da8d3cabb5c;Google Update Service (gupdate1c95da8d3cabb5c); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 M1 Server;Intel® Viiv™ Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-07-10 25600]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-14 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-02-16 2736890]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-12-12 243840]
S4 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-08-13 18:39:57

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B2C4A8C4-AA20-425D-9FEE-C78039238C81}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->MsiExec.exe /I{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}
-->MsiExec.exe /X{16DDE3E0-98D6-40AC-BCF0-5EAB81965AE3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aimersoft Video Converter(Build 1.0.20)-->"C:\Program Files\Aimersoft\Video Converter\unins000.exe"
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Any Video Converter 2.7.0-->"C:\Program Files\Any Video Converter\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audiosurf Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12910
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Editor 4-->"C:\Program Files\AVS4YOU\AVSVideoEditor4\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Battlefield Vietnam™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Big Biz Tycoon 2-->C:\WINDOWS\unvise32.exe C:\Program Files\Activision Value\Big Biz Tycoon 2\uninstal.log
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Blackhawk Striker 2-->"C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cellfactor Revolution -->C:\Program Files\Timeline Interactive\Cellfactor Revolution\uninst.exe
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Crayon Physics Deluxe Demo - release 52-->"C:\Program Files\Crayon Physics Deluxe Demo\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cross Fire En-->"C:\Program Files\Subagames\CrossFire\unins000.exe"
CryEngine®2 Sandbox™2-->MsiExec.exe /I{7E4B7FD9-4ECE-4298-A910-3160B7918059}
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curse Client-->C:\Program Files\Curse\uninstall.exe
D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17530
Darwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1502
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
Desktop Media 1.7-->"C:\Program Files\Desktop Media\unins000.exe"
Digital Guitar Tuner 2.3-->"C:\Program Files\Digital Guitar Tuner 2.3\unins000.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
Earth Browser-->MsiExec.exe /X{AD8EA1C9-A637-5144-F46E-36C7945A0BB6}
Echospin Delivery Wizard-->RunDll32 advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\esProxy.inf,DefaultUninstall
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Talk-->C:\Program Files\NCH Swift Sound\Talk\uninst.exe
Fast Food Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68BC4189-F35A-4ED2-8FBE-137AE9D8CCCA}\setup.exe"
FATE-->"C:\Program Files\Gateway Games\FATE\Uninstall.exe"
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Flash Movie Player 1.5-->C:\Program Files\Flash Movie Player\uninst.exe
Flash to Video Encoder-->"C:\Program Files\GeoVid\Flash to Video Encoder\unins000.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameSpy Comrade-->MsiExec.exe /X{7C2E4E9B-0B88-48B6-B7B0-E3F3DF0A239D}
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gateway Game Console-->"C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Gears-->MsiExec.exe /I{2A9C3F41-DACA-37AB-84FB-2E6193C42151}
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life Deathmatch: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/360
Half-Life Dedicated Server Update Tool-->C:\srcds\UNWISE.EXE C:\srcds\INSTALL.LOG
Half-Life: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/280
HandBrake 0.9.3-->C:\Program Files\HandBrake\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner.YOUR-891C2B43EF\My Documents\Desktop Stuff\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961-v4)-->"C:\WINDOWS\$NtUninstallKB895961-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
IBM Lotus Symphony-->MsiExec.exe /X{ead711fd-8c81-4d1b-b933-d38df9b66a21}
I-Fluid 1.0-->"C:\Program Files\I-Fluid Demo\unins000.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{DA327C6D-D8F1-4587-B4DE-10C39BF6B891} /qb!
ISOMagic-->C:\Program Files\ISOMagic\Uninstall.exe
iTouchMidi WIN 1.0.7-->C:\Program Files\iTouchMidi\uninst.exe
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_4422c4a\Setup.exe /APR-REMOVE
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
LEGO® Batman™-->C:\Program Files\InstallShield Installation Information\{398AB469-77FC-4935-820B-D419388C0A6A}\Setup.exe -runfromtemp -l0x0409
Linksys Wireless-G PCI Network Adapter with SpeedBooster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAE4A00B-D290-4B65-8287-B82A80FC0619}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Media Converter SA Edition 0.8-->C:\Program Files\Media Converter SA Edition\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft XNA Framework Redistributable 2.0-->MsiExec.exe /I{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}
Monster Trucks Nitro Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16630
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Moyea FLV to Video Converter Pro 2 version: 2.0.15.0-->"C:\Program Files\Moyea\FLV to Video Converter Pro 2\unins000.exe"
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{6710FE30-27F7-492B-A660-D31D4A898A43}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multiwinia Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1540
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Peggle Nights (remove only)-->"C:\Program Files\PopCap Games\Peggle Nights\Uninstall.exe"
PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe
Phun beta 4.22-->"C:\Program Files\Algodoo Phun Edition_OLD\unins000.exe"
PitchPerfect Uninstall-->C:\Program Files\NCH Swift Sound\PitchPerfect\uninst.exe
PLAYXPERT In-Game Platform-->"C:\WINDOWS\PLAYXPERT In-Game Platform\uninstall.exe" "/U:C:\Documents and Settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform\Uninstall\uninstall.xml"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
Puzzlegeddon Demo-->C:\Program Files\Puzzlegeddon Demo\uninstall.exe
Quake Live Mozilla Plugin-->MsiExec.exe /I{65AA2584-00B9-4900-B519-1D7FD06FB124}
Quicken 2002 New User Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RadarSync-->C:\Program Files\RadarSync\uninst.exe
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
RPG Maker 2003 v1.08-->"C:\Program Files\rpg2003\unins000.exe"
Scholastic's I SPY Spooky Mansion-->C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Scorched3D 42.1-->C:\Program Files\Scorched3D\uninst.exe
ScreenStream-->C:\Program Files\NCH Software\ScreenStream\uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
SlingPlayer-->"C:\Program Files\InstallShield Installation Information\{E2741785-8993-4BB6-A76F-35244DC4FFB0}\setup.exe" -runfromtemp -l0x0409 -removeonly
SlingPlayer-->MsiExec.exe /X{E2741785-8993-4BB6-A76F-35244DC4FFB0}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Strong Bad - Strong Bad Episode 4 - Dangeresque 3-->C:\Program Files\Telltale Games\Strong Bad\Uninstall Episode 4 - Dangeresque 3.exe
Strong Bad - Strong Bad Episode 5 - 8-Bit Is Enough-->C:\Program Files\Telltale Games\Strong Bad\Uninstall Episode 5 - 8-Bit Is Enough.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TES Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
The Battle for Middle-earth ™-->C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
The Ship Dedicated Server-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2403
The Ship Single Player-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2420
The Ship Tutorial-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2430
The Ship-->"C:\Program Files\Steam\steam.exe" steam://uninstall/2400
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
theHunter-->MsiExec.exe /X{4C5C8219-5CEF-4B63-AD21-48FA76CAF7FC}
Titan Quest Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4590
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->J:\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Uninstall KkMenu docklet for Stardock Object Dock-->"C:\Program Files\Stardock\ObjectDock\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoPad Video Editor-->C:\Program Files\NCH Software\VideoPad\uninst.exe
VoipBuster-->"C:\Program Files\VoipBuster.com\VoipBuster\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
Warhammer Online - Age of Reckoning-->C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\uninst2.exe
Warmonger-->"C:\Program Files\Netdevil\Warmonger\uninstall.exe"
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WeFi 3.6.0.7-->C:\Program Files\WeFi\uninst.exe
West Point Bridge Designer 2007-->C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini"
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/06/2008 1.0.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\mo3_D1849431A870C9F017A98B3718F8FD334DD6E75F\mo3.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media DRM Reset-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\resetdrm.inf,Uninstall
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinX DVD Author 5.5-->"C:\Program Files\WinX DVD Author 5.5\unins000.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wondershare Video Converter Platinum(Build 4.0.6.1)-->"C:\Program Files\Wondershare\Video Converter Platinum\unins000.exe"
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft MMO Gaming Mouse-->C:\Program Files\InstallShield Installation Information\{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x

=====HijackThis Backups=====

O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com [2009-08-10]
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com [2009-08-10]
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com [2009-08-10]
O1 - Hosts: 82.98.231.89 onlinenotifyq.net [2009-08-10]
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com [2009-08-10]
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com [2009-08-10]
O1 - Hosts: 82.98.231.89 best-click-scanner.info [2009-08-10]
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com [2009-08-10]
O2 - BHO: (no name) - {C1C82137-E3F0-42D4-9A1C-DCF68F8A5556} - (no file) [2009-08-10]
O2 - BHO: (no name) - {AF880088-DEDA-4A00-81C1-A6337059DFA2} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [2009-08-10]
O18 - Filter hijack: text/html - {fe41db5f-31b9-42a7-995b-41ac9febaad5} - (no file) [2009-08-10]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition
AV: McAfee VirusScan (disabled)
FW: (disabled)

======System event log======

Computer Name: PINKERTON
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 12430
Source Name: W32Time
Time Written: 20090807084713.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 12393
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 7000
Message: The Google Update Service (gupdate1c95da8d3cabb5c) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 12392
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c95da8d3cabb5c) service to connect.

Record Number: 12391
Source Name: Service Control Manager
Time Written: 20090806190805.000000-300
Event Type: error
User:

Computer Name: PINKERTON
Event Code: 115
Message: The service could not bind instance 1. The data is the error code.

For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.

Record Number: 12389
Source Name: W3SVC
Time Written: 20090806190759.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11837
Source Name: PerfDisk
Time Written: 20090524145637.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11836
Source Name: PerfDisk
Time Written: 20090524145637.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11835
Source Name: PerfDisk
Time Written: 20090524145636.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11834
Source Name: PerfDisk
Time Written: 20090524145636.000000-300
Event Type: warning
User:

Computer Name: PINKERTON
Event Code: 2001
Message: Unable to read the disk performance information from the system.
Disk performance counters must be enabled for at least one
physical disk or logical volume in order for these counters to appear.
Disk performance counters can be enabled by using the Hardware Device Manager property pages.
Status code returned is data DWORD 0.

Record Number: 11833
Source Name: PerfDisk
Time Written: 20090524145635.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   43.29KB   6 downloads
  • Attached File  log.txt   80.85KB   5 downloads


#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 13 August 2009 - 07:29 PM

Hi Neco,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your Avira AntiVir Antivirus[, Windows Defender/b] and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Avira Antivirus:  
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

[b]A caution -
ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 13 August 2009 - 08:31 PM

ComboFix 09-08-10.06 - Owner 08/13/2009 20:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1400 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-891C2B43EF\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
ADS - WINDOWS: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common
c:\program files\desktop media
c:\program files\desktop media\junction.exe
c:\program files\desktop media\mediadetect.exe
c:\program files\desktop media\unins000.dat
c:\program files\desktop media\unins000.exe
c:\recycler\S-1-5-21-2827671312-4078182590-204639607-500
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\285f144.msp
c:\windows\Installer\28a06.msi
c:\windows\Installer\4829dc1.msi
c:\windows\Installer\4e3c6.msp
c:\windows\Installer\4e3d9.msp
c:\windows\Installer\4e3f0.msp
c:\windows\Installer\4e402.msp
c:\windows\Installer\6dde8ef.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe
c:\windows\system32\Cache
c:\windows\system32\Drivers\bdzuoni.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-13 23:39 . 2009-08-13 23:39 -------- d-----w- C:\rsit
2009-08-13 01:41 . 2009-08-13 01:41 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol
2009-08-13 01:41 . 2006-06-17 09:41 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol\Config.sys
2009-08-13 01:41 . 2006-06-17 09:41 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol\Autoexec.bat
2009-08-13 01:41 . 2009-08-13 01:41 -------- d-----w- c:\program files\BillP Studios
2009-08-12 07:33 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 07:30 . 2009-08-12 07:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-08-10 18:13 . 2009-08-14 01:14 117760 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com
2009-08-10 07:32 . 2009-08-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 07:32 . 2009-08-10 07:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 07:17 . 2009-08-10 07:17 1152 ----a-w- c:\windows\system32\windrv.sys
2009-08-10 06:22 . 2009-08-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-10 02:40 . 2009-08-10 02:40 -------- d-----w- c:\program files\Windows Defender
2009-08-09 22:20 . 2009-08-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\12436714
2009-08-09 02:35 . 2009-08-09 02:35 -------- d-----w- C:\Mp3 Output
2009-08-09 02:35 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2009-08-09 02:35 . 2009-08-09 02:35 -------- d-----w- c:\program files\Smallvideosoft
2009-08-07 23:03 . 2009-08-07 23:04 -------- d-----w- C:\f447dd62f3f81609cc552e7384
2009-08-07 23:03 . 2009-08-08 04:06 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 00:51 . 2009-08-01 00:51 -------- d--h--w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esTools
2009-08-01 00:51 . 2009-08-01 00:51 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2009-08-01 00:51 . 2009-08-01 01:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\esClient
2009-08-01 00:51 . 2009-08-01 00:51 -------- d-----w- c:\program files\echospin
2009-07-31 20:44 . 2009-07-31 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-31 20:44 . 2009-07-31 20:44 152576 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-31 04:56 . 2009-07-31 04:56 -------- d-----w- c:\windows\C6996F17923349EB8084E73E5272DAF4.TMP
2009-07-31 04:51 . 2009-07-31 04:51 -------- d-----w- c:\program files\Timeline Interactive
2009-07-30 05:26 . 2009-07-30 05:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-30 05:26 . 2009-08-09 02:43 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\skypePM
2009-07-30 05:24 . 2009-08-09 03:14 -------- d-----r- c:\program files\Skype
2009-07-30 05:24 . 2009-08-09 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-29 20:18 . 2009-07-29 20:18 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WebApps
2009-07-29 20:16 . 2009-07-17 05:22 44018 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-07-29 20:16 . 2009-07-17 05:22 16896 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-07-29 20:16 . 2009-07-10 03:29 307200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-07-29 20:16 . 2009-07-10 03:29 307200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-07-29 00:02 . 2009-07-29 00:02 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Blizzard Entertainment
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-21 08:39 . 2009-07-21 08:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-21 08:39 . 2009-07-21 08:39 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-21 08:28 . 2009-07-21 08:28 -------- d-----w- c:\windows\system32\windows media
2009-07-21 08:28 . 2009-07-21 08:28 -------- d-----w- c:\program files\Windows Media Components
2009-07-21 01:09 . 2009-07-21 01:09 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries
2009-07-21 01:09 . 2008-04-15 14:05 11136 ----a-w- c:\windows\system32\drivers\Mo3Fltr.sys
2009-07-21 01:09 . 2009-07-21 01:09 -------- d-----w- c:\program files\SteelSeries
2009-07-21 00:29 . 2009-07-21 00:29 -------- d-----w- c:\program files\iTouchMidi
2009-07-20 21:02 . 2003-03-31 12:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2009-07-20 21:02 . 2003-03-31 12:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2009-07-19 03:23 . 2009-07-19 03:23 347200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-07-19 03:23 . 2009-07-19 03:28 453696 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-07-19 03:23 . 2009-07-19 03:23 179264 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-07-19 03:23 . 2009-07-19 03:23 874660 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-07-19 03:23 . 2009-07-19 03:23 57344 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-07-19 03:23 . 2009-07-19 03:23 2653248 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-07-19 03:09 . 2009-07-19 03:09 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software
2009-07-19 03:09 . 2009-07-19 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-07-18 05:11 . 2009-07-18 05:11 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Yahoo!
2009-07-18 05:11 . 2009-07-18 05:11 -------- d-----w- c:\program files\CCleaner
2009-07-18 03:58 . 2009-07-18 03:58 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Funcom
2009-07-18 03:39 . 2009-07-18 03:39 -------- d-----w- c:\windows\F579118563414E21A47F41B57AC749B5.TMP
2009-07-18 03:39 . 2009-07-18 03:39 -------- d-----w- c:\program files\Netdevil
2009-07-18 02:16 . 2009-07-18 02:16 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 02:16 . 2009-07-18 02:16 -------- d-----w- c:\windows\system32\AGEIA
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Realtime Soft
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\UltraMon
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\Common Files\Realtime Soft
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 04:06 . 2009-07-17 04:06 -------- d-----w- c:\program files\Emote
2009-07-16 07:32 . 2009-07-16 07:32 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\VoipBuster
2009-07-16 07:31 . 2009-07-16 07:31 -------- d-----w- c:\program files\VoipBuster.com
2009-07-16 07:00 . 2009-07-16 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-16 06:57 . 2009-07-16 07:00 -------- d-----w- c:\windows\nview
2009-07-16 06:57 . 2009-06-10 11:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-16 06:52 . 2009-06-21 13:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-16 06:43 . 2009-07-18 02:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-16 05:41 . 2009-03-09 20:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-16 05:41 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-16 05:41 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-16 05:41 . 2009-03-16 19:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-16 05:41 . 2009-03-16 19:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-16 05:41 . 2009-03-16 19:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-16 05:41 . 2009-03-16 19:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-15 22:28 . 2009-07-15 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 22:27 . 2009-07-15 22:27 -------- d-----w- c:\program files\QuickTime
2009-07-15 22:26 . 2009-07-09 17:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-15 22:26 . 2009-07-09 17:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-15 22:09 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-15 21:43 . 2009-08-07 00:48 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Temp
2009-07-15 21:26 . 2009-07-15 21:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-15 21:23 . 2009-07-18 02:14 -------- d-----w- c:\program files\WeFi
2009-07-15 21:19 . 2009-07-15 21:19 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 06:14 . 2008-12-24 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-13 02:39 . 2008-11-13 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-11 22:12 . 2008-11-18 22:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 18:12 . 2008-11-16 18:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 07:17 . 2009-01-18 20:20 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\GetRightToGo
2009-08-10 06:59 . 2009-02-19 02:19 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Xfire
2009-08-10 06:27 . 2008-11-13 01:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-10 04:45 . 2009-02-19 02:19 -------- d-----w- c:\program files\Xfire
2009-08-10 04:44 . 2008-11-26 23:14 -------- d-----w- c:\program files\Steam
2009-08-10 03:04 . 2006-06-19 04:25 38408 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 02:59 . 2009-01-28 18:56 -------- d-----w- c:\program files\Saga
2009-08-10 02:58 . 2009-01-29 01:04 -------- d-----w- c:\program files\Savage 2 - A Tortured Soul
2009-08-10 02:50 . 2008-11-28 16:07 -------- d-----w- c:\program files\Microsoft Games
2009-08-10 02:48 . 2009-03-17 19:12 -------- d-----w- c:\program files\DefenseGridDemo
2009-08-10 02:47 . 2009-01-16 00:08 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-08-10 02:47 . 2008-11-24 18:33 -------- d-----w- c:\program files\EA GAMES
2009-08-10 02:46 . 2009-05-16 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-08-09 07:30 . 2009-08-09 07:30 188 ----a-w- c:\program files\jxwagfh.txt
2009-08-09 05:57 . 2009-01-08 22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 05:29 . 2009-01-15 23:53 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-07 17:48 . 2008-11-15 03:50 -------- d-----w- c:\program files\World of Warcraft
2009-08-05 09:01 . 2008-10-17 22:09 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-01-08 22:54 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-01-08 22:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 20:52 . 2008-11-30 02:10 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-01 20:44 . 2008-12-12 00:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 20:07 . 2008-12-26 01:34 -------- d-----w- c:\program files\City of Heroes
2009-08-01 01:51 . 2009-08-01 01:51 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esP5A1.tmp
2009-08-01 00:51 . 2009-08-01 00:51 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esP587.tmp
2009-07-31 20:45 . 2008-11-13 01:16 -------- d-----w- c:\program files\Java
2009-07-29 20:19 . 2009-07-06 22:11 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Prism
2009-07-28 07:08 . 2008-12-16 23:44 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\gtk-2.0
2009-07-23 06:22 . 2008-11-30 02:10 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-20 03:04 . 2009-07-09 03:24 -------- d-----w- c:\program files\SpeedFan
2009-07-19 03:09 . 2008-12-29 21:55 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-18 05:11 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-17 19:01 . 2008-10-17 00:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 04:45 . 2009-07-17 04:45 9716 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\TheHunterSettings.bin
2009-07-16 23:07 . 2008-11-13 01:20 -------- d-----w- c:\program files\Microsoft Works
2009-07-15 22:51 . 2008-11-16 23:34 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Apple Computer
2009-07-15 22:50 . 2008-11-16 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-15 22:29 . 2008-11-16 23:32 -------- d-----w- c:\program files\iTunes
2009-07-15 22:28 . 2008-11-16 23:32 -------- d-----w- c:\program files\iPod
2009-07-15 22:28 . 2008-11-16 23:31 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 21:25 . 2009-06-02 16:21 -------- d-----w- c:\program files\QMixer
2009-07-15 21:25 . 2009-06-02 23:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-07-15 21:24 . 2009-05-08 23:11 -------- d-----w- c:\program files\Chex Quest Complete
2009-07-15 21:23 . 2009-07-02 03:16 -------- d-----w- c:\program files\UrbanTerror
2009-07-15 21:23 . 2009-07-01 20:04 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\OpenArena
2009-07-15 21:22 . 2009-07-03 17:37 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(2)
2009-07-15 21:22 . 2008-11-26 01:43 -------- d-----w- c:\program files\PLAYXPERT
2009-07-15 21:22 . 2009-07-05 17:33 -------- d-----w- c:\program files\Call of Duty
2009-07-15 21:22 . 2009-01-04 04:19 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-15 21:22 . 2008-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-07-15 21:18 . 2009-07-09 22:37 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(3)
2009-07-15 21:18 . 2009-07-09 22:37 -------- d-----w- c:\program files\SteelSeries(2)
2009-07-14 04:43 . 2008-10-17 22:11 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:22 . 2009-07-13 19:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 18:01 . 2009-07-13 18:01 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-07-09 04:52 . 2008-11-13 01:07 106496 ----a-w- c:\windows\DUMP736a.tmp
2009-07-09 03:09 . 2009-05-12 21:39 -------- d-----w- c:\program files\Yahoo!
2009-07-06 22:00 . 2008-12-18 21:36 -------- d-----w- c:\program files\Electronic Arts
2009-07-06 19:01 . 2009-07-06 19:01 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-07-05 18:30 . 2009-05-10 02:22 -------- d-----w- c:\program files\Algodoo Phun Edition_OLD
2009-07-02 22:47 . 2009-07-02 22:47 -------- d-----w- c:\program files\id Software
2009-07-02 16:57 . 2008-12-13 23:35 -------- d-----w- c:\program files\NCH Software
2009-07-01 20:32 . 2009-05-31 22:33 -------- d-----w- c:\program files\Scorched3D
2009-07-01 17:24 . 2008-11-16 18:27 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Ventrilo
2009-06-30 12:17 . 2008-12-13 16:41 482 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\wklnhst.dat
2009-06-29 17:10 . 2009-06-29 17:10 -------- d-----w- c:\program files\VUGames
2009-06-29 16:12 . 2006-06-17 09:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-10-17 22:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-10-17 00:25 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 01:47 . 2009-06-28 01:47 -------- d-----w- c:\program files\Sun(2)
2009-06-27 23:11 . 2008-12-24 21:21 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SPORE
2009-06-25 08:25 . 2008-10-17 22:10 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-10-17 22:10 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-10-17 22:10 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-10-17 22:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-06-17 09:23 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-06-17 09:23 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-10-17 22:07 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2008-10-17 22:10 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-06-17 09:23 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2008-10-17 22:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-10-17 00:24 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:28 . 2009-06-10 13:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 11:03 . 2009-06-10 11:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 06:14 . 2008-10-17 22:10 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-06-17 09:23 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 02:26 . 2009-05-31 06:02 99 ----a-w- c:\windows\system32\qwavecache.dat
2009-05-31 00:56 . 2009-05-31 00:56 152576 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 01:16 . 2009-03-08 23:31 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-14 21:28 . 2009-05-14 21:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-30 1935360]
"Google Update"="c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe" [2009-05-22 40960]
"1A:KkTrayServer"="c:\program files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe" [2006-03-28 108544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-14 30192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SteelSeries World of Warcraft MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2009-05-13 414720]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-891C2B43EF^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Owner.YOUR-891C2B43EF\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1226539143\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\PLAYXPERT\\CoreImpl.exe"=
"c:\\Program Files\\PLAYXPERT\\PXP.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Puzzlegeddon Demo\\Puzzlegeddon.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\patchget.dat"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\darwinia demo\\darwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Xfire\\dppm_source.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\the ship dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\the ship\\ship.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\teeworlds\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner.YOUR-891C2B43EF\\My Documents\\Desktop Stuff\\Downloads\\Motrix_Universal_Server.winxp.1.03\\Motrix Universal Server.exe"=
"c:\\Program Files\\iTouchMidi\\iTouchMidi WIN.exe"=
"c:\\Program Files\\Timeline Interactive\\Cellfactor Revolution\\System\\Reality.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [7/31/2009 7:51 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [3/10/2009 12:09 AM 93960]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem;c:\windows\system32\drivers\KuirKbdFltr.sys [11/25/2008 3:19 PM 26016]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem;c:\windows\system32\drivers\KuirMouFltr.sys [11/25/2008 3:19 PM 23200]
R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [7/20/2009 8:09 PM 11136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S0 ujhvhzv;ujhvhzv;c:\windows\system32\drivers\cibsqspe.sys --> c:\windows\system32\drivers\cibsqspe.sys [?]
S2 gupdate1c95da8d3cabb5c;Google Update Service (gupdate1c95da8d3cabb5c);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2008 12:00 AM 133104]
S2 vvfhjnjd;vvfhjnjd;c:\windows\system32\drivers\fjur.sys --> c:\windows\system32\drivers\fjur.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/12/2008 8:10 PM 30192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [12/13/2008 6:29 PM 31872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 12:49]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:00]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007Core.job
- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 05:07]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007UA.job
- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 05:07]

2008-11-13 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-10-17 00:12]

2009-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
SafeBoot-volmgr.sys
SafeBoot-volmgrx.sys
SafeBoot-AppInfo
SafeBoot-KeyIso
SafeBoot-NTDS
SafeBoot-ProfSvc
SafeBoot-sacsvr
SafeBoot-TabletInputService
SafeBoot-TBS
SafeBoot-TrustedInstaller


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5266E
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.11.0.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.133.31\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4916)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\RMSvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rsvp.exe
.
**************************************************************************
.
Completion time: 2009-08-14 20:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 01:22

Pre-Run: 89,172,955,136 bytes free
Post-Run: 89,193,799,680 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

519 --- E O F --- 2009-08-12 23:04

Attached Files



#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:12 AM

Posted 14 August 2009 - 01:17 PM

Hi Neco,

Did you have McAfee installed on this computer?


You need to disable your Avira AntiVir Antivirus, Windows Defender and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Avira Antivirus:  
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.


To disable Windows Defender:
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\windrv.sys
c:\windows\system32\drivers\cibsqspe.sys
c:\windows\system32\drivers\fjur.sys
c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys
Driver:: 
ujhvhzv
vvfhjnjd
cpuz130


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Edited by SifuMike, 14 August 2009 - 01:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Neco

Neco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 14 August 2009 - 04:09 PM

No the first thing I do on a computer is uninstall McAfee and install Avira.

ComboFix 09-08-10.06 - Owner 08/14/2009 15:51.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1329 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-891C2B43EF\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-891C2B43EF\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\cpuz130\cpuz_x32.sys"
"c:\windows\system32\drivers\cibsqspe.sys"
"c:\windows\system32\drivers\fjur.sys"
"c:\windows\system32\windrv.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\windrv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130
-------\Service_ujhvhzv
-------\Service_vvfhjnjd


((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 05:46 . 2009-07-14 01:52 380928 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-08-13 23:39 . 2009-08-13 23:39 -------- d-----w- C:\rsit
2009-08-13 01:41 . 2009-08-13 01:41 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol
2009-08-13 01:41 . 2006-06-17 09:41 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol\Config.sys
2009-08-13 01:41 . 2006-06-17 09:41 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WinPatrol\Autoexec.bat
2009-08-13 01:41 . 2009-08-13 01:41 -------- d-----w- c:\program files\BillP Studios
2009-08-12 07:33 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 07:30 . 2009-08-12 07:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-08-10 18:13 . 2009-08-14 20:58 117760 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 18:12 . 2009-08-10 18:12 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SUPERAntiSpyware.com
2009-08-10 07:32 . 2009-08-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-10 07:32 . 2009-08-10 07:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 06:22 . 2009-08-10 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-10 02:40 . 2009-08-10 02:40 -------- d-----w- c:\program files\Windows Defender
2009-08-09 22:20 . 2009-08-09 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\12436714
2009-08-09 02:35 . 2009-08-09 02:35 -------- d-----w- C:\Mp3 Output
2009-08-09 02:35 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll
2009-08-09 02:35 . 2009-08-09 02:35 -------- d-----w- c:\program files\Smallvideosoft
2009-08-07 23:03 . 2009-08-07 23:04 -------- d-----w- C:\f447dd62f3f81609cc552e7384
2009-08-07 23:03 . 2009-08-08 04:06 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 00:51 . 2009-08-01 00:51 -------- d--h--w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esTools
2009-08-01 00:51 . 2009-08-01 00:51 15172 ----a-w- c:\windows\system32\drivers\PzWDM.sys
2009-08-01 00:51 . 2009-08-01 01:55 -------- d--h--w- c:\documents and settings\All Users\Application Data\esClient
2009-08-01 00:51 . 2009-08-01 00:51 -------- d-----w- c:\program files\echospin
2009-07-31 20:44 . 2009-07-31 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-31 20:44 . 2009-07-31 20:44 152576 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-31 04:56 . 2009-07-31 04:56 -------- d-----w- c:\windows\C6996F17923349EB8084E73E5272DAF4.TMP
2009-07-31 04:51 . 2009-07-31 04:51 -------- d-----w- c:\program files\Timeline Interactive
2009-07-30 05:26 . 2009-07-30 05:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-30 05:26 . 2009-08-09 02:43 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\skypePM
2009-07-30 05:24 . 2009-08-09 03:14 -------- d-----r- c:\program files\Skype
2009-07-30 05:24 . 2009-08-09 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-29 20:18 . 2009-07-29 20:18 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\WebApps
2009-07-29 20:16 . 2009-07-17 05:22 44018 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\regprot.exe
2009-07-29 20:16 . 2009-07-17 05:22 16896 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\UAC.dll
2009-07-29 20:16 . 2009-07-10 03:29 307200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\prism\components\prism.dll
2009-07-29 20:16 . 2009-07-10 03:29 307200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\components\prism.dll
2009-07-29 00:02 . 2009-07-29 00:02 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Blizzard Entertainment
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-21 08:39 . 2009-07-21 08:39 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-07-21 08:39 . 2009-07-21 08:39 -------- d-----w- c:\program files\DVDVideoSoft
2009-07-21 08:28 . 2009-07-21 08:28 -------- d-----w- c:\windows\system32\windows media
2009-07-21 08:28 . 2009-07-21 08:28 -------- d-----w- c:\program files\Windows Media Components
2009-07-21 01:09 . 2009-07-21 01:09 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries
2009-07-21 01:09 . 2008-04-15 14:05 11136 ----a-w- c:\windows\system32\drivers\Mo3Fltr.sys
2009-07-21 01:09 . 2009-07-21 01:09 -------- d-----w- c:\program files\SteelSeries
2009-07-21 00:29 . 2009-07-21 00:29 -------- d-----w- c:\program files\iTouchMidi
2009-07-20 21:02 . 2003-03-31 12:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2009-07-20 21:02 . 2003-03-31 12:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2009-07-19 03:23 . 2009-07-19 03:23 347200 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-07-19 03:23 . 2009-07-19 03:28 453696 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-07-19 03:23 . 2009-07-19 03:23 179264 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-07-19 03:23 . 2009-07-19 03:23 874660 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-07-19 03:23 . 2009-07-19 03:23 57344 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-07-19 03:23 . 2009-07-19 03:23 2653248 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-07-19 03:09 . 2009-07-19 03:09 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\id Software
2009-07-19 03:09 . 2009-07-19 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-07-18 05:11 . 2009-07-18 05:11 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Yahoo!
2009-07-18 05:11 . 2009-07-18 05:11 -------- d-----w- c:\program files\CCleaner
2009-07-18 03:58 . 2009-07-18 03:58 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Funcom
2009-07-18 03:39 . 2009-07-18 03:39 -------- d-----w- c:\windows\F579118563414E21A47F41B57AC749B5.TMP
2009-07-18 03:39 . 2009-07-18 03:39 -------- d-----w- c:\program files\Netdevil
2009-07-18 02:16 . 2009-07-18 02:16 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-18 02:16 . 2009-07-18 02:16 -------- d-----w- c:\windows\system32\AGEIA
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Realtime Soft
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\UltraMon
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\program files\Common Files\Realtime Soft
2009-07-17 19:24 . 2009-07-17 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-07-17 04:06 . 2009-07-17 04:06 -------- d-----w- c:\program files\Emote
2009-07-16 07:32 . 2009-07-16 07:32 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\VoipBuster
2009-07-16 07:31 . 2009-07-16 07:31 -------- d-----w- c:\program files\VoipBuster.com
2009-07-16 07:00 . 2009-07-16 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-16 06:57 . 2009-07-16 07:00 -------- d-----w- c:\windows\nview
2009-07-16 06:57 . 2009-06-10 11:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-16 06:52 . 2009-06-21 13:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-16 06:43 . 2009-07-18 02:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-16 05:41 . 2009-03-09 20:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-16 05:41 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-16 05:41 . 2009-03-09 20:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-16 05:41 . 2009-03-16 19:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-16 05:41 . 2009-03-16 19:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-16 05:41 . 2009-03-16 19:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-16 05:41 . 2009-03-16 19:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-15 22:28 . 2009-07-15 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 22:27 . 2009-07-15 22:27 -------- d-----w- c:\program files\QuickTime
2009-07-15 22:26 . 2009-07-09 17:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-15 22:26 . 2009-07-09 17:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-15 22:09 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-07-15 21:43 . 2009-08-07 00:48 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Temp
2009-07-15 21:26 . 2009-07-15 21:26 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-15 21:23 . 2009-07-18 02:14 -------- d-----w- c:\program files\WeFi
2009-07-15 21:19 . 2009-07-15 21:19 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\PLAYXPERT In-Game Platform

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 07:15 . 2008-12-24 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-13 02:39 . 2008-11-13 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-11 22:12 . 2008-11-18 22:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 18:12 . 2008-11-16 18:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-10 07:17 . 2009-01-18 20:20 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\GetRightToGo
2009-08-10 06:59 . 2009-02-19 02:19 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Xfire
2009-08-10 06:27 . 2008-11-13 01:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-10 04:45 . 2009-02-19 02:19 -------- d-----w- c:\program files\Xfire
2009-08-10 04:44 . 2008-11-26 23:14 -------- d-----w- c:\program files\Steam
2009-08-10 03:04 . 2006-06-19 04:25 38408 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 02:59 . 2009-01-28 18:56 -------- d-----w- c:\program files\Saga
2009-08-10 02:58 . 2009-01-29 01:04 -------- d-----w- c:\program files\Savage 2 - A Tortured Soul
2009-08-10 02:50 . 2008-11-28 16:07 -------- d-----w- c:\program files\Microsoft Games
2009-08-10 02:48 . 2009-03-17 19:12 -------- d-----w- c:\program files\DefenseGridDemo
2009-08-10 02:47 . 2009-01-16 00:08 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-08-10 02:47 . 2008-11-24 18:33 -------- d-----w- c:\program files\EA GAMES
2009-08-10 02:46 . 2009-05-16 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-08-09 07:30 . 2009-08-09 07:30 188 ----a-w- c:\program files\jxwagfh.txt
2009-08-09 05:57 . 2009-01-08 22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-09 05:29 . 2009-01-15 23:53 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-07 17:48 . 2008-11-15 03:50 -------- d-----w- c:\program files\World of Warcraft
2009-08-05 09:01 . 2008-10-17 22:09 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-01-08 22:54 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-01-08 22:54 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 20:52 . 2008-11-30 02:10 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-01 20:44 . 2008-12-12 00:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 20:07 . 2008-12-26 01:34 -------- d-----w- c:\program files\City of Heroes
2009-08-01 01:51 . 2009-08-01 01:51 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esP5A1.tmp
2009-08-01 00:51 . 2009-08-01 00:51 0 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\esP587.tmp
2009-07-31 20:45 . 2008-11-13 01:16 -------- d-----w- c:\program files\Java
2009-07-29 20:19 . 2009-07-06 22:11 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Prism
2009-07-28 07:08 . 2008-12-16 23:44 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\gtk-2.0
2009-07-23 06:22 . 2008-11-30 02:10 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-20 03:04 . 2009-07-09 03:24 -------- d-----w- c:\program files\SpeedFan
2009-07-19 03:09 . 2008-12-29 21:55 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-18 05:11 . 2009-07-09 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-17 19:01 . 2008-10-17 00:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 04:45 . 2009-07-17 04:45 9716 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\TheHunterSettings.bin
2009-07-16 23:07 . 2008-11-13 01:20 -------- d-----w- c:\program files\Microsoft Works
2009-07-15 22:51 . 2008-11-16 23:34 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Apple Computer
2009-07-15 22:50 . 2008-11-16 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-15 22:29 . 2008-11-16 23:32 -------- d-----w- c:\program files\iTunes
2009-07-15 22:28 . 2008-11-16 23:32 -------- d-----w- c:\program files\iPod
2009-07-15 22:28 . 2008-11-16 23:31 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 21:25 . 2009-06-02 16:21 -------- d-----w- c:\program files\QMixer
2009-07-15 21:25 . 2009-06-02 23:41 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-07-15 21:24 . 2009-05-08 23:11 -------- d-----w- c:\program files\Chex Quest Complete
2009-07-15 21:23 . 2009-07-02 03:16 -------- d-----w- c:\program files\UrbanTerror
2009-07-15 21:23 . 2009-07-01 20:04 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\OpenArena
2009-07-15 21:22 . 2009-07-03 17:37 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(2)
2009-07-15 21:22 . 2008-11-26 01:43 -------- d-----w- c:\program files\PLAYXPERT
2009-07-15 21:22 . 2009-07-05 17:33 -------- d-----w- c:\program files\Call of Duty
2009-07-15 21:22 . 2009-01-04 04:19 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-15 21:22 . 2008-11-13 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-07-15 21:18 . 2009-07-09 22:37 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SteelSeries(3)
2009-07-15 21:18 . 2009-07-09 22:37 -------- d-----w- c:\program files\SteelSeries(2)
2009-07-14 04:43 . 2008-10-17 22:11 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 19:22 . 2009-07-13 19:22 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 18:01 . 2009-07-13 18:01 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-07-09 04:52 . 2008-11-13 01:07 106496 ----a-w- c:\windows\DUMP736a.tmp
2009-07-09 03:09 . 2009-05-12 21:39 -------- d-----w- c:\program files\Yahoo!
2009-07-06 22:00 . 2008-12-18 21:36 -------- d-----w- c:\program files\Electronic Arts
2009-07-06 19:01 . 2009-07-06 19:01 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-07-05 18:30 . 2009-05-10 02:22 -------- d-----w- c:\program files\Algodoo Phun Edition_OLD
2009-07-02 22:47 . 2009-07-02 22:47 -------- d-----w- c:\program files\id Software
2009-07-02 16:57 . 2008-12-13 23:35 -------- d-----w- c:\program files\NCH Software
2009-07-01 20:32 . 2009-05-31 22:33 -------- d-----w- c:\program files\Scorched3D
2009-07-01 17:24 . 2008-11-16 18:27 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Ventrilo
2009-06-30 12:17 . 2008-12-13 16:41 482 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\wklnhst.dat
2009-06-29 17:10 . 2009-06-29 17:10 -------- d-----w- c:\program files\VUGames
2009-06-29 16:12 . 2006-06-17 09:23 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-10-17 22:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-10-17 00:25 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-28 01:47 . 2009-06-28 01:47 -------- d-----w- c:\program files\Sun(2)
2009-06-27 23:11 . 2008-12-24 21:21 -------- d-----w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\SPORE
2009-06-25 08:25 . 2008-10-17 22:10 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2008-10-17 22:10 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2008-10-17 22:10 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2008-10-17 22:09 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2006-06-17 09:23 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-06-17 09:23 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2008-10-17 22:07 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-06-17 09:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2008-10-17 22:10 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-06-17 09:23 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2008-10-17 22:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-10-17 00:24 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:28 . 2009-06-10 13:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 11:03 . 2009-06-10 11:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 06:14 . 2008-10-17 22:10 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-06-17 09:23 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 02:26 . 2009-05-31 06:02 99 ----a-w- c:\windows\system32\qwavecache.dat
2009-05-31 00:56 . 2009-05-31 00:56 152576 ----a-w- c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 01:16 . 2009-03-08 23:31 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-14 21:28 . 2009-05-14 21:28 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_01.13.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 20:57 . 2009-08-14 20:57 16384 c:\windows\Temp\Perflib_Perfdata_d64.dat
+ 2009-08-14 20:57 . 2009-08-14 20:57 16384 c:\windows\Temp\Perflib_Perfdata_c98.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 8192 c:\windows\ERDNT\subs\Users\00000008\UsrClass.dat
+ 2009-08-14 20:54 . 2009-08-14 20:54 8192 c:\windows\ERDNT\subs\Users\00000008\UsrClass.dat
+ 2009-08-14 20:54 . 2009-08-14 20:54 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-14 20:54 . 2009-08-14 20:54 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-06-01 05:54 . 2009-08-14 20:58 212203 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-08-14 20:54 . 2009-08-14 20:54 348160 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 348160 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-14 20:54 . 2009-08-14 20:54 241664 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 245760 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-14 20:54 . 2009-08-14 20:54 245760 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-14 20:54 . 2009-08-14 20:54 3833856 c:\windows\ERDNT\subs\Users\00000007\ntuser.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 3833856 c:\windows\ERDNT\subs\Users\00000007\ntuser.dat
- 2009-08-14 01:06 . 2009-08-14 01:06 11784192 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
+ 2009-08-14 20:54 . 2009-08-14 20:54 11784192 c:\windows\ERDNT\subs\Users\00000005\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-30 1935360]
"Google Update"="c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\preload.exe" [2009-05-22 40960]
"1A:KkTrayServer"="c:\program files\Stardock\ObjectDock\Docklets\KkMenu\KkTrayServer.exe" [2006-03-28 108544]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-14 30192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"SteelSeries World of Warcraft MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2009-05-13 414720]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=c:\windows\pss\Extender Resource Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-891C2B43EF^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Owner.YOUR-891C2B43EF\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1226539143\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\PLAYXPERT\\CoreImpl.exe"=
"c:\\Program Files\\PLAYXPERT\\PXP.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Puzzlegeddon Demo\\Puzzlegeddon.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\patchget.dat"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\darwinia demo\\darwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\NCH Swift Sound\\Talk\\talk.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Microsoft Games for Windows - LIVE\\Client\\GFWLive.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Xfire\\dppm_source.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\IBM\\Lotus\\Symphony\\framework\\rcp\\eclipse\\plugins\\com.ibm.rcp.base_6.2.0.200810171336\\win32\\x86\\symphony.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\the ship dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\31th296\\the ship\\ship.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\teeworlds\\teeworlds-0.5.1-win32\\teeworlds_srv.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Owner.YOUR-891C2B43EF\\My Documents\\Desktop Stuff\\Downloads\\Motrix_Universal_Server.winxp.1.03\\Motrix Universal Server.exe"=
"c:\\Program Files\\iTouchMidi\\iTouchMidi WIN.exe"=
"c:\\Program Files\\Timeline Interactive\\Cellfactor Revolution\\System\\Reality.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [7/31/2009 7:51 PM 15172]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [3/10/2009 12:09 AM 93960]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 KuirKbdFltr;KuirKbdFltr overlay support subsystem;c:\windows\system32\drivers\KuirKbdFltr.sys [11/25/2008 3:19 PM 26016]
R3 KuirMouFltr;KuirMouFltr overlay support subsystem;c:\windows\system32\drivers\KuirMouFltr.sys [11/25/2008 3:19 PM 23200]
R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys [7/20/2009 8:09 PM 11136]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S2 gupdate1c95da8d3cabb5c;Google Update Service (gupdate1c95da8d3cabb5c);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2008 12:00 AM 133104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/12/2008 8:10 PM 30192]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [12/13/2008 6:29 PM 31872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder

2009-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 12:49]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:00]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007Core.job
- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 05:07]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384560093-2838475079-2198988769-1007UA.job
- c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 05:07]

2008-11-13 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-10-17 00:12]

2009-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5266E
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.11.0.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\capturefoxmovie@advancity.net\components\test.dll
FF - component: c:\documents and settings\Owner.YOUR-891C2B43EF\Application Data\Mozilla\Firefox\Profiles\x2hs7ho7.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Owner.YOUR-891C2B43EF\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\echospin\npesProxy.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.133.31\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 15:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5400)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090217-1625\soffice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMTray.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\RMSvc.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\McrdSvc.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rsvp.exe
.
**************************************************************************
.
Completion time: 2009-08-14 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-14 21:06
ComboFix2.txt 2009-08-14 01:22

Pre-Run: 89,163,612,160 bytes free
Post-Run: 89,100,419,072 bytes free

511 --- E O F --- 2009-08-14 07:24

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users