Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus System Pro


  • This topic is locked This topic is locked
41 replies to this topic

#1 cmcwong

cmcwong

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 11 August 2009 - 11:53 PM

Hi-

I was receiving help from "Boopme" on this thread. After some troubleshooting I was advised to post on this message board the logs from OTL.

Here is the content from the file OTL.txt:

OTL logfile created on: 8/11/2009 9:30:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 110.59 Mb Available Physical Memory | 22.01% Memory free
1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.06% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.89 Gb Total Space | 6.15 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 0.65 Gb Free Space | 32.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OGNIB3309LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2003/12/16 17:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe
PRC - [2007/11/19 16:21:10 | 00,205,381 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\ngvpnmgr.exe
PRC - [2005/04/08 06:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/04/08 06:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2003/12/16 17:47:42 | 00,376,832 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\ZCfgSvc.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/04/12 10:29:30 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
PRC - [2005/04/17 03:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/10/05 20:48:40 | 00,577,644 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2009/01/04 02:52:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/02/15 10:56:40 | 00,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
PRC - [2006/02/07 15:10:14 | 00,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2003/12/16 17:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe
PRC - [2005/04/17 03:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/09/23 01:06:58 | 00,088,363 | R--- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2003/07/16 06:19:34 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2003/11/13 16:26:48 | 00,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/08/21 10:29:44 | 00,242,688 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2003/08/21 10:37:24 | 00,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2003/12/10 18:08:50 | 00,167,936 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
PRC - [2003/06/30 21:00:24 | 00,065,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2009/01/04 02:52:50 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/12/14 02:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2004/04/04 16:20:27 | 00,294,400 | ---- | M] (KsL Software) -- C:\Program Files\RFA\rfagent.exe
PRC - [2005/04/08 06:52:30 | 00,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/04/01 23:37:10 | 00,040,960 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2005/04/17 03:30:48 | 00,085,184 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/03/27 15:04:00 | 00,712,704 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
PRC - [2003/02/25 19:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2005/10/17 16:24:32 | 00,081,920 | ---- | M] (Maxtor Corp.) -- C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
PRC - [2008/11/20 14:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/03/04 23:31:46 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009/07/10 11:58:30 | 00,378,951 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe
PRC - [2009/08/09 23:08:43 | 00,278,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wodgen\lloosysguard.exe
PRC - [2009/08/05 16:06:26 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2005/04/17 03:30:32 | 00,018,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2006/04/12 10:37:48 | 00,643,133 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
PRC - [2007/01/04 14:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2003/12/16 17:43:06 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\System32\1XConfig.exe
PRC - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2002/12/10 03:54:04 | 00,127,022 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\LVComS.exe
PRC - [2009/08/11 21:23:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/03/10 22:09:25 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/04/12 10:29:30 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2005/04/08 06:52:32 | 00,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2005/04/08 06:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 06:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2005/04/17 03:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2004/10/05 20:48:40 | 00,577,644 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2007/01/03 18:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/04 02:52:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/02/15 10:56:40 | 00,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt [Auto | Running])
SRV - File not found -- -- (Ndddddpsq [On_Demand | Stopped])
SRV - [2007/11/19 16:21:10 | 00,205,381 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\ngvpnmgr.exe -- (NgVpnMgr [Auto | Running])
SRV - [2006/02/07 15:10:14 | 00,106,496 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1 [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/12/16 17:41:40 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/12/16 17:42:32 | 00,311,363 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/04/17 03:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2005/04/05 02:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2005/03/30 12:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2005/04/17 03:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/01/19 04:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [1999/11/18 01:20:00 | 00,003,872 | ---- | M] (FUJITSU LIMITED.) -- C:\WINDOWS\System32\drivers\ADVNTDRV.SYS -- (ADVNTDRV [On_Demand | Stopped])
DRV - [2003/09/23 01:07:10 | 01,197,740 | R--- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2003/08/21 03:25:52 | 00,094,600 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2003/09/25 17:41:12 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/04/12 10:14:50 | 00,329,837 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
DRV - [2006/04/12 10:05:48 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Stopped])
DRV - [2006/04/12 10:09:32 | 00,854,538 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2004/02/25 18:29:50 | 00,020,608 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd [Auto | Running])
DRV - [2006/04/12 10:11:36 | 00,023,271 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2006/04/12 10:02:14 | 00,148,932 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
DRV - [2006/04/12 10:00:46 | 00,047,811 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid [On_Demand | Stopped])
DRV - [2006/04/12 10:05:32 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2006/04/12 10:04:46 | 00,065,784 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2006/10/04 19:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
DRV - [2006/10/04 19:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
DRV - [2003/10/27 05:17:20 | 00,190,465 | R--- | M] (O2 Micro ) -- C:\WINDOWS\System32\drivers\o2mmb.sys -- (CONAN [On_Demand | Running])
DRV - [2001/10/15 05:38:04 | 00,025,434 | R--- | M] (D-Link Corp. ) -- C:\WINDOWS\System32\DRIVERS\DLKRCB.SYS -- (DLKRCB [On_Demand | Stopped])
DRV - [2009/04/15 13:04:26 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2001/08/01 05:00:22 | 00,005,248 | ---- | M] (FUJITSU LIMITED) -- C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys -- (FUJ02B1 [On_Demand | Running])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2002/11/18 01:20:44 | 00,030,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gv3.sys -- (gv3 [On_Demand | Stopped])
DRV - [2003/10/07 19:11:20 | 00,093,979 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/08/25 17:46:00 | 00,005,817 | R--- | M] (O2 Micro) -- C:\WINDOWS\System32\drivers\MbxStby.sys -- (MbxStby [On_Demand | Stopped])
DRV - [2004/03/23 19:47:38 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2005/04/06 14:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) -- C:\WINDOWS\System32\DRIVERS\mxopswd.sys -- (MXOPSWD [On_Demand | Stopped])
DRV - [2009/07/15 01:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090807.007\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/15 01:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090807.007\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/11/19 16:20:24 | 00,020,632 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\DRIVERS\ngfilter.sys -- (NgFilter [On_Demand | Stopped])
DRV - [2007/11/19 16:19:00 | 00,025,240 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\DRIVERS\nglog.sys -- (NgLog [On_Demand | Running])
DRV - [2007/11/19 16:20:18 | 00,076,440 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\DRIVERS\ngvpn.sys -- (NgVpn [On_Demand | Running])
DRV - [2007/11/19 16:20:32 | 00,021,656 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\System32\DRIVERS\ngwfp.sys -- (NgWfp [On_Demand | Stopped])
DRV - [2004/04/20 22:32:26 | 00,215,424 | ---- | M] (clievideo.com) -- C:\WINDOWS\System32\DRIVERS\palmcamusb.sys -- (PALMCAMUSB [Auto | Running])
DRV - [2002/06/27 21:00:00 | 00,016,509 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2002/12/10 03:53:24 | 00,236,121 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\CamDrL21.sys -- (PhilCam8116 [On_Demand | Stopped])
DRV - [2003/03/31 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 12:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2003/09/15 11:20:18 | 00,011,258 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2005/02/04 11:14:30 | 00,324,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2005/02/04 11:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 04:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/03/30 12:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2004/01/05 19:10:22 | 00,256,688 | R--- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2009/04/23 23:51:02 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2005/04/01 11:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2005/04/05 02:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2005/04/05 02:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/01/01 10:52:34 | 01,646,720 | R--- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w22n51.sys -- (w22n51 [On_Demand | Running])
DRV - [2003/10/07 19:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/10/07 19:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])
DRV - [2003/10/07 19:11:26 | 00,033,847 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ucdavis.edu/
IE - HKU\S-1-5-21-1961663005-505800229-699386506-1003\S-1-5-21-1961663005-505800229-699386506-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.ucdavis.edu/"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:1.2.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.autoconfig_url: "http://www.lib.ucdavis.edu/proxy/pacserve"
FF - prefs.js..network.proxy.backup.ftp: "213.4.106.164"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "213.4.106.164"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "213.4.106.164"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "213.4.106.164"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "213.4.106.164"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "213.4.106.164"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "213.4.106.164"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "213.4.106.164"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "213.4.106.164"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/04 02:53:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/10 00:15:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 18:33:20 | 00,000,000 | ---D | M]

[2008/11/06 01:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2008/11/06 01:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 18:51:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dtju1lfd.default\extensions
[2009/06/04 23:26:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dtju1lfd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/02/06 23:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dtju1lfd.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/11/15 11:28:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dtju1lfd.default\extensions\{fa038e8f-d1d1-11db-9705-005056c00008}
[2009/07/10 23:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\dtju1lfd.default\extensions\wisestamp@wisestamp.com
[2009/08/11 18:51:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 18:33:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/20 23:05:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2009/01/04 02:54:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/05 18:32:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 18:32:44 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/02/07 16:41:38 | 00,049,152 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/01/04 02:52:55 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/07/26 16:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/08/05 18:32:57 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/01/12 22:19:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/12 22:19:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/12 22:19:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/12 22:19:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/12 22:19:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/12 22:19:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/12 22:19:14 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/08/09 11:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/06/24 04:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 04:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 04:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 04:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 04:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 04:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 04:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (150 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 www.intsecure-2009.com
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (BHO) - {F64619FF-E19F-4016-BF9C-147CFF821B46} - C:\WINDOWS\System32\iehelper.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [msupdate] File not found
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [rfagent] C:\Program Files\RFA\rfagent.exe (KsL Software)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [system tool] C:\Program Files\wodgen\lloosysguard.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.22.0.7\PlaxoSysTray.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [system tool] C:\Program Files\wodgen\lloosysguard.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/23 17:56:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/12/01 22:41:28 | 00,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{face5b40-e076-11dd-86ca-000b5d4aac7d}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 00,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/11 21:33:37 | 00,046,640 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2009/08/11 21:23:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 21:18:04 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/08/11 20:10:53 | 00,092,464 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/08/11 20:10:53 | 00,065,320 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/08/11 20:02:28 | 00,000,000 | ---D | C] -- C:\VIPRERESCUE
[2009/08/11 18:54:03 | 13,174,7840 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue5325.exe
[2009/08/11 07:13:29 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/08/11 07:11:25 | 00,421,211 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\sar_15_umeng.pdf
[2009/08/11 07:05:47 | 01,339,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sar_15_sfx.exe
[2009/08/10 21:37:26 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/08/10 20:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/10 20:03:40 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/10 20:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/10 20:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/08/10 20:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/10 19:59:19 | 06,881,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/08/10 19:58:59 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2009/08/09 23:43:11 | 00,219,009 | ---- | C] () -- C:\WINDOWS\syssvc.exe
[2009/08/09 23:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\wodgen
[2009/08/05 23:22:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/07/14 22:04:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/05/09 22:58:50 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\vuzonida.dll
[2009/05/09 10:58:50 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\detukimi.dll
[2009/05/07 23:26:47 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\tijawani.dll
[2009/05/06 21:36:09 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\zedomoje.dll
[2009/05/05 18:29:55 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\zudalure.dll
[2009/05/05 18:29:55 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\neniweja.dll
[2009/05/04 23:50:27 | 00,084,992 | -HS- | C] () -- C:\WINDOWS\System32\dunulaju.dll
[2009/05/04 23:50:27 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tajopava.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/19 16:22:46 | 00,107,079 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2007/07/30 21:18:25 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/05/13 03:37:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/12/19 11:22:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/26 14:01:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/04/12 10:23:54 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/07 22:01:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2005/05/30 17:28:17 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005/02/02 12:32:12 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/08/18 22:47:36 | 00,000,450 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/13 14:50:23 | 00,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/07/24 02:35:09 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/24 00:42:58 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/04/06 17:35:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/23 20:10:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/03/23 20:10:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/03/23 20:10:19 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/03/23 20:10:19 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/03/23 20:10:19 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/03/23 20:10:19 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/03/23 20:01:22 | 00,000,917 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/03/23 19:24:28 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/23 18:19:22 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/23 17:49:50 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/23 16:37:59 | 00,000,506 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/03/23 16:36:39 | 00,000,583 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/03/23 16:36:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/04/17 13:35:00 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/04/17 13:35:00 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/02/26 15:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/11 21:33:37 | 00,046,640 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\msln.exe
[2009/08/11 21:27:03 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003UA.job
[2009/08/11 21:23:56 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/08/11 21:18:04 | 00,012,032 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/08/11 21:17:49 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/11 21:17:10 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/08/11 21:16:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/11 21:15:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/11 19:01:55 | 13,174,7840 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VIPRERescue5325.exe
[2009/08/11 07:11:25 | 00,421,211 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\sar_15_umeng.pdf
[2009/08/11 07:05:48 | 01,339,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sar_15_sfx.exe
[2009/08/10 21:37:26 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/08/10 20:03:40 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/08/10 19:59:43 | 06,881,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware.exe
[2009/08/10 19:59:00 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2009/08/10 19:43:01 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\hezevave
[2009/08/09 23:43:15 | 00,219,009 | ---- | M] () -- C:\WINDOWS\syssvc.exe
[2009/08/09 22:58:51 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\vuzonida.dll
[2009/08/09 22:27:19 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003Core.job
[2009/08/09 10:58:51 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\detukimi.dll
[2009/08/07 23:26:48 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\tijawani.dll
[2009/08/06 21:41:07 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/06 21:36:11 | 00,084,480 | ---- | M] () -- C:\WINDOWS\System32\zedomoje.dll
[2009/08/05 18:29:56 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\zudalure.dll
[2009/08/05 18:29:56 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2009/08/04 23:50:29 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\dunulaju.dll
[2009/08/04 23:50:28 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\tajopava.dll
[2009/07/26 22:50:22 | 00,001,846 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2009/07/19 06:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 06:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 06:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/15 00:20:43 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >


Here is the log from Extras.Txt:

OTL Extras logfile created on: 8/11/2009 9:30:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.48 Mb Total Physical Memory | 110.59 Mb Available Physical Memory | 22.01% Memory free
1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.06% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.89 Gb Total Space | 6.15 Gb Free Space | 11.41% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 0.65 Gb Free Space | 32.53% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OGNIB3309LAPTOP
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Call Module -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}" = MS Export
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20F0F67B-CB0F-4C85-B6F2-133D9CB70614}" = Samsung PC Studio
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{25F521AA-4771-4D90-B660-1AF4904770B7}" = Pinger Outlook Add-In
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26AA53D5-1307-48F9-A80F-A4D25F5849D4}" = Logitech QuickCam
"{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = IOGEAR Bluetooth Software
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{5380063E-2909-4d72-BFA3-625881F2E78B}" = Intel® PROSet for Wireless
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{574157AB-CB2E-4B0C-84BE-65D3EC7644E0}" = SiPix PocketPrinter A6
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}" = Fujitsu Hotkey Utility
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8DB9F162-C085-4E70-BB22-969429DB020D}" = LifeBook Application Panel
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"{9E468C37-E0D7-11D6-8FF2-003084280332}" = ISI Search Engine Runtime 2a
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B905C2C6-E171-4D6A-B235-EDECF1F5EFB1}" = Samsung PC Studio 3
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BB46245B-CECA-406F-8790-3ABA0D01012F}" = Roxio VideoWave Movie Creator
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF266192-9587-487A-81DC-F7B1938740F4}" = Sound Converter
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}" = Fujitsu Driver Update V1.1L20
"{E87BE7F8-3077-40C1-8592-956F649A2781}" = Diskeeper Professional Edition
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF69A621-37E0-4C95-AC63-D1840643C0D9}" = PrintBoy
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}" = Google Talk Plugin
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FECB001A-62F8-4E84-8FD0-4B963D039A63}" = Samsung Contacts Copier
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM_6" = AIM 6
"Athena" = WebCam for MSN Messenger
"CANONBJ_Deinstall_CNMCP3m.DLL" = Canon S520
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDRegionMaster" = DVD Region Master (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}" = Maxtor OneTouch III
"InstallShield_{858EBD47-9C14-4158-8D2A-1E3B78E7CD17}" = O2Micro MemoryCardBus Windows Driver
"InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
"Intellisync Lite Connected Organizers V4.0" = Intellisync Lite
"LimeWire" = LimeWire 4.9.23
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Plaxo" = Plaxo Toolbar for Windows
"RealPlayer 6.0" = RealPlayer
"Registry First Aid_is1" = Registry First Aid
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XY Chart Labeler 6.24" = XY Chart Labeler 6.24
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1961663005-505800229-699386506-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2009 9:59:02 PM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: SpywareProtect2009 in File: c:\program
files\wodgen\lloosysguard.exe by: Manual scan. Action: Terminate Process Required.
Action Description:

Error - 8/12/2009 12:24:13 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: SpywareProtect2009 in File: C:\WINDOWS\system32\iehelper.dll
by: Auto-Protect scan. Action: Pending Side Effects Analysis. Action Description:


Error - 8/12/2009 12:33:34 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: SpywareProtect2009 in File: C:\WINDOWS\system32\iehelper.dll
by: Auto-Protect scan. Action: Leave Alone succeeded. Action Description: The
file was left unchanged.

Error - 8/12/2009 12:33:36 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: SpywareProtect2009 in File: c:\WINDOWS\system32\iehelper.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 8/12/2009 12:33:44 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: SpywareProtect2009 in File: C:\WINDOWS\system32\iehelper.dll
by: Auto-Protect scan. Action: Reboot Required. Action Description: The file
was quarantined successfully.

Error - 8/12/2009 12:35:01 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: SpywareProtect2009 in File: c:\program
files\wodgen\lloosysguard.exe by: Manual scan. Action: Leave Alone succeeded.
Action Description: The file was left unchanged.

Error - 8/12/2009 12:35:02 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: (null) in File: c:\program files\wodgen\lloosysguard.exe
by: Manual scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged.

Error - 8/12/2009 12:35:02 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: (null) in File: c:\windows\system32\iehelper.dll
by: Manual scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged.

Error - 8/12/2009 12:35:03 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: SpywareProtect2009 in File: c:\program
files\wodgen\lloosysguard.exe by: Manual scan. Action: Terminate Process Required.
Action Description:

Error - 8/12/2009 12:36:49 AM | Computer Name = OGNIB3309LAPTOP | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: SpywareProtect2009 in File: C:\WINDOWS\system32\iehelper.dll
by: Auto-Protect scan. Action: Pending Side Effects Analysis. Action Description:


[ System Events ]
Error - 8/11/2009 12:38:01 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 1:19:41 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 1:27:19 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/11/2009 9:58:41 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 10:01:44 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 10:07:54 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 10:16:51 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/11/2009 9:54:59 PM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/12/2009 12:24:33 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.

Error - 8/12/2009 12:29:08 AM | Computer Name = OGNIB3309LAPTOP | Source = DCOM | ID = 10010
Description = The server {CD79C623-E1B7-47CF-A685-2E8A882BA3F8} did not register
with DCOM within the required timeout.


< End of report >


What can I do next to get rid of the virus? Please note that I tried to follow the Prep Guide but was unable to get DDS to run. Thanks in advance.

-cmcwong

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 August 2009 - 12:28 AM

Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




OTL Fix step

Open OTL then do below..

Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.

:processes
explorer.exe

:services

:OTL
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 www.intsecure-2009.com
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [msupdate] File not found
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [system tool] C:\Program Files\wodgen\lloosysguard.exe (Microsoft Corporation)
[2009/08/11 21:18:04 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/08/09 23:43:11 | 00,219,009 | ---- | C] () -- C:\WINDOWS\syssvc.exe
[2009/08/09 23:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\wodgen
[2009/05/09 22:58:50 | 00,037,376 | -HS- | C] () -- C:\WINDOWS\System32\vuzonida.dll
[2009/05/09 10:58:50 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\detukimi.dll
[2009/05/07 23:26:47 | 00,037,888 | -HS- | C] () -- C:\WINDOWS\System32\tijawani.dll
[2009/05/06 21:36:09 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\zedomoje.dll
[2009/05/05 18:29:55 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\zudalure.dll
[2009/05/05 18:29:55 | 00,038,912 | -HS- | C] () -- C:\WINDOWS\System32\neniweja.dll
[2009/05/04 23:50:27 | 00,084,992 | -HS- | C] () -- C:\WINDOWS\System32\dunulaju.dll
[2009/05/04 23:50:27 | 00,038,400 | -HS- | C] () -- C:\WINDOWS\System32\tajopava.dll
[2009/08/10 19:43:01 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\hezevave
[2009/08/09 23:43:15 | 00,219,009 | ---- | M] () -- C:\WINDOWS\syssvc.exe
[2009/08/09 22:58:51 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\vuzonida.dll
[2009/08/09 10:58:51 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\detukimi.dll
[2009/08/07 23:26:48 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\tijawani.dll
[2009/08/06 21:36:11 | 00,084,480 | ---- | M] () -- C:\WINDOWS\System32\zedomoje.dll
[2009/08/05 18:29:56 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\zudalure.dll
[2009/08/05 18:29:56 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\neniweja.dll
[2009/08/04 23:50:29 | 00,084,992 | -HS- | M] () -- C:\WINDOWS\System32\dunulaju.dll
[2009/08/04 23:50:28 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\tajopava.dll

:files
C:\Program Files\wodgen

:reg

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply...

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 August 2009 - 01:28 AM

Hi fenzodahl512-

I appreciate the quick reply! After a little trouble getting the_comedian.exe to run, (when I launched it the first couple of times, the command window opens and then is interrupted by the error message, "Application cannot be executed. The file the_comedian.exe is infected. Do you want to activate your antivirus software now?"), I finally was able to access it.

Here is the log you requested:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== OTL ==========
91.212.127.220 intsecure.microsoft.com removed from HOSTS file successfully
91.212.127.220 intsecure-2009.com removed from HOSTS file successfully
Registry value HKEY_USERS\S-1-5-21-1961663005-505800229-699386506-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1961663005-505800229-699386506-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msupdate deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1961663005-505800229-699386506-1003\Software\Microsoft\Windows\CurrentVersion\Run\\system tool deleted successfully.
C:\Program Files\wodgen\lloosysguard.exe moved successfully.
C:\WINDOWS\System32\iehelper.dll unregistered successfully.
C:\WINDOWS\System32\iehelper.dll moved successfully.
C:\WINDOWS\syssvc.exe moved successfully.
C:\Program Files\wodgen moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\vuzonida.dll
C:\WINDOWS\System32\vuzonida.dll NOT unregistered.
C:\WINDOWS\System32\vuzonida.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\detukimi.dll
C:\WINDOWS\System32\detukimi.dll NOT unregistered.
C:\WINDOWS\System32\detukimi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tijawani.dll
C:\WINDOWS\System32\tijawani.dll NOT unregistered.
C:\WINDOWS\System32\tijawani.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zedomoje.dll
C:\WINDOWS\System32\zedomoje.dll NOT unregistered.
C:\WINDOWS\System32\zedomoje.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\zudalure.dll
C:\WINDOWS\System32\zudalure.dll NOT unregistered.
C:\WINDOWS\System32\zudalure.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\neniweja.dll
C:\WINDOWS\System32\neniweja.dll NOT unregistered.
C:\WINDOWS\System32\neniweja.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\dunulaju.dll
C:\WINDOWS\System32\dunulaju.dll NOT unregistered.
C:\WINDOWS\System32\dunulaju.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\tajopava.dll
C:\WINDOWS\System32\tajopava.dll NOT unregistered.
C:\WINDOWS\System32\tajopava.dll moved successfully.
C:\WINDOWS\System32\hezevave moved successfully.
File C:\WINDOWS\syssvc.exe not found.
File C:\WINDOWS\System32\vuzonida.dll not found.
File C:\WINDOWS\System32\detukimi.dll not found.
File C:\WINDOWS\System32\tijawani.dll not found.
File C:\WINDOWS\System32\zedomoje.dll not found.
File C:\WINDOWS\System32\zudalure.dll not found.
File C:\WINDOWS\System32\neniweja.dll not found.
File C:\WINDOWS\System32\dunulaju.dll not found.
File C:\WINDOWS\System32\tajopava.dll not found.
========== FILES ==========
File\Folder C:\Program Files\wodgen not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 830096 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2766199 bytes

User: Owner
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WNSS2QI3\8E4EHUB4T9Z4ZPU&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=19%3A3[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BDTH9CRU\23UE6EUFTF46ONO&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=20%3A3[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BDTH9CRU\VY8IO11W2FDNET&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=18%3A56[1] scheduled to be deleted on reboot.
->Temp folder emptied: 229606811 bytes
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3252864 bytes
->Java cache emptied: 63572907 bytes
->FireFox cache emptied: 50377685 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 200721 bytes
Windows Temp folder emptied: 5909675 bytes
RecycleBin emptied: 1385213 bytes

Total Files Cleaned = 342.44 mb


OTL by OldTimer - Version 3.0.10.6 log created on 08112009_231241

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WNSS2QI3\8E4EHUB4T9Z4ZPU&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=19%3A3[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BDTH9CRU\23UE6EUFTF46ONO&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=20%3A3[1] not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\BDTH9CRU\VY8IO11W2FDNET&cookie=0CO561WY86ZYH2W5OQ3XQXGLAYE0NW77&browsertoken=U&platformtoken=Win32&language=en-us&pagetitle=Nexplore%20Search&referer=&screen=1024x768&localtime=18%3A56[1] not found!

Registry entries deleted on Reboot...


Can it be true that the Antivirus System Pro malware is gone?
It's not popping up all over the place now. If so, can I delete the malware programs that I was asked to download and reactivate my firewalls? What anti-virus software do you suggest I run in the future to prevent another attack like this? Please advise.

Thanks,
cmcwong

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 August 2009 - 03:19 AM

Lets run these steps first just to make sure..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 August 2009 - 11:07 PM

Sorry for the slow reply! Couldn't get to this till I got home from work! Here are the logs requested:

From MBAM:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/12/2009 8:36:05 PM
mbam-log-2009-08-12 (20-36-05).txt

Scan type: Quick Scan
Objects scanned: 89757
Time elapsed: 15 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm17bfaa9b (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Others to follow, thanks!
-cmcwong

#6 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 August 2009 - 11:09 PM

From RSIT:


log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-12 20:59:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (12%) free of 55 GB
Total RAM: 502 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:55 PM, on 8/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucdavis.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ž::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.22.0.7\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\zedomoje.dll c:\windows\system32\zudalure.dll c:\windows\system32\dunulaju.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Ndddddpsq - Unknown owner - (no file)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13539 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-23 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-16 159744]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2003-08-21 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2003-08-21 61440]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2003-12-10 167936]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2003-06-30 188416]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2003-06-30 65536]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PRONoMgr.exe"=C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-10-04 176216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"rfagent"=C:\Program Files\RFA\rfagent.exe [2004-04-04 294400]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"MaxtorOneTouch"=C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2006-03-27 712704]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2005-10-17 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"PlaxoUpdate"=C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe [2009-07-10 378951]
"PlaxoSysTray"=C:\Program Files\Plaxo\3.22.0.7\PlaxoSysTray.exe [2009-07-10 20480]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 133104]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2003-10-01 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe [2006-04-17 182855]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFAgent]
C:\Program Files\RFA\rfagent.exe [2004-04-04 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe [2004-12-06 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2007-01-04 112336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\IOGEAR\BLUETO~1\BTTray.exe [2006-04-12 643133]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2007-03-04 226832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-10-02 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YahooPOPs.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" c:\windows\system32\zedomoje.dll c:\windows\system32\zudalure.dll c:\windows\system32\dunulaju.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-01 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Call Module"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{face5b40-e076-11dd-86ca-000b5d4aac7d}]
shell\AutoRun\command - E:\WDSetup.exe


======List of files/folders created in the last 3 months======

2009-08-12 20:59:40 ----D---- C:\Program Files\trend micro
2009-08-12 20:59:36 ----D---- C:\rsit
2009-08-12 20:55:31 ----D---- C:\WINDOWS\LastGood
2009-08-11 23:12:41 ----D---- C:\_OTL
2009-08-11 20:10:53 ----A---- C:\WINDOWS\system32\sbbd.exe
2009-08-11 20:02:28 ----D---- C:\VIPRERESCUE
2009-08-11 07:13:29 ----D---- C:\Program Files\Sophos
2009-08-10 20:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 20:03:31 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-10 20:03:30 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-10 20:01:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-05 23:22:51 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2009-07-15 00:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 00:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 00:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-04 19:40:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-10 02:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 02:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 02:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 02:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-08-12 20:59:46 ----HD---- C:\WINDOWS\inf
2009-08-12 20:59:40 ----RD---- C:\Program Files
2009-08-12 20:59:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 20:59:20 ----D---- C:\WINDOWS
2009-08-12 20:58:55 ----D---- C:\WINDOWS\Prefetch
2009-08-12 20:55:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-12 20:52:03 ----D---- C:\Program Files\Symantec AntiVirus
2009-08-12 20:47:24 ----D---- C:\Program Files\Mozilla Firefox
2009-08-12 20:46:22 ----D---- C:\WINDOWS\system32
2009-08-12 20:44:25 ----D---- C:\Program Files\Plaxo
2009-08-12 20:44:25 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-08-12 20:43:50 ----D---- C:\WINDOWS\Temp
2009-08-12 20:40:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-12 07:19:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 07:19:13 ----D---- C:\WINDOWS\system32\drivers
2009-08-10 20:03:43 ----SHD---- C:\WINDOWS\Installer
2009-08-10 20:01:18 ----D---- C:\Program Files\Common Files
2009-07-29 00:40:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 00:39:55 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 00:39:55 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 00:20:43 ----A---- C:\WINDOWS\imsins.BAK
2009-07-02 23:31:24 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-06-30 22:22:49 ----SD---- C:\WINDOWS\Tasks
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-03 12:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-26 22:19:18 ----D---- C:\WINDOWS\Minidump
2009-05-26 06:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-20 23:06:24 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-04-23 5632]
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-03-23 14037]
R2 PALMCAMUSB;Palm Handheld USB Webcam; C:\WINDOWS\System32\DRIVERS\palmcamusb.sys [2004-04-20 215424]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-07 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-07 98842]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-07 33847]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-23 1197740]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-09-25 44032]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-04-12 329837]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-04-12 854538]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-07 93979]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090807.007\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090807.007\navex15.sys []
R3 NgLog;Aventail VPN Logging; C:\WINDOWS\system32\DRIVERS\nglog.sys [2007-11-19 25240]
R3 NgVpn;Aventail VPN Adapter; C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2007-11-19 76440]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-01-05 256688]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-01 1646720]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bfastfao;bfastfao; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\bfastfao.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-04-12 30427]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-04-12 148932]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-04-12 47811]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-04-12 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-04-12 65784]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-10-27 190465]
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card; C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS [2001-10-15 25434]
S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-25 5817]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2005-04-06 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NgFilter;Aventail VPN Filter; C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2007-11-19 20632]
S3 NgWfp;Aventail VPN Callout; C:\WINDOWS\system32\DRIVERS\ngwfp.sys [2007-11-19 21656]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-27 16509]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2002-12-10 236121]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe [2006-04-12 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-10-05 577644]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 MaxBackServiceInt;MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [2006-02-15 184320]
R2 NgVpnMgr;Aventail VPN Client; C:\WINDOWS\system32\ngvpnmgr.exe [2007-11-19 205381]
R2 NTService1;MaxSyncService; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [2006-02-07 106496]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-10 69632]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------



#7 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 12 August 2009 - 11:10 PM

From RSIT:


info.txt:

info.txt logfile of random's system information tool 1.06 2009-08-12 21:02:05

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\SETUP.EXE" -l0x9
Agere Systems AC'97 Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aventail Connect-->MsiExec.exe /I{A2A78788-2792-49BF-AF22-5E9296E568F3}
Aventail Web Proxy Agent-->MsiExec.exe /X{9B0B46B3-10DF-4ADA-9501-0129D784563D}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon S520-->C:\WINDOWS\system32\CNMCP3M.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\DeIsL1.isu" -pCanon S520-c"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\bjinst.dll
CLIE MS SCSI Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}\setup.exe" UNINSTALL
Diskeeper Professional Edition-->MsiExec.exe /I{E87BE7F8-3077-40C1-8592-956F649A2781}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Region Master (remove only)-->"C:\Program Files\DVD Region Master\Uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Fujitsu Driver Update V1.1L20-->MsiExec.exe /X{E0FAA0BA-874E-47C8-9ECA-BB333006CF16}
Fujitsu Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F5746DF-18E9-4E35-9032-D5F551E7CD5A}\setup.exe"
GMATPrep™-->"C:\Program Files\InstallShield Installation Information\{BFE903DE-4845-4387-9C6C-98B21B8445A3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Talk Plugin-->MsiExec.exe /I{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® PROSet for Wireless-->MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
Intellisync Lite-->C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\ISCLIE\DeIsL1.isu -cC:\PROGRA~1\ISCLIE\ILUNINST.DLL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IOGEAR Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
iPod Updater 2004-08-06-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F8C106A-7DFC-45DE-8006-F9145AADF1D8} /l1033
iPod Updater 2004-11-15-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
ISI Search Engine Runtime 2a-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E468C37-E0D7-11D6-8FF2-003084280332}\Setup.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LifeBook Application Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DB9F162-C085-4E70-BB22-969429DB020D}\setup.exe"
LimeWire 4.9.23-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor Backup-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9C3F9580-F5CF-4288-894E-9FF0EB24A21C} /l1033
Maxtor OneTouch III-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9} /l1033
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Export-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15EE1439-3B90-4DA6-A4FD-3BF23E830C25}\setup.exe" UNINSTALL
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{858EBD47-9C14-4158-8D2A-1E3B78E7CD17} /l1033
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Palm Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\setup.exe" Uninstall
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pinger Outlook Add-In-->MsiExec.exe /I{25F521AA-4771-4D90-B660-1AF4904770B7}
Plaxo Toolbar for Windows-->C:\Program Files\Plaxo\3.22.0.7\uninstall.exe
PrintBoy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF69A621-37E0-4C95-AC63-D1840643C0D9}\setup.exe" -l0x9 -uninst
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Registry First Aid-->"C:\Program Files\RFA\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Roxio VideoWave Movie Creator-->MsiExec.exe /I{BB46245B-CECA-406F-8790-3ABA0D01012F}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Contacts Copier-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
SiPix PocketPrinter A6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{574157AB-CB2E-4B0C-84BE-65D3EC7644E0}\setup.exe" -l0x9
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Sophos Anti-Rootkit 1.5.0-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
Sound Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF266192-9587-487A-81DC-F7B1938740F4}\setup.exe" UNINSTALL
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XY Chart Labeler 6.24-->C:\PROGRA~1\AppsPro\CHARTL~1\UNWISE.EXE /U C:\PROGRA~1\AppsPro\CHARTL~1\INSTALL.LOG
Zinio Reader-->C:\Program Files\Zinio\uninstall.exe

======Hosts File======

::1 localhost
127.0.0.1 localhost

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======System event log======

Computer Name: OGNIB3309LAPTOP
Event Code: 7001
Message: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 142233
Source Name: Service Control Manager
Time Written: 20090704194233.000000-420
Event Type: error
User:

Computer Name: OGNIB3309LAPTOP
Event Code: 7001
Message: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 142232
Source Name: Service Control Manager
Time Written: 20090704194233.000000-420
Event Type: error
User:

Computer Name: OGNIB3309LAPTOP
Event Code: 7001
Message: The DHCP Client service depends on the NetBT service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 142231
Source Name: Service Control Manager
Time Written: 20090704194232.000000-420
Event Type: error
User:

Computer Name: OGNIB3309LAPTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 142198
Source Name: Tcpip
Time Written: 20090703205829.000000-420
Event Type: warning
User:

Computer Name: OGNIB3309LAPTOP
Event Code: 20
Message: Printer Driver HP Officejet J5700 Series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpoj5703.GPD, UNIDRV.HLP, hpoj570a.ini, hpzst4sa.dll, hpoj5703.xml, hpzsc4sa.dtd, hpzui4sa.dll, hpz3r4sa.dll, hpzpr4sa.dll, hpcdmc32.dll, hpbcfgre.dll, hpzsm4sa.gpd, hpz3m4sa.gpd, hpzev4sa.dll, hpzhl4sa.cab, STDNAMES.GPD, hpfie4sa.dll, hpfig4sa.dll, hpfrs4sa.dll, hpoh5700.cfg, UNIRES.DLL.

Record Number: 142170
Source Name: Print
Time Written: 20090703083046.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: OGNIB3309LAPTOP
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 68144
Source Name: Userenv
Time Written: 20090523100605.000000-420
Event Type: warning
User: OGNIB3309LAPTOP\Owner

Computer Name: OGNIB3309LAPTOP
Event Code: 1517
Message: Windows saved user OGNIB3309LAPTOP\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 68123
Source Name: Userenv
Time Written: 20090523013257.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: OGNIB3309LAPTOP
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 68122
Source Name: Userenv
Time Written: 20090523013229.000000-420
Event Type: warning
User: OGNIB3309LAPTOP\Owner

Computer Name: OGNIB3309LAPTOP
Event Code: 20
Message:
Record Number: 68117
Source Name: Google Update
Time Written: 20090522225319.000000-420
Event Type: error
User: OGNIB3309LAPTOP\Owner

Computer Name: OGNIB3309LAPTOP
Event Code: 32066
Message: At least one of the devices in the outgoing routing group is not valid.
Group name: '<All devices>'

Record Number: 68110
Source Name: Microsoft Fax
Time Written: 20090522223937.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 August 2009 - 11:25 PM

Waiting for GMER log (I know it'll take a while :thumbup2: )

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 August 2009 - 01:00 AM

Attached are the results for the GMER program scan.

The file is called "cmcwongGMERresults.txt"

Please let me know if there are other procedures I should take. Appreciate the help!

Thanks,
cmcwong

Attached Files



#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 13 August 2009 - 01:29 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 cmcwong

cmcwong
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 13 August 2009 - 03:06 AM

Hi fenzodahl512-

Here is the ComboFix log:

ComboFix 09-08-10.06 - Owner 08/12/2009 23:58.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.103 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\15e77a.msp
c:\windows\Installer\1de2c8.msi
c:\windows\Installer\1de2cf.msi
c:\windows\Installer\62620b.msi
c:\windows\Installer\b3f7cb.msp
c:\windows\Installer\b3f7cf.msp
D:\Autorun.inf


.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 03:59 . 2009-08-13 04:01 -------- d-----w- c:\program files\trend micro
2009-08-13 03:59 . 2009-08-13 04:02 -------- d-----w- C:\rsit
2009-08-13 03:55 . 2009-08-13 03:55 -------- d-----w- c:\windows\LastGood
2009-08-12 14:17 . 2009-08-12 14:18 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-12 06:12 . 2009-08-12 06:12 -------- d-----w- C:\_OTL
2009-08-12 03:10 . 2009-03-17 20:26 65320 ----a-w- c:\windows\system32\sbbd.exe
2009-08-12 03:10 . 2008-10-23 00:08 92464 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-08-12 03:02 . 2009-08-12 03:03 -------- d-----w- C:\VIPRERESCUE
2009-08-11 14:13 . 2009-08-11 14:13 -------- d-----w- c:\program files\Sophos
2009-08-11 03:04 . 2009-08-13 03:45 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-11 03:03 . 2009-08-11 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-11 03:03 . 2009-08-11 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-11 03:03 . 2009-08-11 03:03 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-11 03:01 . 2009-08-11 03:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 07:05 . 2007-05-13 09:41 -------- d-----w- c:\program files\Symantec AntiVirus
2009-08-13 03:44 . 2005-02-08 19:18 -------- d-----w- c:\program files\Plaxo
2009-08-12 14:19 . 2009-01-06 04:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 20:36 . 2009-01-06 04:20 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 20:36 . 2009-01-06 04:20 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 04:51 . 2007-12-20 08:41 22097 ----a-w- c:\documents and settings\Owner\Application Data\Aventail\epi\xepcwin.dll
2009-07-27 04:51 . 2007-12-20 08:39 237568 ----a-w- c:\documents and settings\Owner\Application Data\Aventail\java_deploy\epiMsiBootstraper.dll
2009-06-29 16:12 . 2004-08-23 18:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-03-23 23:35 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-22 22:23 . 2009-06-22 22:23 239088 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-16 14:36 . 2004-03-23 23:36 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-03-23 23:35 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2003-05-30 17:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"="c:\program files\Plaxo\3.22.0.7\PlaxoHelper_en.exe" [2009-07-10 378951]
"PlaxoSysTray"="c:\program files\Plaxo\3.22.0.7\PlaxoSysTray.exe" [2009-07-10 20480]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-16 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-07-16 159744]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2003-11-13 81920]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2003-08-21 242688]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-21 61440]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2003-12-11 167936]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2003-07-01 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2003-07-01 65536]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 86016]
"DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-10-05 176216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"rfagent"="c:\program files\RFA\rfagent.exe" [2004-04-04 294400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"MaxtorOneTouch"="c:\program files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 712704]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-09-23 88363]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-9-24 25214]
Bluetooth.lnk - c:\program files\IOGEAR\Bluetooth Software\BTTray.exe [2006-4-12 643133]
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [2004-4-13 299008]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-4 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-17 00:49 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YahooPOPs.lnk]
backup=c:\windows\pss\YahooPOPs.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [11/19/2007 4:21 PM 205381]
R2 PALMCAMUSB;Palm Handheld USB Webcam;c:\windows\system32\drivers\palmcamusb.sys [4/20/2004 10:32 PM 215424]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/30/2007 11:43 AM 24652]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [11/19/2007 4:19 PM 25240]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [11/19/2007 4:20 PM 76440]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [11/18/1999 1:20 AM 3872]
S3 bfastfao;bfastfao;\??\c:\docume~1\Owner\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Owner\LOCALS~1\Temp\bfastfao.sys [?]
S3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [3/23/2004 7:48 PM 190465]
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card;c:\windows\system32\drivers\DLKRCB.SYS [6/4/2006 1:17 PM 25434]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [3/23/2004 7:48 PM 5817]
S3 Ndddddpsq;Ndddddpsq; [x]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [11/19/2007 4:20 PM 20632]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [11/19/2007 4:20 PM 21656]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 3:30 AM 124608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
*Deregistered* - EraserUtilDrv10910
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 17:55]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 17:55]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6F4F49AE-C9AC-420D-885D-727B916500AD} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ucdavis.edu/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dtju1lfd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ucdavis.edu/
FF - prefs.js: network.proxy.ftp - 213.4.106.164
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 213.4.106.164
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 213.4.106.164
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 213.4.106.164
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 213.4.106.164
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 00:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\System32\LgNotify.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-08-13 0:41
ComboFix-quarantined-files.txt 2009-08-13 07:41

Pre-Run: 6,910,836,736 bytes free
Post-Run: 6,681,833,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

282 --- E O F --- 2009-07-29 07:40



and the new HijackThis log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-08-13 01:00:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (12%) free of 55 GB
Total RAM: 502 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:22 AM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\RFA\rfagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Executive Software\Diskeeper\DfrgNTFS.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\Antivirus System Pro Malware Programs\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ucdavis.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ž::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.22.0.7\PlaxoSysTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.computers.us.fujitsu.com/
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Ndddddpsq - Unknown owner - (no file)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13573 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1961663005-505800229-699386506-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-09-23 88363]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-16 159744]
"IndicatorUtility"=C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [2003-11-13 81920]
"LoadFujitsuQuickTouch"=C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [2003-08-21 242688]
"LoadBtnHnd"=C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe [2003-08-21 61440]
"FJUPDNV_Chitose"=C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe [2003-12-10 167936]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2003-06-30 188416]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2003-06-30 65536]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-28 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-28 455168]
"PRONoMgr.exe"=C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-10-04 176216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"rfagent"=C:\Program Files\RFA\rfagent.exe [2004-04-04 294400]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"MaxtorOneTouch"=C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2006-03-27 712704]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2005-10-17 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlaxoUpdate"=C:\Program Files\Plaxo\3.22.0.7\PlaxoHelper_en.exe [2009-07-10 378951]
"PlaxoSysTray"=C:\Program Files\Plaxo\3.22.0.7\PlaxoSysTray.exe [2009-07-10 20480]
"Google Update"=C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-16 133104]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2003-10-01 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe [2006-04-17 182855]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RFAgent]
C:\Program Files\RFA\rfagent.exe [2004-04-04 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe [2004-12-06 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2007-01-04 112336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\IOGEAR\BLUETO~1\BTTray.exe [2006-04-12 643133]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2007-03-04 226832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-10-02 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^YahooPOPs.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
Bluetooth.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-01 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2003-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2009-08-13 00:59:01 ----SHD---- C:\RECYCLER
2009-08-13 00:41:35 ----A---- C:\ComboFix.txt
2009-08-12 23:54:06 ----A---- C:\Boot.bak
2009-08-12 23:53:53 ----RASHD---- C:\cmdcons
2009-08-12 23:40:33 ----A---- C:\WINDOWS\zip.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\SWSC.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\SWREG.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\sed.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\PEV.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-12 23:40:33 ----A---- C:\WINDOWS\grep.exe
2009-08-12 23:39:50 ----D---- C:\WINDOWS\ERDNT
2009-08-12 23:39:20 ----AD---- C:\Qoobox
2009-08-12 20:59:40 ----D---- C:\Program Files\trend micro
2009-08-12 20:59:36 ----D---- C:\rsit
2009-08-11 23:12:41 ----D---- C:\_OTL
2009-08-11 20:10:53 ----A---- C:\WINDOWS\system32\sbbd.exe
2009-08-11 20:02:28 ----D---- C:\VIPRERESCUE
2009-08-11 07:13:29 ----D---- C:\Program Files\Sophos
2009-08-10 20:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-10 20:03:31 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-10 20:03:30 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-10 20:01:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-05 23:22:51 ----D---- C:\Documents and Settings\All Users\Application Data\Macromedia
2009-07-15 00:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 00:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 00:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-04 19:40:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-10 02:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 02:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 02:16:27 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 02:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-08-13 01:00:50 ----D---- C:\WINDOWS\Prefetch
2009-08-13 00:58:27 ----D---- C:\WINDOWS\Temp
2009-08-13 00:53:02 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 00:49:40 ----D---- C:\Program Files\Plaxo
2009-08-13 00:48:32 ----D---- C:\WINDOWS
2009-08-13 00:47:41 ----D---- C:\Program Files\Symantec AntiVirus
2009-08-13 00:47:27 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt
2009-08-13 00:45:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-13 00:41:48 ----D---- C:\WINDOWS\system32
2009-08-13 00:33:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-13 00:25:58 ----A---- C:\WINDOWS\system.ini
2009-08-13 00:18:05 ----SHD---- C:\WINDOWS\Installer
2009-08-13 00:11:46 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 00:11:46 ----D---- C:\WINDOWS\AppPatch
2009-08-13 00:11:38 ----D---- C:\Program Files\Common Files
2009-08-12 23:57:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-12 23:54:06 ----RASH---- C:\boot.ini
2009-08-12 20:59:46 ----HD---- C:\WINDOWS\inf
2009-08-12 20:59:40 ----RD---- C:\Program Files
2009-08-12 20:59:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 07:19:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-29 00:39:55 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 00:39:55 ----D---- C:\Program Files\Internet Explorer
2009-07-19 06:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 06:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-15 00:20:43 ----A---- C:\WINDOWS\imsins.BAK
2009-07-02 23:31:24 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2009-06-30 22:22:49 ----SD---- C:\WINDOWS\Tasks
2009-06-29 09:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 09:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 09:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 09:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 09:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 04:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 04:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 01:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-03 12:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-26 22:19:18 ----D---- C:\WINDOWS\Minidump
2009-05-26 06:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-20 23:06:24 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-04-23 5632]
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R2 BtnHnd;BtnHnd; \??\C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-03-23 14037]
R2 PALMCAMUSB;Palm Handheld USB Webcam; C:\WINDOWS\System32\DRIVERS\palmcamusb.sys [2004-04-20 215424]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2003-09-15 11258]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-07 120830]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-07 98842]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-10-07 33847]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-09-23 1197740]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-09-25 44032]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-04-12 329837]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-04-12 854538]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-07 93979]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090807.007\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090807.007\navex15.sys []
R3 NgLog;Aventail VPN Logging; C:\WINDOWS\system32\DRIVERS\nglog.sys [2007-11-19 25240]
R3 NgVpn;Aventail VPN Adapter; C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2007-11-19 76440]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2004-01-05 256688]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\System32\DRIVERS\w22n51.sys [2004-01-01 1646720]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-04 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-04 2560]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ADVNTDRV;ADVNTDRV; C:\WINDOWS\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bfastfao;bfastfao; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\bfastfao.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-04-12 30427]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-04-12 148932]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-04-12 47811]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-04-12 30285]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-04-12 65784]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-10-27 190465]
S3 DLKRCB;D-Link DFE-690TXD CardBus PC Card; C:\WINDOWS\system32\DRIVERS\DLKRCB.SYS [2001-10-15 25434]
S3 EraserUtilDrv10910;EraserUtilDrv10910; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-25 5817]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2005-04-06 15360]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NgFilter;Aventail VPN Filter; C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2007-11-19 20632]
S3 NgWfp;Aventail VPN Callout; C:\WINDOWS\system32\DRIVERS\ngwfp.sys [2007-11-19 21656]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-06-27 16509]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\System32\DRIVERS\CamDrL21.sys [2002-12-10 236121]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe [2006-04-12 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-10-05 577644]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 MaxBackServiceInt;MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [2006-02-15 184320]
R2 NgVpnMgr;Aventail VPN Client; C:\WINDOWS\system32\ngvpnmgr.exe [2007-11-19 205381]
R2 NTService1;MaxSyncService; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [2006-02-07 106496]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2003-12-16 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2003-12-16 311363]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-10 69632]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-03 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------



#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 13 August 2009 - 04:30 AM

We need to get rid of some of the services running on your machine. To do this, copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

@echo off
sc stop Ndddddpsq
sc delete Ndddddpsq
exit

Save it to your desktop as File name: Service.bat
Save as type: All Files

It should look like this: Posted Image

Once done, double click Service.bat to run it. A command window will open briefly, then close. This is quite normal.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 19 August 2009 - 12:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 31 August 2009 - 09:54 AM

Hello.. boopme has reopen the topic.. Please run RSIT and GMER again and post the logs here :thumbup2:

Edited by fenzodahl512, 31 August 2009 - 09:56 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 09 September 2009 - 04:13 PM

Due to lack of feedback, I hereby closing this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users