Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Braviax, Ultimate Defender, PC Antispyware 2010


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dobbix

Dobbix

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 13 August 2009 - 11:28 AM

I was recently infected, and pc antispyware 2010 was installed on my pc.

So far I have done the following:
Full hard drive scan with kaspersky anti-virus 2010 (89 threats detected, and deleted)
Tried deleting the Braviax trojan files and Pc antispyware 2010 files in safe mode with KillBox
and I did a full scan with Malwarebytes Anti-malware in safe mode also.
Ran smitfraudfix.exe in safe mode, which said that braviax.exe was removed, but it still appears in windows task manager at start up.

This seems to have cleared up most of the other crap.

However everytime my computer starts up now
Kaspersky opens a pop up saying than bnc.tmp located in the temp folder is trying to access pc antispyware 2010, so i click delete and it says the file has been deleted.
then it detects C:\windows\system32\_scui.cpl and says that it will be deleted on rebooting.

So I reboot, and the computer loads up and exact same thing. Continuous cycle, also pc antispyware 2010.exe and braviax.exe still shows in the windows task manager when i start up the computer but the annoying pop-up bubble in the bottom right-hand corner doesn't appear anymore or anything.

Here's a hijackthis logfile, note that braviax.exe or pcantispyware2010.exe aren't present because I ended them in task manager before i ran hijackthis.

Edit: Also kaspersky detected win32.ultimatedefender trojan multiple times, but it appears to be deleted.
and also, I cleared out my temp folder and temporary internet files with CC cleaner, but bnc.tmp is still detected on start up.

Please help, thanks.

Attached Files


Edited by Dobbix, 13 August 2009 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 13 August 2009 - 12:49 PM

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 August 2009 - 03:53 AM

Hi,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#4 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 14 August 2009 - 06:30 AM

Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-14 12:33:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 78 GB
Total RAM: 1534 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:52, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\braviax.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Regedit32] C:\windows\system32\regedit.exe
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Canbet Poker - {13E222A8-206D-43ee-81A2-213EBF3DE13B} - C:\Microgaming\Poker\CanbetPokerMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.prizerebel.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: cru629.dat,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11280 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 1803720]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"AtiPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
"Regedit32"=C:\windows\system32\regedit.exe []
"braviax"= []
"PC Antispyware 2010"=C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe [2009-08-13 588886]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
C:\Documents and Settings\Administrator\msword98.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [2006-07-31 19857408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe [2003-04-01 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
C:\Documents and Settings\Administrator\msword98.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-06-02 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-08-31 448040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-09-06 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE [2005-11-10 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
C:\PROGRA~1\BTYAHO~1\BTYAHO~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [1980-01-03 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2005-04-08 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"iPod Service"=3
"Apple Mobile Device"=2
"YPCService"=3
"WMPNetworkSvc"=3
"SPBBCSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="cru629.dat,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Absolute Poker\mainclient.exe"="C:\Program Files\Absolute Poker\mainclient.exe:*:Enabled:Absolute Poker"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\DVR\Network Client\nView4.exe"="C:\Program Files\DVR\Network Client\nView4.exe:*:Enabled:nView4"
"C:\Program Files\DVR\Network Client\DvrPlayer.exe"="C:\Program Files\DVR\Network Client\DvrPlayer.exe:*:Enabled:DvrPlayer"
"C:\Program Files\DTD Poker\UA.exe"="C:\Program Files\DTD Poker\UA.exe:*:Enabled:UA Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SunPoker.com\UA.exe"="C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application"
"C:\Casino\Paddy Power Casino\casino.exe"="C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Update\Cabal\launcher\update\ESTdnheadless.exe"="C:\Update\Cabal\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe"="C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe:*:Enabled:NyxLauncher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-14 12:33:42 ----D---- C:\Program Files\trend micro
2009-08-14 12:33:41 ----D---- C:\rsit
2009-08-14 12:29:19 ----D---- C:\Program Files\PC_Antispyware2010
2009-08-14 12:24:11 ----A---- C:\windows\system32\wisdstr.exe
2009-08-14 12:24:07 ----A---- C:\windows\system32\braviax.exe
2009-08-13 16:06:32 ----A---- C:\windows\system32\tmp.txt
2009-08-13 16:06:20 ----A---- C:\rapport.txt
2009-08-12 23:41:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-12 23:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-12 23:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 23:13:58 ----A---- C:\fix.txt
2009-08-12 21:30:23 ----A---- C:\windows\uzomap.bat
2009-08-12 16:55:15 ----D---- C:\Program Files\PlaneShift Steel Blue
2009-08-12 12:58:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-08-12 12:58:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-08-12 12:58:38 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-08-12 12:58:37 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-10 14:04:38 ----D---- C:\AeriaGames
2009-08-09 17:16:42 ----A---- C:\windows\system32\usbaaplrc.dll
2009-08-09 15:31:23 ----D---- C:\Program Files\iTunes Library Updater
2009-08-07 18:58:07 ----D---- C:\windows\.jagex_cache_32
2009-07-16 00:21:13 ----D---- C:\Documents and Settings\All Users\Application Data\Boss Media

======List of files/folders modified in the last 1 months======

2009-08-14 12:33:45 ----D---- C:\windows\Temp
2009-08-14 12:33:42 ----RD---- C:\Program Files
2009-08-14 12:33:33 ----D---- C:\windows\Prefetch
2009-08-14 12:30:08 ----D---- C:\windows\system32\CatRoot2
2009-08-14 12:30:07 ----D---- C:\windows\system32\drivers
2009-08-14 12:30:07 ----D---- C:\windows\system32
2009-08-14 12:29:49 ----RSHDC---- C:\windows\system32\dllcache
2009-08-14 12:29:47 ----D---- C:\Program Files\Mozilla Firefox
2009-08-14 12:25:10 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-14 12:24:07 ----D---- C:\windows\Drivers
2009-08-14 12:21:02 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-14 12:20:40 ----D---- C:\WINDOWS
2009-08-14 00:51:20 ----A---- C:\windows\SchedLgU.Txt
2009-08-13 19:07:14 ----D---- C:\Program Files\a-squared Free
2009-08-13 17:35:26 ----D---- C:\!KillBox
2009-08-13 16:56:32 ----A---- C:\windows\ntbtlog.txt
2009-08-13 15:59:10 ----SHD---- C:\System Volume Information
2009-08-13 15:59:10 ----D---- C:\windows\system32\Restore
2009-08-13 14:35:43 ----D---- C:\Program Files\CarbonPoker
2009-08-13 12:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 12:45:43 ----D---- C:\windows\Minidump
2009-08-13 10:55:23 ----D---- C:\windows\system32\CatRoot
2009-08-13 10:53:54 ----SHD---- C:\windows\Installer
2009-08-13 10:53:54 ----HD---- C:\Config.Msi
2009-08-13 10:53:38 ----HD---- C:\windows\inf
2009-08-13 01:35:34 ----D---- C:\Program Files\Kaspersky Lab
2009-08-13 01:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-13 01:24:35 ----SHD---- C:\windows\CSC
2009-08-13 00:43:10 ----A---- C:\windows\win.ini
2009-08-13 00:43:10 ----A---- C:\windows\system.ini
2009-08-13 00:02:25 ----D---- C:\Program Files\Common Files
2009-08-12 21:22:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 21:20:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-08-12 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2009-08-12 16:50:03 ----D---- C:\Downloads
2009-08-12 16:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 15:40:37 ----D---- C:\Program Files\Softnyx
2009-08-10 15:01:42 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-09 18:24:07 ----D---- C:\windows\system32\config
2009-08-09 17:41:23 ----D---- C:\Program Files\QuickTime
2009-08-09 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-09 17:17:12 ----DC---- C:\windows\system32\DRVSTORE
2009-08-09 17:16:55 ----D---- C:\windows\system32\ReinstallBackups
2009-08-09 15:12:16 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-07-31 12:27:27 ----A---- C:\windows\GunzLauncher.INI
2009-07-30 13:01:10 ----D---- C:\Program Files\PokerStars
2009-07-17 16:09:55 ----D---- C:\Program Files\ATITool
2009-07-16 10:25:55 ----D---- C:\Program Files\Full Tilt Poker
2009-07-16 00:21:11 ----D---- C:\Program Files\DTD Poker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\windows\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-08-13 296976]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\System32\Drivers\nvport.sys []
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-04-28 5632]
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service; C:\windows\System32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2005-10-17 9856]
R3 PID_0928;Labtec WebCam(PID_0928); C:\windows\System32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 senfilt;senfilt; C:\windows\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-14 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 aiptektp;HyperPen; C:\windows\System32\DRIVERS\aiptektp.sys [2003-11-12 20992]
S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2004-06-02 151985]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\windows\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\windows\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 APR;APR; \??\C:\GamersFirst\KnightOnline\APR.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;Netgroup Packet Filter; C:\windows\System32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2005-05-25 245760]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\System32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\System32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\System32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\System32\DRIVERS\usbsermpt.sys [2006-06-12 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\System32\XDva004.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\System32\XDva007.sys []
S3 XDva273;XDva273; \??\C:\windows\system32\XDva273.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-08-12 719392]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 DJSNETCN;Symantec Licensing Detect Internet Connection; C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2009-06-21 3317292]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usprserv;User Privilege Service; C:\windows\System32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S4 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2004-05-24 322104]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S4 LtcyCfgSvc;PCI Latency Tool Service; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S4 Network Location Manager;Network Location Manager; C:\WINDOWS\system32\lssc.exe []
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

Info:
info.txt logfile of random's system information tool 1.06 2009-08-14 12:33:55

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Arctic Bear v1.4-->"C:\Program Files\3D Arctic Bear\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Absolute Poker-->C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Any Video Converter 2.6.7-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
a-squared Free 2.0-->"C:\Program Files\a-squared Free\unins000.exe"
Asteroid_Base_Music ScreenSaver-->C:\WINDOWS\Asteroid_Base_Music.scr /U
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver (Omega 3.8.442)-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
bet365poker-->"C:\Poker\bet365poker\_SetupCasino.exe" /uninstall
Betfair Poker-->MsiExec.exe /X{D4A6F05B-D32D-4EA3-B288-05894E803225}
BitComet 0.70-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Boylepoker-->C:\PROGRA~1\BOYLES~1\BOYLES~1\UNWISE.EXE C:\PROGRA~1\BOYLES~1\BOYLES~1\INSTALL.LOG
BT Home Hub-->C:\Program Files\BT Home Hub\Uninstall.exe
BT Softphone 1.5.3.6-->"C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Wireless Connection Manager-->C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\common\uninstall.exe
BT Yahoo! Broadband Internet Connection Manager 4.2-->C:\WINDOWS\UnsetupBT Yahoo! Broadband4.2.exe /B:c:\program files\bt yahoo! broadband\dialbbicm4.2.dll
Cameron Mathison Screen Saver-->sstunst2.exe Cameron Mathison
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP460 User Registration-->C:\Program Files\Canon\IJEREG\MP460\UNINST.EXE
Canon MP460-->"C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460 /L0x0009
Canon MP540 series MP Drivers-->"C:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0009
Canon MP540 series User Registration-->C:\Program Files\Canon\IJEREG\MP540 series\UNINST.EXE
Canon S200-->C:\WINDOWS\System32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
coolbuddy Screensaver Hot male-->"C:\Program Files\coolbuddy Screensaver Hot male\unins000.exe"
CoralPoker (remove only)-->"C:\Program Files\CoralPoker\uninstall.exe"
COWON Media Center - jetAudio Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crown My Rooms in Colour 1.1-->c:\MyRoomsInColour\uninst.exe
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
DivX ;-) Audio-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\Tpack.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Driving Test Success 2004-2005-->MsiExec.exe /I{139B3E5A-CA8D-44E8-8ED8-E39D9FA7E355}
DSA Theory Test-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}
DTD Poker-->C:\PROGRA~1\DTDPOK~1\UNWISE.EXE C:\PROGRA~1\DTDPOK~1\INSTALL.LOG
DTD Poker-->C:\WINDOWS\System32\UnPoker.exe DTDPoker
E.M. Youtube Video Download Tool 2.31-->"C:\Program Files\E.M. Youtube Video Download Tool\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EVEREST Corporate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
ffdshow [rev 1309] [2007-06-20]-->"C:\Program Files\ffdshow\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Free Download Manager 2.1-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Video Converter V 1.3-->"C:\Program Files\Free Video Converter\unins000.exe"
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hazard Perception 2004-2005-->MsiExec.exe /I{4645CFF7-898F-427B-AF43-E3E4F08463D8}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Icon Restore 1.0-->C:\WINDOWS\unins000.exe
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Infix-->C:\PROGRA~1\Iceni\Infix\UNWISE.EXE C:\PROGRA~1\Iceni\Infix\INSTALL.LOG
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
iTunes Library Updater-->MsiExec.exe /I{38EE230F-F631-451F-8800-E29F5E5C9E7D}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_bf9f7b\Setup.exe /APR-REMOVE
KSignAccessToolkit v1.0-->C:\WINDOWS\System32\UnInstall_KAccess.exe
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Labtec WebCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Labtec® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Ladbrokes Poker-->C:\Program Files\InstallShield Installation Information\{8273D1F0-1EBE-4C75-BAD8-FED1FA4EAC1C}\setup.exe -runfromtemp -l0x0009 -removeonly
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
Legend Of Ares-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8CA3DF4-1486-4928-BE9E-2AC86A774CBC}\Setup.exe" -l0x9
Lonely-Wet 2 Screen Saver-->sstunst2.exe Lonely-Wet 2
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe
Men Of The Navy Seals Screen Saver-->sstunst2.exe Men Of The Navy Seals
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Music Rescue 3.1.1-->"C:\Program Files\Music Rescue\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Network Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCA9F7DD-524E-47B7-85EE-F2F22BE7B703}\Setup.exe"
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Personal Firewall-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
OutFront Web Template-->C:\OutFrontWebs\rings1\uninstall.exe
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Paddy Power Casino-->C:\Casino\PADDYP~1\UNWISE.EXE C:\Casino\PADDYP~1\INSTALL.LOG
Panda ActiveScan-->C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PC Antispyware 2010-->C:\Program Files\PC_Antispyware2010\Uninstall.exe
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PCI Latency Tool 3-->MsiExec.exe /I{506AD2FA-A52D-4FFB-903E-79DAE1E71D39}
PFConfig 1.0.216-->C:\Program Files\PFConfig\uninst.exe
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PlaneShift-->C:\Program Files\PlaneShift Steel Blue\uninstall.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Pro Motion Trial-->"C:\Program Files\Cosmigo\Pro Motion Trial\Uninstall.exe" "C:\Program Files\Cosmigo\Pro Motion Trial\install.log"
Quick Screen Capture 3.0-->"C:\Program Files\Quick Screen Capture\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riotball-->"C:\Program Files\Riotball\ReflexiveArcade\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\System32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\windows\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\windows\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\windows\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sega Smash Pack 2 © Sega PC-->C:\Neo\Sega2\UNWISE.EXE C:\Neo\Sega2\INSTALL.LOG
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SunPoker.com-->C:\WINDOWS\System32\UnPoker.exe CaribbeanSunPoker
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Tweak-XP Pro 4-->C:\windows\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VIDEOzilla v2.8-->"C:\Program Files\VIDEOzilla\unins000.exe"
VirtuaGuy2-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Tablet Series-->Rmtablet KNL
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

======Security center information======

AV: Kaspersky Anti-Virus

======System event log======

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 10506
Source Name: Service Control Manager
Time Written: 20090628050708.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 45062
Message: CRT invalid display type

Record Number: 10505
Source Name: ati2mtag
Time Written: 20090628050605.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7034
Message: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 10476
Source Name: Service Control Manager
Time Written: 20090628044227.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 10475
Source Name: Service Control Manager
Time Written: 20090628044227.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 45062
Message: CRT invalid display type

Record Number: 10474
Source Name: ati2mtag
Time Written: 20090628044042.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 21
Source Name: LoadPerf
Time Written: 20090630085612.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 12
Source Name: LoadPerf
Time Written: 20090630030924.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 11
Source Name: LoadPerf
Time Written: 20090630030924.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 9
Source Name: LoadPerf
Time Written: 20090630030805.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 8
Source Name: LoadPerf
Time Written: 20090630030805.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#5 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 15 August 2009 - 04:14 PM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you have decided to proceed please follow the steps noted below in the order listed!!!!.

----------------------

Now, do the following:

1. Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • PC Antispyware 2010
  • J2SE Runtime Environment 5.0 Update 6
  • Java™ 6 Update 3
  • Java™ 6 Update 5
  • Java™ 6 Update 7
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer

2. Download ERUNT from Derfisch or MVPS and save it to your desktop.

Please follow Step 4 onwards of the Installing & Using ERUNT to back up your registry. Skip Step 19 for now.

3.Download OTM (by OldTimer) to your Desktop.* Doubleclick OTM.exe to start the tool.
* Copy (select and press Ctrl-C) all of this code:
:Processes
explorer.exe

:Services
Network Location Manager

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-
"braviax"=-
"PC Antispyware 2010"=-

:Files
C:\Program Files\PC_Antispyware2010
C:\Windows\System32\cru629.dat
C:\windows\system32\wisdstr.exe
C:\windows\system32\braviax.exe
C:\Documents and Settings\Administrator\msword98.exe
C:\windows\system32\tmp.txt
C:\rapport.txt
C:\fix.txt
C:\windows\uzomap.bat
C:\windows\system32\regedit.exe
C:\!KillBox
C:\WINDOWS\system32\lssc.exe

:Commands
[emptytemp]
[Reboot]
* Paste the copied text (press Ctrl-V) into the "Paste List of Files/Folders to be moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTM
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

4. Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

5. Go to Virustotal.com
Upload the following file by copy/paste the following (so do not use "Browse"!)): C:\Program Files\vghd\vghd.exe
Wait untill the results appear, and post them in your next reply.

Also do this with the following files:
C:\WINDOWS\System32\STEC3.sys
C:\WINDOWS\System32\XTrapD12.sys


Please also post a new RSIT log. Tell me which problems you still have. Also please tell me which anti-virus program you are using :thumbup2:

#6 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 15 August 2009 - 09:23 PM

Hi, I backed up my registry with erunt, and then removed all the entrys you specified in Add/Remove programs. Can you tell me why you had me remove Java? thanks.

Here are the contents of the log:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver Network Location Manager deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msword98\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PC Antispyware 2010 deleted successfully.
========== FILES ==========
C:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT moved successfully.
C:\Program Files\PC_Antispyware2010\data moved successfully.
C:\Program Files\PC_Antispyware2010 moved successfully.
File/Folder C:\Windows\System32\cru629.dat not found.
File move failed. C:\windows\system32\wisdstr.exe scheduled to be moved on reboot.
File move failed. C:\windows\system32\braviax.exe scheduled to be moved on reboot.
File/Folder C:\Documents and Settings\Administrator\msword98.exe not found.
C:\windows\system32\tmp.txt moved successfully.
C:\rapport.txt moved successfully.
C:\fix.txt moved successfully.
C:\windows\uzomap.bat moved successfully.
File/Folder C:\windows\system32\regedit.exe not found.
C:\!KillBox\PC_antispyware2010\Microsoft.VC80.CRT moved successfully.
C:\!KillBox\PC_antispyware2010\data moved successfully.
Folder move failed. C:\!KillBox\PC_antispyware2010 scheduled to be moved on reboot.
C:\!KillBox\Logs moved successfully.
Folder move failed. C:\!KillBox scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\lssc.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_97c.dat scheduled to be deleted on reboot.
->Temp folder emptied: 2642661 bytes
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 598421 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54065478 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 14209550 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49554 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1119359 bytes
%systemroot%\System32 .tmp files removed: 3644433 bytes
Windows Temp folder emptied: 2151613 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.88 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08162009_031133

Files moved on Reboot...
File C:\windows\system32\wisdstr.exe not found!
File C:\windows\system32\braviax.exe not found!
C:\!KillBox\PC_antispyware2010 moved successfully.
C:\!KillBox moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_97c.dat not found!

Registry entries deleted on Reboot...

Virus total:

File vghd.exe received on 2009.08.16 02:29:21 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)

I'll scan the other 2 files tomorrow.

Edited by Dobbix, 15 August 2009 - 09:24 PM.


#7 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 16 August 2009 - 06:49 AM

so these two files were clean according to virustotal:
C:\Program Files\vghd\vghd.exe
C:\WINDOWS\System32\STEC3.sys

and this one was not found:
C:\WINDOWS\System32\XTrapD12.sys

and new RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-16 12:51:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (24%) free of 78 GB
Total RAM: 1534 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:21, on 16/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Canbet Poker - {13E222A8-206D-43ee-81A2-213EBF3DE13B} - C:\Microgaming\Poker\CanbetPokerMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.prizerebel.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10803 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 1803720]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"AtiPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [2006-07-31 19857408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe [2003-04-01 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-06-02 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-08-31 448040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-09-06 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE [2005-11-10 2080768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
C:\PROGRA~1\BTYAHO~1\BTYAHO~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [1980-01-03 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2005-04-08 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"iPod Service"=3
"Apple Mobile Device"=2
"YPCService"=3
"WMPNetworkSvc"=3
"SPBBCSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Absolute Poker\mainclient.exe"="C:\Program Files\Absolute Poker\mainclient.exe:*:Enabled:Absolute Poker"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\DVR\Network Client\nView4.exe"="C:\Program Files\DVR\Network Client\nView4.exe:*:Enabled:nView4"
"C:\Program Files\DVR\Network Client\DvrPlayer.exe"="C:\Program Files\DVR\Network Client\DvrPlayer.exe:*:Enabled:DvrPlayer"
"C:\Program Files\DTD Poker\UA.exe"="C:\Program Files\DTD Poker\UA.exe:*:Enabled:UA Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SunPoker.com\UA.exe"="C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application"
"C:\Casino\Paddy Power Casino\casino.exe"="C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Update\Cabal\launcher\update\ESTdnheadless.exe"="C:\Update\Cabal\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe"="C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe:*:Enabled:NyxLauncher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-16 03:11:33 ----D---- C:\_OTM
2009-08-16 03:10:26 ----D---- C:\windows\ERDNT
2009-08-16 03:09:54 ----D---- C:\Program Files\ERUNT
2009-08-15 09:12:11 ----A---- C:\windows\tabi.dll
2009-08-15 09:12:11 ----A---- C:\Documents and Settings\All Users\Application Data\ivejugiju.exe
2009-08-15 09:12:11 ----A---- C:\Documents and Settings\All Users\Application Data\fuwyvij.com
2009-08-14 12:38:54 ----D---- C:\Program Files\Guild Wars
2009-08-14 12:33:42 ----D---- C:\Program Files\trend micro
2009-08-14 12:33:41 ----D---- C:\rsit
2009-08-12 23:41:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-12 23:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-12 23:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 16:55:15 ----D---- C:\Program Files\PlaneShift Steel Blue
2009-08-12 12:58:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-08-12 12:58:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-08-12 12:58:38 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-08-12 12:58:37 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-10 14:04:38 ----D---- C:\AeriaGames
2009-08-09 17:16:42 ----A---- C:\windows\system32\usbaaplrc.dll
2009-08-09 15:31:23 ----D---- C:\Program Files\iTunes Library Updater
2009-08-07 18:58:07 ----D---- C:\windows\.jagex_cache_32

======List of files/folders modified in the last 1 months======

2009-08-16 12:51:20 ----D---- C:\windows\Prefetch
2009-08-16 12:50:42 ----D---- C:\windows\Temp
2009-08-16 12:48:18 ----D---- C:\windows\system32
2009-08-16 12:48:18 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-16 12:46:19 ----D---- C:\Program Files\Mozilla Firefox
2009-08-16 12:45:48 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-16 03:29:20 ----A---- C:\windows\SchedLgU.Txt
2009-08-16 03:12:01 ----D---- C:\WINDOWS
2009-08-16 03:11:38 ----RD---- C:\Program Files
2009-08-16 03:08:16 ----SHD---- C:\windows\Installer
2009-08-16 03:08:16 ----HD---- C:\Config.Msi
2009-08-16 03:08:09 ----D---- C:\Program Files\Java
2009-08-15 11:58:52 ----D---- C:\windows\system32\config
2009-08-15 09:12:11 ----D---- C:\Program Files\Common Files
2009-08-14 13:01:25 ----RSHDC---- C:\windows\system32\dllcache
2009-08-14 12:38:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-14 12:30:08 ----D---- C:\windows\system32\CatRoot2
2009-08-14 12:30:07 ----D---- C:\windows\system32\drivers
2009-08-14 12:30:07 ----D---- C:\windows\Drivers
2009-08-13 19:07:14 ----D---- C:\Program Files\a-squared Free
2009-08-13 16:56:32 ----A---- C:\windows\ntbtlog.txt
2009-08-13 15:59:10 ----SHD---- C:\System Volume Information
2009-08-13 15:59:10 ----D---- C:\windows\system32\Restore
2009-08-13 14:35:43 ----D---- C:\Program Files\CarbonPoker
2009-08-13 12:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 12:45:43 ----D---- C:\windows\Minidump
2009-08-13 10:55:23 ----D---- C:\windows\system32\CatRoot
2009-08-13 10:53:38 ----HD---- C:\windows\inf
2009-08-13 01:35:34 ----D---- C:\Program Files\Kaspersky Lab
2009-08-13 01:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-13 01:24:35 ----SHD---- C:\windows\CSC
2009-08-13 00:43:10 ----A---- C:\windows\win.ini
2009-08-13 00:43:10 ----A---- C:\windows\system.ini
2009-08-12 21:22:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 21:20:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-08-12 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2009-08-12 16:50:03 ----D---- C:\Downloads
2009-08-12 16:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 15:40:37 ----D---- C:\Program Files\Softnyx
2009-08-10 15:01:42 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-09 17:41:23 ----D---- C:\Program Files\QuickTime
2009-08-09 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-09 17:17:12 ----DC---- C:\windows\system32\DRVSTORE
2009-08-09 17:16:55 ----D---- C:\windows\system32\ReinstallBackups
2009-08-09 15:12:16 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-07-31 12:27:27 ----A---- C:\windows\GunzLauncher.INI
2009-07-30 13:01:10 ----D---- C:\Program Files\PokerStars
2009-07-17 16:09:55 ----D---- C:\Program Files\ATITool

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\windows\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-08-13 296976]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\System32\Drivers\nvport.sys []
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-04-28 5632]
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service; C:\windows\System32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2005-10-17 9856]
R3 PID_0928;Labtec WebCam(PID_0928); C:\windows\System32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 senfilt;senfilt; C:\windows\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-14 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 aiptektp;HyperPen; C:\windows\System32\DRIVERS\aiptektp.sys [2003-11-12 20992]
S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2004-06-02 151985]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\windows\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\windows\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 APR;APR; \??\C:\GamersFirst\KnightOnline\APR.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;Netgroup Packet Filter; C:\windows\System32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2005-05-25 245760]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\System32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\System32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\System32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\System32\DRIVERS\usbsermpt.sys [2006-06-12 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\System32\XDva004.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\System32\XDva007.sys []
S3 XDva273;XDva273; \??\C:\windows\system32\XDva273.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-08-12 719392]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 DJSNETCN;Symantec Licensing Detect Internet Connection; C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2009-06-21 3317292]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usprserv;User Privilege Service; C:\windows\System32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
S4 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2004-05-24 322104]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S4 LtcyCfgSvc;PCI Latency Tool Service; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

I quarantined the pc antispyware 2010 files that kept reappearing on start up using kaspersky 2010 and it no longer loads up at start up which is a good sign, but im still worried that I may have malware still lurking somewhere.
Also when the computer starts up it shows the desktop wallpaper on its own for about 30 seconds before the taskbar and desktop icons appear, I have been advised that this is caused by svchost.exe error or something. Do you know anything about that?
Thanks.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 August 2009 - 04:53 AM

Hi,

First some answers on your questions:

Can you tell me why you had me remove Java?

I did let you do this because your versions were very outdated. Those outdated versions have leaks, and make your PC vulnerable for malware. Once your computer is clean, I will give you instructions for installing the latest version of Java.

I quarantined the pc antispyware 2010 files that kept reappearing on start up using kaspersky 2010 and it no longer loads up at start up which is a good sign, but im still worried that I may have malware still lurking somewhere.

You aren't clean yet. I will tell you when your PC looks clean.

Also when the computer starts up it shows the desktop wallpaper on its own for about 30 seconds before the taskbar and desktop icons appear, I have been advised that this is caused by svchost.exe error or something. Do you know anything about that?

I think this is just caused by a slow boot up process. I don't think this is an error in svchost.exe.

-------------

Please, do this:

1. * Doubleclick on OTM.exe to start the tool.
* Copy (select and press Ctrl-C) all of this bold code:
:Processes
explorer.exe

:Files
C:\windows\tabi.dll
C:\Documents and Settings\All Users\Application Data\ivejugiju.exe
C:\Documents and Settings\All Users\Application Data\fuwyvij.com

:Commands
[emptytemp]
[Reboot]
* Paste the copied text (press Ctrl-V) into the "Paste List of Files/Folders to be moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTM
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

2. Peer2peer Program WARNING

Your logs show that you are using peer2peer software. This is software that you can use to download programs, music, etc.
The BleepingComputer.com staff does not advise to use these programs. This, because there is much malware present in the search results you get when you want to download something. So you have a higher risk to get malware when you use Peer2peer software.
If you agree with this, I recommend you to uninstall the following P2P programs:
  • Azureus
  • BitComet 0.70
3. Poker Program WARNING

Your logs show that you have been visiting online poker sites with applets installed on your computer. I know that you may use these programs on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose.
There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:
  • Go to Start > Control Panel > Add or Remove Programs.
  • Remove the following poker programs (if they are present):
    Absolute Poker
    bet365poker
    Betfair Poker
    Boylepoker
    CoralPoker
    Doyles Room Poker
    DTD Poker
    Full Tilt Poker
    Ladbrokes Poker
    Pacific Poker
    Paddy Power Casino
    PartyPoker
    PokerStars
    SunPoker.com
If you are unsure of how to use Add or Remove Programs, the please see this tutorial

4. I see you are using Megaupload Toolbar
By a part of the researchers this is considered spyware. See also here please.
I recommend you to uninstall that toolbar.

5. I see you are using Orbit Downloader
There are some issues with Orbit Downloader, like possible phone home behaviour, and a 404 error page hijacking to Orbit search page.
I recommend you to uninstall it.

6. Reboot your computer.

7. Post a new RSIT logfile.

Also please answer the following questions:
  • What anti-virus program are you using?
  • What is this program?: KSignAccessToolkit v1.0
  • Did you run Malwarebytes' Anti-Malware? If so, please go to the "Logs" tab in the program, and copy the logfile into your next post. If not, please tell me.
  • Have you installed these programs yourself?:
  • Cameron Mathison Screen Saver
  • VirtuaGuy2
  • coolbuddy Screensaver Hot male
  • Lonely-Wet 2 Screen Saver


#9 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 August 2009 - 09:24 AM

OTM report:
->FireFox cache emptied: 56707165 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 396184 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.81 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08172009_150815

Files moved on Reboot...

Registry entries deleted on Reboot...

2. Peer2peer Program WARNING

I didn't realise I still had BitComet installed, I will remove it. However i've been using Azureus for over a year and never had any viruses off it, so I'll keep it as I like to download stuff with it.

3. Poker Program WARNING

This is a family computer, and I am not the one that uses these poker applications, and my brother really wouldn't be pleased if I removed them on him, so I can't really do that.


4. I see you are using Megaupload Toolbar
I will uninstall that now.

5. I see you are using Orbit Downloader
I've never had any problems with it, but I will uninstall it and download a new download manager if you think that's wise, which one do you recommend?

7. Post a new RSIT logfile.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-17 15:27:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (24%) free of 78 GB
Total RAM: 1534 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:37, on 17/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\RunOnce: [megauploadtoolbar] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tbuninstall.exe -df "C:\Program Files\MegauploadToolbar\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Canbet Poker - {13E222A8-206D-43ee-81A2-213EBF3DE13B} - C:\Microgaming\Poker\CanbetPokerMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.prizerebel.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10911 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"AtiPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"megauploadtoolbar"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tbuninstall.exe [2006-09-05 71432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [2006-07-31 19857408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe [2003-04-01 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-06-02 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-08-31 448040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-09-06 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
C:\PROGRA~1\BTYAHO~1\BTYAHO~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [1980-01-03 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2005-04-08 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"iPod Service"=3
"Apple Mobile Device"=2
"YPCService"=3
"WMPNetworkSvc"=3
"SPBBCSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Absolute Poker\mainclient.exe"="C:\Program Files\Absolute Poker\mainclient.exe:*:Enabled:Absolute Poker"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\DVR\Network Client\nView4.exe"="C:\Program Files\DVR\Network Client\nView4.exe:*:Enabled:nView4"
"C:\Program Files\DVR\Network Client\DvrPlayer.exe"="C:\Program Files\DVR\Network Client\DvrPlayer.exe:*:Enabled:DvrPlayer"
"C:\Program Files\DTD Poker\UA.exe"="C:\Program Files\DTD Poker\UA.exe:*:Enabled:UA Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SunPoker.com\UA.exe"="C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application"
"C:\Casino\Paddy Power Casino\casino.exe"="C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Update\Cabal\launcher\update\ESTdnheadless.exe"="C:\Update\Cabal\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe"="C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe:*:Enabled:NyxLauncher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\PlaneShift
2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\CrystalSpace
2009-08-16 14:16:25 ----D---- C:\Documents and Settings\Administrator\Application Data\atitray
2009-08-16 03:11:33 ----D---- C:\_OTM
2009-08-16 03:10:26 ----D---- C:\windows\ERDNT
2009-08-16 03:09:54 ----D---- C:\Program Files\ERUNT
2009-08-14 12:38:54 ----D---- C:\Program Files\Guild Wars
2009-08-14 12:33:42 ----D---- C:\Program Files\trend micro
2009-08-14 12:33:41 ----D---- C:\rsit
2009-08-12 23:41:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-12 23:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-12 23:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 16:55:15 ----D---- C:\Program Files\PlaneShift Steel Blue
2009-08-12 12:58:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-08-12 12:58:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-08-12 12:58:38 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-08-12 12:58:37 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-10 14:04:38 ----D---- C:\AeriaGames
2009-08-09 17:16:42 ----A---- C:\windows\system32\usbaaplrc.dll
2009-08-09 15:31:23 ----D---- C:\Program Files\iTunes Library Updater
2009-08-07 18:58:07 ----D---- C:\windows\.jagex_cache_32

======List of files/folders modified in the last 1 months======

2009-08-17 15:27:20 ----D---- C:\windows\Prefetch
2009-08-17 15:27:17 ----RD---- C:\Program Files
2009-08-17 15:27:17 ----D---- C:\windows\system32
2009-08-17 15:22:30 ----D---- C:\windows\Temp
2009-08-17 15:18:52 ----D---- C:\Program Files\BitComet
2009-08-17 15:15:22 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-17 15:12:40 ----D---- C:\Program Files\Mozilla Firefox
2009-08-17 15:11:57 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-17 15:08:56 ----A---- C:\windows\SchedLgU.Txt
2009-08-17 15:08:27 ----D---- C:\WINDOWS
2009-08-16 16:20:29 ----D---- C:\windows\system32\drivers
2009-08-16 16:20:06 ----A---- C:\windows\GunzLauncher.INI
2009-08-16 03:08:16 ----SHD---- C:\windows\Installer
2009-08-16 03:08:16 ----HD---- C:\Config.Msi
2009-08-16 03:08:09 ----D---- C:\Program Files\Java
2009-08-15 11:58:52 ----D---- C:\windows\system32\config
2009-08-15 09:12:11 ----D---- C:\Program Files\Common Files
2009-08-14 13:01:25 ----RSHDC---- C:\windows\system32\dllcache
2009-08-14 12:38:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-14 12:30:08 ----D---- C:\windows\system32\CatRoot2
2009-08-14 12:30:07 ----D---- C:\windows\Drivers
2009-08-13 19:07:14 ----D---- C:\Program Files\a-squared Free
2009-08-13 16:56:32 ----A---- C:\windows\ntbtlog.txt
2009-08-13 15:59:10 ----SHD---- C:\System Volume Information
2009-08-13 15:59:10 ----D---- C:\windows\system32\Restore
2009-08-13 14:35:43 ----D---- C:\Program Files\CarbonPoker
2009-08-13 12:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 12:45:43 ----D---- C:\windows\Minidump
2009-08-13 10:55:23 ----D---- C:\windows\system32\CatRoot
2009-08-13 10:53:38 ----HD---- C:\windows\inf
2009-08-13 01:35:34 ----D---- C:\Program Files\Kaspersky Lab
2009-08-13 01:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-13 01:24:35 ----SHD---- C:\windows\CSC
2009-08-13 00:43:10 ----A---- C:\windows\win.ini
2009-08-13 00:43:10 ----A---- C:\windows\system.ini
2009-08-12 21:22:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 21:20:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-08-12 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2009-08-12 16:50:03 ----D---- C:\Downloads
2009-08-12 16:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 15:40:37 ----D---- C:\Program Files\Softnyx
2009-08-10 15:01:42 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-09 17:41:23 ----D---- C:\Program Files\QuickTime
2009-08-09 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-09 17:17:12 ----DC---- C:\windows\system32\DRVSTORE
2009-08-09 17:16:55 ----D---- C:\windows\system32\ReinstallBackups
2009-08-09 15:12:16 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-07-30 13:01:10 ----D---- C:\Program Files\PokerStars

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\windows\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-08-13 296976]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\System32\Drivers\nvport.sys []
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-04-28 5632]
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service; C:\windows\System32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2005-10-17 9856]
R3 PID_0928;Labtec WebCam(PID_0928); C:\windows\System32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 senfilt;senfilt; C:\windows\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-14 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 aiptektp;HyperPen; C:\windows\System32\DRIVERS\aiptektp.sys [2003-11-12 20992]
S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2004-06-02 151985]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\windows\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\windows\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 APR;APR; \??\C:\GamersFirst\KnightOnline\APR.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;Netgroup Packet Filter; C:\windows\System32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2005-05-25 245760]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\System32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\System32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\System32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\System32\DRIVERS\usbsermpt.sys [2006-06-12 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\System32\XDva004.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\System32\XDva007.sys []
S3 XDva273;XDva273; \??\C:\windows\system32\XDva273.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-08-12 719392]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 DJSNETCN;Symantec Licensing Detect Internet Connection; C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2009-06-21 3317292]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usprserv;User Privilege Service; C:\windows\System32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
S4 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2004-05-24 322104]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S4 LtcyCfgSvc;PCI Latency Tool Service; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------



Your questions:
What anti-virus program are you using?: Kaspersky Anti-Virus 9.0.0.459
What is this program?: KSignAccessToolkit v1.0: I believe this was an activeX plug-in that I had to install when I downloaded the game Trickster.
Malware bytes logs:
This was the first scan i did with it:
Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 5.1.2600 Service Pack 3 (Safe Mode)

13/08/2009 00:47:49
mbam-log-2009-08-13 (00-47-48).txt

Scan type: Quick Scan
Objects scanned: 96930
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 22
Files Infected: 428

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\VideoEgg\Loader\2364\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\2396\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv541250024935.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

and this is one about 4 hours after that scan:
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts\SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\My Documents\SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GIYEQNLO\Install[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Poker\BlueSquare Poker\_SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Poker\Green Joker Poker\_SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Poker\Paddy Power Poker\_SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Poker\Victor Chandler\_SetupPoker.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Have you installed these programs yourself?:

* Cameron Mathison Screen Saver
* VirtuaGuy2
* coolbuddy Screensaver Hot male
* Lonely-Wet 2 Screen Saver

I didn't install any of them myself, and I will uninstall them now.

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 August 2009 - 12:06 PM

Hi,

I've never had any problems with it, but I will uninstall it and download a new download manager if you think that's wise, which one do you recommend?

There are several download managers available. You have to choose for yourself which one you like. But Orbit has some bad sides, so that's why I did let you uninstall it.
I also see you have "Free Download Manager" installed. Maybe you can use that one?

I didn't install any of them myself, and I will uninstall them now.

Yes do so please. After this, please reboot your computer. Then, give me a new RSIT logfile. :thumbup2:

Also please post the most recent log from OTM. You can find it in this format: C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log
Which problems do you still have?

#11 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 August 2009 - 06:18 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-22 12:21:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (21%) free of 78 GB
Total RAM: 1534 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:08, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Canbet Poker - {13E222A8-206D-43ee-81A2-213EBF3DE13B} - C:\Microgaming\Poker\CanbetPokerMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.prizerebel.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11081 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"AtiPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [2006-07-31 19857408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe [2003-04-01 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-06-02 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-08-31 448040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-09-06 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
C:\PROGRA~1\BTYAHO~1\BTYAHO~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [1980-01-03 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2005-04-08 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"iPod Service"=3
"Apple Mobile Device"=2
"YPCService"=3
"WMPNetworkSvc"=3
"SPBBCSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Absolute Poker\mainclient.exe"="C:\Program Files\Absolute Poker\mainclient.exe:*:Enabled:Absolute Poker"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\DVR\Network Client\nView4.exe"="C:\Program Files\DVR\Network Client\nView4.exe:*:Enabled:nView4"
"C:\Program Files\DVR\Network Client\DvrPlayer.exe"="C:\Program Files\DVR\Network Client\DvrPlayer.exe:*:Enabled:DvrPlayer"
"C:\Program Files\DTD Poker\UA.exe"="C:\Program Files\DTD Poker\UA.exe:*:Enabled:UA Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SunPoker.com\UA.exe"="C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application"
"C:\Casino\Paddy Power Casino\casino.exe"="C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Update\Cabal\launcher\update\ESTdnheadless.exe"="C:\Update\Cabal\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe"="C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe:*:Enabled:NyxLauncher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-20 18:53:28 ----D---- C:\Program Files\World of Warcraft.temp
2009-08-20 18:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\PlaneShift
2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\CrystalSpace
2009-08-16 14:16:25 ----D---- C:\Documents and Settings\Administrator\Application Data\atitray
2009-08-16 03:11:33 ----D---- C:\_OTM
2009-08-16 03:10:26 ----D---- C:\windows\ERDNT
2009-08-16 03:09:54 ----D---- C:\Program Files\ERUNT
2009-08-14 12:38:54 ----D---- C:\Program Files\Guild Wars
2009-08-14 12:33:42 ----D---- C:\Program Files\trend micro
2009-08-14 12:33:41 ----D---- C:\rsit
2009-08-12 23:41:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-12 23:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-12 23:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 12:58:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-08-12 12:58:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-08-12 12:58:38 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-08-12 12:58:37 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-10 14:04:38 ----D---- C:\AeriaGames
2009-08-09 17:16:42 ----A---- C:\windows\system32\usbaaplrc.dll
2009-08-09 15:31:23 ----D---- C:\Program Files\iTunes Library Updater
2009-08-07 18:58:07 ----D---- C:\windows\.jagex_cache_32

======List of files/folders modified in the last 1 months======

2009-08-22 12:20:26 ----D---- C:\windows\Temp
2009-08-22 11:51:54 ----D---- C:\windows\system32
2009-08-22 11:51:54 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-22 11:51:07 ----D---- C:\Program Files\Mozilla Firefox
2009-08-22 11:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-22 09:41:40 ----A---- C:\windows\SchedLgU.Txt
2009-08-21 22:36:26 ----D---- C:\windows\Prefetch
2009-08-20 19:05:33 ----D---- C:\windows\system32\CatRoot2
2009-08-20 18:53:28 ----RD---- C:\Program Files
2009-08-20 18:50:15 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-17 15:18:52 ----D---- C:\Program Files\BitComet
2009-08-17 15:08:27 ----D---- C:\WINDOWS
2009-08-16 16:20:29 ----D---- C:\windows\system32\drivers
2009-08-16 16:20:06 ----A---- C:\windows\GunzLauncher.INI
2009-08-16 03:08:16 ----SHD---- C:\windows\Installer
2009-08-16 03:08:16 ----HD---- C:\Config.Msi
2009-08-16 03:08:09 ----D---- C:\Program Files\Java
2009-08-15 11:58:52 ----D---- C:\windows\system32\config
2009-08-15 09:12:11 ----D---- C:\Program Files\Common Files
2009-08-14 13:01:25 ----RSHDC---- C:\windows\system32\dllcache
2009-08-14 12:38:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-14 12:30:07 ----D---- C:\windows\Drivers
2009-08-13 19:07:14 ----D---- C:\Program Files\a-squared Free
2009-08-13 16:56:32 ----A---- C:\windows\ntbtlog.txt
2009-08-13 15:59:10 ----SHD---- C:\System Volume Information
2009-08-13 15:59:10 ----D---- C:\windows\system32\Restore
2009-08-13 14:35:43 ----D---- C:\Program Files\CarbonPoker
2009-08-13 12:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 12:45:43 ----D---- C:\windows\Minidump
2009-08-13 10:55:23 ----D---- C:\windows\system32\CatRoot
2009-08-13 10:53:38 ----HD---- C:\windows\inf
2009-08-13 01:35:34 ----D---- C:\Program Files\Kaspersky Lab
2009-08-13 01:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-13 01:24:35 ----SHD---- C:\windows\CSC
2009-08-13 00:43:10 ----A---- C:\windows\win.ini
2009-08-13 00:43:10 ----A---- C:\windows\system.ini
2009-08-12 21:22:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 21:20:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-08-12 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2009-08-12 16:50:03 ----D---- C:\Downloads
2009-08-12 16:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 15:40:37 ----D---- C:\Program Files\Softnyx
2009-08-09 17:41:23 ----D---- C:\Program Files\QuickTime
2009-08-09 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-09 17:17:12 ----DC---- C:\windows\system32\DRVSTORE
2009-08-09 17:16:55 ----D---- C:\windows\system32\ReinstallBackups
2009-08-09 15:12:16 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-07-30 13:01:10 ----D---- C:\Program Files\PokerStars

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\windows\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-08-13 296976]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\System32\Drivers\nvport.sys []
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-04-28 5632]
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service; C:\windows\System32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2005-10-17 9856]
R3 PID_0928;Labtec WebCam(PID_0928); C:\windows\System32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
R3 senfilt;senfilt; C:\windows\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-14 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 aiptektp;HyperPen; C:\windows\System32\DRIVERS\aiptektp.sys [2003-11-12 20992]
S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2004-06-02 151985]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\windows\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\windows\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 APR;APR; \??\C:\GamersFirst\KnightOnline\APR.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;Netgroup Packet Filter; C:\windows\System32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2005-05-25 245760]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\System32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\System32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\System32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\System32\DRIVERS\usbsermpt.sys [2006-06-12 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\System32\XDva004.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\System32\XDva007.sys []
S3 XDva273;XDva273; \??\C:\windows\system32\XDva273.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-08-12 719392]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 DJSNETCN;Symantec Licensing Detect Internet Connection; C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2009-06-21 3317292]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usprserv;User Privilege Service; C:\windows\System32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S4 LtcyCfgSvc;PCI Latency Tool Service; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 396184 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 64.81 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08172009_150815

Files moved on Reboot...

Registry entries deleted on Reboot...


I don't really have any problems at the minute.

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 23 August 2009 - 05:16 AM

Hi,

First, delete this file:
C:\rsit\info.txt

Then, run RSIT again, and post log.txt and info.txt in your next reply. :thumbup2:

#13 Dobbix

Dobbix
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 August 2009 - 03:55 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-24 09:59:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (21%) free of 78 GB
Total RAM: 1534 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:07, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\windows\system32\drivers\KodakCCS.exe
C:\windows\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\windows\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Canbet Poker - {13E222A8-206D-43ee-81A2-213EBF3DE13B} - C:\Microgaming\Poker\CanbetPokerMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Boylepoker Poker - {F313D2F6-B79E-4654-BC77-D14C93FC8947} - C:\Program Files\boylesportspokercomMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Administrator\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.prizerebel.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Compone...EngineQuery.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11044 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-09-29 440384]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=SiSPower.dll,ModeAgent []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"AtiPTA"=C:\windows\system32\atiptaxx.exe [2006-02-22 344064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"avp"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\windows\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe [2006-07-31 19857408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [2006-08-21 2068527]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe [2003-04-01 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe [2004-12-14 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe [2004-12-14 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-05-28 23458344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-06-02 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-06-23 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [2005-08-31 2478080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2006-08-31 448040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl HD.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-09-06 11875648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^VirtuaGuy2.lnk]
C:\PROGRA~1\VIRTUA~1\VIRTUA~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Yahoo! Help.lnk]
C:\PROGRA~1\BTYAHO~1\BTYAHO~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [1980-01-03 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2005-04-08 266240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"iPod Service"=3
"Apple Mobile Device"=2
"YPCService"=3
"WMPNetworkSvc"=3
"SPBBCSvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\windows\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Absolute Poker\mainclient.exe"="C:\Program Files\Absolute Poker\mainclient.exe:*:Enabled:Absolute Poker"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\Program Files\DVR\Network Client\nView4.exe"="C:\Program Files\DVR\Network Client\nView4.exe:*:Enabled:nView4"
"C:\Program Files\DVR\Network Client\DvrPlayer.exe"="C:\Program Files\DVR\Network Client\DvrPlayer.exe:*:Enabled:DvrPlayer"
"C:\Program Files\DTD Poker\UA.exe"="C:\Program Files\DTD Poker\UA.exe:*:Enabled:UA Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\SunPoker.com\UA.exe"="C:\Program Files\SunPoker.com\UA.exe:*:Enabled:UA Application"
"C:\Casino\Paddy Power Casino\casino.exe"="C:\Casino\Paddy Power Casino\casino.exe:*:Enabled:casino"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Update\Cabal\launcher\update\ESTdnheadless.exe"="C:\Update\Cabal\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe"="C:\Program Files\Softnyx\RakionIS\NyxLauncher.exe:*:Enabled:NyxLauncher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-08-20 18:53:28 ----D---- C:\Program Files\World of Warcraft.temp
2009-08-20 18:52:27 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\PlaneShift
2009-08-16 16:12:05 ----D---- C:\Documents and Settings\Administrator\Application Data\CrystalSpace
2009-08-16 14:16:25 ----D---- C:\Documents and Settings\Administrator\Application Data\atitray
2009-08-16 03:11:33 ----D---- C:\_OTM
2009-08-16 03:10:26 ----D---- C:\windows\ERDNT
2009-08-16 03:09:54 ----D---- C:\Program Files\ERUNT
2009-08-14 12:38:54 ----D---- C:\Program Files\Guild Wars
2009-08-14 12:33:42 ----D---- C:\Program Files\trend micro
2009-08-14 12:33:41 ----D---- C:\rsit
2009-08-12 23:41:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-12 23:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-12 23:41:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-12 12:58:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-08-12 12:58:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-08-12 12:58:38 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-08-12 12:58:37 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-08-10 14:04:38 ----D---- C:\AeriaGames
2009-08-09 17:16:42 ----A---- C:\windows\system32\usbaaplrc.dll
2009-08-09 15:31:23 ----D---- C:\Program Files\iTunes Library Updater
2009-08-07 18:58:07 ----D---- C:\windows\.jagex_cache_32

======List of files/folders modified in the last 1 months======

2009-08-24 09:58:18 ----D---- C:\windows\Temp
2009-08-24 09:57:06 ----D---- C:\windows\system32
2009-08-24 09:57:06 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-08-24 09:40:37 ----D---- C:\Program Files\Mozilla Firefox
2009-08-24 09:34:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-08-24 00:24:42 ----A---- C:\windows\SchedLgU.Txt
2009-08-23 22:41:05 ----D---- C:\windows\Prefetch
2009-08-23 14:44:16 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2009-08-22 15:50:59 ----D---- C:\Program Files\PokerStars
2009-08-20 19:05:33 ----D---- C:\windows\system32\CatRoot2
2009-08-20 18:53:28 ----RD---- C:\Program Files
2009-08-20 18:50:15 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-08-17 15:18:52 ----D---- C:\Program Files\BitComet
2009-08-17 15:08:27 ----D---- C:\WINDOWS
2009-08-16 16:20:29 ----D---- C:\windows\system32\drivers
2009-08-16 16:20:06 ----A---- C:\windows\GunzLauncher.INI
2009-08-16 03:08:16 ----SHD---- C:\windows\Installer
2009-08-16 03:08:16 ----HD---- C:\Config.Msi
2009-08-16 03:08:09 ----D---- C:\Program Files\Java
2009-08-15 11:58:52 ----D---- C:\windows\system32\config
2009-08-15 09:12:11 ----D---- C:\Program Files\Common Files
2009-08-14 13:01:25 ----RSHDC---- C:\windows\system32\dllcache
2009-08-14 12:38:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-14 12:30:07 ----D---- C:\windows\Drivers
2009-08-13 19:07:14 ----D---- C:\Program Files\a-squared Free
2009-08-13 16:56:32 ----A---- C:\windows\ntbtlog.txt
2009-08-13 15:59:10 ----SHD---- C:\System Volume Information
2009-08-13 15:59:10 ----D---- C:\windows\system32\Restore
2009-08-13 14:35:43 ----D---- C:\Program Files\CarbonPoker
2009-08-13 12:46:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 12:45:43 ----D---- C:\windows\Minidump
2009-08-13 10:55:23 ----D---- C:\windows\system32\CatRoot
2009-08-13 10:53:38 ----HD---- C:\windows\inf
2009-08-13 01:35:34 ----D---- C:\Program Files\Kaspersky Lab
2009-08-13 01:25:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-08-13 01:24:35 ----SHD---- C:\windows\CSC
2009-08-13 00:43:10 ----A---- C:\windows\win.ini
2009-08-13 00:43:10 ----A---- C:\windows\system.ini
2009-08-12 21:22:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-12 21:20:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-08-12 17:31:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
2009-08-12 16:50:03 ----D---- C:\Downloads
2009-08-12 16:01:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 15:40:37 ----D---- C:\Program Files\Softnyx
2009-08-09 17:41:23 ----D---- C:\Program Files\QuickTime
2009-08-09 17:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-09 17:17:12 ----DC---- C:\windows\system32\DRVSTORE
2009-08-09 17:16:55 ----D---- C:\windows\system32\ReinstallBackups
2009-08-09 15:12:16 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\windows\System32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 DcCam;Kodak Camera Proxy; C:\windows\System32\DRIVERS\DcCam.sys [2004-05-20 36918]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2009-08-13 296976]
R1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\System32\Drivers\nvport.sys []
R1 SiSkp;SiSkp; C:\windows\System32\DRIVERS\srvkp.sys [2005-05-25 11904]
R1 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-04-28 5632]
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DCFS2K;Kodak DCFS2K Driver; C:\windows\system32\drivers\dcfs2k.sys [2004-06-02 38705]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2009-02-25 3565568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\windows\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service; C:\windows\System32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2005-10-17 9856]
R3 senfilt;senfilt; C:\windows\system32\drivers\senfilt.sys [2005-03-01 392704]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\windows\System32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\windows\System32\DRIVERS\usb8023.sys [2008-04-14 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 aiptektp;HyperPen; C:\windows\System32\DRIVERS\aiptektp.sys [2003-11-12 20992]
S1 Exportit;Exportit; C:\windows\System32\DRIVERS\exportit.sys [2004-06-02 151985]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\windows\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\windows\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 APR;APR; \??\C:\GamersFirst\KnightOnline\APR.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DcFpoint;DcFpoint; C:\windows\System32\DRIVERS\DcFpoint.sys [2004-05-20 61564]
S3 DcLps;Legacy Polling Service; C:\windows\System32\DRIVERS\DcLps.sys [2004-05-20 8022]
S3 DcPTP;dcptp; C:\windows\System32\DRIVERS\DcPTP.sys [2004-05-20 68950]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\System32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\System32\DRIVERS\ENTECH.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\lvusbsta.sys [2004-10-11 22016]
S3 MidiSyn;MidiSyn; C:\windows\system32\drivers\MidiSyn.sys [2004-09-14 88960]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NPF;Netgroup Packet Filter; C:\windows\System32\DRIVERS\npf.sys [2007-06-29 42512]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
S3 PID_0928;Labtec WebCam(PID_0928); C:\windows\System32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
S3 SiS315;SiS315; C:\windows\System32\DRIVERS\sisgrp.sys [2005-05-25 245760]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\System32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\System32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\System32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\windows\System32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\windows\System32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\windows\System32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060901.084\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\windows\System32\DRIVERS\usbsermpt.sys [2006-06-12 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva004;XDva004; \??\C:\WINDOWS\System32\XDva004.sys []
S3 XDva007;XDva007; \??\C:\WINDOWS\System32\XDva007.sys []
S3 XDva273;XDva273; \??\C:\windows\system32\XDva273.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\System32\XTrapD12.sys []
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-08-12 719392]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2009-02-25 602112]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2008-04-14 14336]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 KodakCCS;Kodak Camera Connection Software; C:\windows\system32\drivers\KodakCCS.exe [2004-05-24 322104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UxTuneUp;TuneUp Theme Extension; C:\windows\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 DJSNETCN;Symantec Licensing Detect Internet Connection; C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2006-06-01 155715]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-04-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2009-06-21 3317292]
S3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S3 usprserv;User Privilege Service; C:\windows\System32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S4 LtcyCfgSvc;PCI Latency Tool Service; C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-26 5120]
S4 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe []
S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe []
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------












info.txt logfile of random's system information tool 1.06 2009-08-24 09:59:12

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Arctic Bear v1.4-->"C:\Program Files\3D Arctic Bear\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Absolute Poker-->C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Any Video Converter 2.6.7-->"C:\Program Files\Any Video Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
a-squared Free 2.0-->"C:\Program Files\a-squared Free\unins000.exe"
Asteroid_Base_Music ScreenSaver-->C:\WINDOWS\Asteroid_Base_Music.scr /U
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver (Omega 3.8.442)-->rundll32 C:\windows\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
bet365poker-->"C:\Poker\bet365poker\_SetupCasino.exe" /uninstall
Betfair Poker-->MsiExec.exe /X{D4A6F05B-D32D-4EA3-B288-05894E803225}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Boylepoker-->C:\PROGRA~1\BOYLES~1\BOYLES~1\UNWISE.EXE C:\PROGRA~1\BOYLES~1\BOYLES~1\INSTALL.LOG
BT Home Hub-->C:\Program Files\BT Home Hub\Uninstall.exe
BT Softphone 1.5.3.6-->"C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Wireless Connection Manager-->C:\Program Files\Common Files\Motive\InstallHelper.exe /dir=C:\Program Files\Common Files\Motive /uninstallvendor=btbb_wcm /uninstallkey=BT Wireless Connection Manager
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\common\uninstall.exe
BT Yahoo! Broadband Internet Connection Manager 4.2-->C:\WINDOWS\UnsetupBT Yahoo! Broadband4.2.exe /B:c:\program files\bt yahoo! broadband\dialbbicm4.2.dll
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP460 User Registration-->C:\Program Files\Canon\IJEREG\MP460\UNINST.EXE
Canon MP460-->"C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460 /L0x0009
Canon MP540 series MP Drivers-->"C:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0009
Canon MP540 series User Registration-->C:\Program Files\Canon\IJEREG\MP540 series\UNINST.EXE
Canon S200-->C:\WINDOWS\System32\CNMCP3W.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\DeIsL1.isu" -pCanon S200-c"C:\BJPrinter\CNMWINDOWS\Canon S200 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoralPoker (remove only)-->"C:\Program Files\CoralPoker\uninstall.exe"
COWON Media Center - jetAudio Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\windows\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crown My Rooms in Colour 1.1-->c:\MyRoomsInColour\uninst.exe
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
DivX ;-) Audio-->C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\Tpack.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Driving Test Success 2004-2005-->MsiExec.exe /I{139B3E5A-CA8D-44E8-8ED8-E39D9FA7E355}
DSA Theory Test-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}
DTD Poker-->C:\PROGRA~1\DTDPOK~1\UNWISE.EXE C:\PROGRA~1\DTDPOK~1\INSTALL.LOG
DTD Poker-->C:\WINDOWS\System32\UnPoker.exe DTDPoker
E.M. Youtube Video Download Tool 2.31-->"C:\Program Files\E.M. Youtube Video Download Tool\unins000.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL-->MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EVEREST Corporate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
ffdshow [rev 1309] [2007-06-20]-->"C:\Program Files\ffdshow\unins000.exe"
Fraps-->"C:\Fraps\uninstall.exe"
Free Download Manager 2.1-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Video Converter V 1.3-->"C:\Program Files\Free Video Converter\unins000.exe"
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hazard Perception 2004-2005-->MsiExec.exe /I{4645CFF7-898F-427B-AF43-E3E4F08463D8}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO-->MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Icon Restore 1.0-->C:\WINDOWS\unins000.exe
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Infix-->C:\PROGRA~1\Iceni\Infix\UNWISE.EXE C:\PROGRA~1\Iceni\Infix\INSTALL.LOG
Inkjet Printer/Scanner Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
iTunes Library Updater-->MsiExec.exe /I{38EE230F-F631-451F-8800-E29F5E5C9E7D}
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kaspersky Anti-Virus 2010-->MsiExec.exe /I{943B6738-4801-4982-90EC-0442EF7AEB16}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_bf9f7b\Setup.exe /APR-REMOVE
KSignAccessToolkit v1.0-->C:\WINDOWS\System32\UnInstall_KAccess.exe
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Labtec WebCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Labtec® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Ladbrokes Poker-->C:\Program Files\InstallShield Installation Information\{8273D1F0-1EBE-4C75-BAD8-FED1FA4EAC1C}\setup.exe -runfromtemp -l0x0009 -removeonly
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
Legend Of Ares-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8CA3DF4-1486-4928-BE9E-2AC86A774CBC}\Setup.exe" -l0x9
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Men Of The Navy Seals Screen Saver-->sstunst2.exe Men Of The Navy Seals
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Music Rescue 3.1.1-->"C:\Program Files\Music Rescue\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Network Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCA9F7DD-524E-47B7-85EE-F2F22BE7B703}\Setup.exe"
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4E9E-9B58-3014A5B4E519}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Personal Firewall-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Personal Firewall-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x9 -uninstall
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
OutFront Web Template-->C:\OutFrontWebs\rings1\uninstall.exe
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Paddy Power Casino-->C:\Casino\PADDYP~1\UNWISE.EXE C:\Casino\PADDYP~1\INSTALL.LOG
Panda ActiveScan-->C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
PCI Latency Tool 3-->MsiExec.exe /I{506AD2FA-A52D-4FFB-903E-79DAE1E71D39}
PFConfig 1.0.216-->C:\Program Files\PFConfig\uninst.exe
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Pro Motion Trial-->"C:\Program Files\Cosmigo\Pro Motion Trial\Uninstall.exe" "C:\Program Files\Cosmigo\Pro Motion Trial\install.log"
Quick Screen Capture 3.0-->"C:\Program Files\Quick Screen Capture\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Radeon Omega Drivers v4.8.442 Setup Files and Tools-->"C:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v4.8.442\Omega Uninstall.xml"
Ray Adams ATI Tray Tools-->"C:\Program Files\Ray Adams\ATI Tray Tools\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riotball-->"C:\Program Files\Riotball\ReflexiveArcade\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\System32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\windows\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\windows\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\windows\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\windows\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\windows\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\windows\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\windows\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\windows\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\windows\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\windows\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\windows\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\windows\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sega Smash Pack 2 © Sega PC-->C:\Neo\Sega2\UNWISE.EXE C:\Neo\Sega2\INSTALL.LOG
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R,oem2.inf
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SunPoker.com-->C:\WINDOWS\System32\UnPoker.exe CaribbeanSunPoker
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Tweak-XP Pro 4-->C:\windows\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe"
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VIDEOzilla v2.8-->"C:\Program Files\VIDEOzilla\unins000.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Tablet Series-->Rmtablet KNL
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

======Security center information======

AV: Kaspersky Anti-Virus

======System event log======

Computer Name: HOME-SCD6KEAQ8K
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 11134
Source Name: W32Time
Time Written: 20090705060559.000000+060
Event Type: warning
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 11113
Source Name: Service Control Manager
Time Written: 20090704162808.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7001
Message: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 11112
Source Name: Service Control Manager
Time Written: 20090704162646.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 11091
Source Name: Service Control Manager
Time Written: 20090704153949.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 7001
Message: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 11090
Source Name: Service Control Manager
Time Written: 20090704153826.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 21
Source Name: LoadPerf
Time Written: 20090630085612.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 12
Source Name: LoadPerf
Time Written: 20090630030924.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 11
Source Name: LoadPerf
Time Written: 20090630030924.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 9
Source Name: LoadPerf
Time Written: 20090630030805.000000+060
Event Type: error
User:

Computer Name: HOME-SCD6KEAQ8K
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 8
Source Name: LoadPerf
Time Written: 20090630030805.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 25 August 2009 - 04:05 AM

Hi,

1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-s.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

2. Remove all entries in the Trusted, Restricted, and Enhanced Security Configuration Zones:
  • Download DelDomains.inf by right-clicking the download link below, and choosing the option labelled "Save Target As…". Save it to your Desktop.
  • Locate DelDomains.inf on your Desktop, right-click it and select the "Install" option. NOTE: You will not see any on-screen action.This will remove all entries in the Trusted, Restricted, and Enhanced Security Configuration Zones.
    NOTE once you do this: Any previous restricted zone hacks (SpywareBlaster, IE-SPYAD, etc) will need to be reapplyed.
3. I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Post the logfile from the online scan in your next reply together with a new HijackThislog. Also please tell me what anti-virus program you are using. I see Norton/Symantec present, but you said you are using Kaspersky.

#15 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 01 September 2009 - 02:22 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users