Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
19 replies to this topic

#1 Double D

Double D

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 16 August 2009 - 08:56 AM

Thanking you all in advance.
Here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:04 AM, on 8/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\VTech\Community\System\PCTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} (CPlayFirstC4CControl Object) - http://www.playfirst.com/play/game/connect...4C.1.0.0.50.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://roocast.umkc.edu/tegrity/_Player/1..../DRMActiveX.CAB
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {60261C06-81B0-4DE0-9313-E5BA203A64E9} - http://216.195.35.10/pdfmgr_s.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/...loadControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD89C3DB-95D7-4920-8FD3-03FB8FECE123}: NameServer = 85.255.112.194,85.255.112.125
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.194,85.255.112.125
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.194,85.255.112.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.194,85.255.112.125
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: iexplore - 2gYr1.dll (file missing)
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10102 bytes


Thanks again!

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 August 2009 - 01:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 31 August 2009 - 09:11 PM

Thank you...no worries on the delay...Im just glad somebody can help!
The note pad copy and past is below.
As for the problem(s) I am having...most of my browsing is slow but my main concern is that my Windows programs (Outlook, WMP10, Messenger) open up but just freeze and have to "end task" to get them to close. There is a post about this here Link Here
Then only steps I have since done after my first post was run Malwarebytes in safe mode to remove some malware.
I hope that helps, and my apoligies if Im not supposed to link to other problems here.
I can not post the other item the DDS asked me to, because I am unfamiliar with how to zip and attach. I do have it saved to my desktop....again many thanks for all the help

DDS (Ver_09-07-30.01) - NTFSx86
Run by Derek M. Divito at 21:00:24.65 on Mon 08/31/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.196 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090602-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\VTech\Community\System\PCTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Derek M. Divito\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {FE6BC4EF-5676-484B-88AE-883323913256} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Google Update] "c:\documents and settings\derek m. divito\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [IPInSightLAN 01] "c:\program files\visual networks\visual ip insight\sbc\IPClient.exe" -l
mRun: [IPInSightMonitor 01] "c:\program files\visual networks\visual ip insight\sbc\IPMon32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CommunityTray] "c:\program files\vtech\community\system\Startup.exe"
mRun: [Dell AIO Printer A960] "c:\program files\dell aio printer a960\dlbfbmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [FPCCSMiddleware] c:\program files\fisher-price\computer cool school\FPCCSMiddleware.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} - hxxp://www.playfirst.com/play/game/connectfour/C4C.1.0.0.50.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} - hxxp://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {54EABC7D-40DC-4667-8517-F42D00540342} - hxxp://roocast.umkc.edu/tegrity/_Player/1.0/Code/DRMActiveX.CAB
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://usfulfillment.puretracks.com/onager.cab
DPF: {60261C06-81B0-4DE0-9313-E5BA203A64E9} - hxxp://216.195.35.10/pdfmgr_s.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.playfirst.com/play/game/dinerdash2/DinerDash2.1.0.0.67.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} - hxxp://l.yimg.com/jh/games/web_games/sony/davinci/DVCDownloadControl.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: iexplore - 2gYr1.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\derekm~1.div\applic~1\mozilla\firefox\profiles\yo7ok7pa.default\
FF - plugin: c:\documents and settings\derek m. divito\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\derek m. divito\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-5-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-25 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-22 24652]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2008-9-14 42880]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-5-25 138680]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-9-4 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-9-4 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-9-4 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-9-4 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-9-4 100648]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-9-28 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-5-25 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-5-25 352920]

=============== Created Last 30 ================

2009-08-28 06:53 13,408 a------- c:\windows\7240tzreat19259.dll
2009-08-28 04:20 4,218 a------- c:\windows\7879s9ealz175.dll
2009-08-28 00:03 13,373 a------- c:\windows\134999ir5s44cz.ocx
2009-08-27 11:56 9,579 a------- c:\windows\system32\2z853troj2c89.ocx
2009-08-25 23:16 4,751 a------- c:\windows\system32\5e70addwaze2910.exe
2009-08-25 17:24 18,292 a------- c:\windows\1b25add9aze25.exe
2009-08-25 06:22 14,714 a------- c:\windows\system32\z649759rm55.bin
2009-08-25 00:31 5,421 a------- c:\windows\system32\2z55959y7bf.ocx
2009-08-23 17:46 8,220 a------- c:\windows\system32\2f5aspyware689z.bin
2009-08-22 22:04 11,754 a------- c:\windows\system32\65b9stealz25.exe
2009-08-22 07:48 2,814 a------- c:\windows\9z0t5ief2990.ocx
2009-08-21 23:03 8,168 a------- c:\windows\9309sparsez0485.bin
2009-08-21 19:09 6,604 a------- c:\windows\system32\95522spazbot1dc.bin
2009-08-21 10:17 13,974 a------- c:\windows\system32\50485spy396z.exe
2009-08-20 17:24 15,706 a------- c:\windows\system32\41b7bac9d5or23z.dll
2009-08-18 15:48 6,298 a------- c:\windows\552athr9a58z47.dll
2009-08-17 20:30 23,392 a------- c:\windows\system32\nscompat.tlb
2009-08-17 20:30 16,832 a------- c:\windows\system32\amcompat.tlb
2009-08-17 19:24 12,840 a------- c:\windows\system32\4451th5zf459.ocx
2009-08-17 16:22 15,449 a------- c:\windows\61z9not-a-vi9us745.exe
2009-08-17 10:34 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-17 03:17 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-17 03:16 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-17 03:16 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-17 03:16 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-17 03:16 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-17 03:16 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-17 03:16 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-17 03:16 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-17 03:10 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-16 13:03 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-16 13:00 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-16 12:59 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-16 10:01 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 10:01 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-16 10:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 08:35 <DIR> --d----- c:\program files\Trend Micro
2009-08-16 08:03 <DIR> --d----- c:\program files\EMCO
2009-08-15 09:29 <DIR> --d----- c:\docume~1\derekm~1.div\applic~1\Malwarebytes
2009-08-15 09:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-09 06:07 6,792 a------- c:\windows\system32\5886d9wnloaderz2755.dll
2009-08-08 19:50 2,964 a------- c:\windows\22224spam5o96z4.ocx
2009-08-07 20:18 16,659 a------- c:\windows\system32\29565n5t-a9virus4z7.bin
2009-08-07 05:16 13,094 a------- c:\windows\system32\98203spamb5z6c8.cpl
2009-08-05 04:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 17:52 5,491 a------- c:\windows\z52thr9at10352.dll
2009-08-04 12:12 17,716 a------- c:\windows\9z531viru5275.ocx
2009-08-04 00:33 14,913 a------- c:\windows\9c8fspyzar5703.dll
2009-08-03 22:40 8,041 a------- c:\windows\system32\33eb9hief172z5.exe
2009-08-02 15:32 9,169 a------- c:\windows\6630a5dwa9ez343.dll

==================== Find3M ====================

2009-08-17 20:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-17 20:45 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 23:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 23:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 23:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 23:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-27 03:05 10,277 a------- c:\windows\359z9v9rus20c.exe
2009-07-22 13:28 12,658 a------- c:\windows\11547s5azbot6f29.exe
2009-07-18 11:00 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 11:00 3,069,440 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-11 20:27 8,814 a------- c:\windows\2e71addz95e1861.dll
2009-07-11 15:38 3,002 a------- c:\windows\system32\1z595not-9-virus6fa.bin
2009-07-10 08:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-08 23:14 14,225 a------- c:\windows\z53asteal27929.bin
2009-07-08 01:11 15,012 a------- c:\windows\186z5troj599.bin
2009-07-07 12:35 10,452 a------- c:\windows\system32\18z38hackto9l65f.dll
2009-07-04 19:26 17,408 a------- c:\windows\9z5vir1701.dll
2009-07-04 00:36 12,258 a------- c:\windows\83dstza59974.bin
2009-07-01 22:37 6,009 a------- c:\windows\cf2azdware29549.bin
2009-06-30 23:09 11,172 a------- c:\windows\system32\8z09ir2553.exe
2009-06-24 20:33 13,443 a------- c:\windows\530cdow9loader130z.exe
2009-06-23 23:59 4,794 a------- c:\windows\system32\2647zvir9s3f5.dll
2009-06-22 07:18 14,454 a------- c:\windows\system32\3e59thze91829.dll
2009-06-22 06:40 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-06-20 04:39 9,534 a------- c:\windows\320et5reatz9372.dll
2009-06-18 12:50 6,723 a------- c:\windows\55887tzoj6e59.exe
2009-06-14 13:11 6,428 a------- c:\windows\60579zoj1a2.bin
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-11 23:07 6,416 a------- c:\windows\system32\73205ow9zoader845.bin
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 21:35 13,418 a------- c:\windows\9z519orm5e6.bin
2009-06-07 11:02 10,521 a------- c:\windows\z67795py329.exe
2009-06-06 23:52 12,272 a------- c:\windows\2f7ct95ezt19212.bin
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 14:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2007-06-23 21:58 92,064 a------- c:\documents and settings\derek m. divito\mqdmmdm.sys
2007-06-23 21:58 79,328 a------- c:\documents and settings\derek m. divito\mqdmserd.sys
2007-06-23 21:58 66,656 a------- c:\documents and settings\derek m. divito\mqdmbus.sys
2007-06-23 21:58 25,600 a------- c:\documents and settings\derek m. divito\usbsermptxp.sys
2007-06-23 21:58 22,768 a------- c:\documents and settings\derek m. divito\usbsermpt.sys
2007-06-23 21:58 9,232 a------- c:\documents and settings\derek m. divito\mqdmmdfl.sys
2007-06-23 21:58 6,208 a------- c:\documents and settings\derek m. divito\mqdmcmnt.sys
2007-06-23 21:58 5,936 a------- c:\documents and settings\derek m. divito\mqdmwhnt.sys
2007-06-23 21:58 4,048 a------- c:\documents and settings\derek m. divito\mqdmcr.sys
2008-10-31 16:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103120081101\index.dat

============= FINISH: 21:01:27.15 ===============

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 04 September 2009 - 10:09 PM

Hello Double D

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#5 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 07 September 2009 - 11:14 AM

Thank you again for your help! I separated by colors, hope thats OK.
I ran MBAM, with no malicious software found. Here is the MBAM log
Malwarebytes' Anti-Malware 1.40
Database version: 2751
Windows 5.1.2600 Service Pack 2

9/7/2009 11:07:11 AM
mbam-log-2009-09-07 (11-07-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 218662
Time elapsed: 1 hour(s), 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)


Here is the log file of RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Derek M. Divito at 2009-09-07 11:08:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 16 GB (43%) free of 38 GB
Total RAM: 510 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:45 AM, on 9/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\VTech\Community\System\PCTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Derek M. Divito\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Derek M. Divito.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} (CPlayFirstC4CControl Object) - http://www.playfirst.com/play/game/connect...4C.1.0.0.50.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://roocast.umkc.edu/tegrity/_Player/1..../DRMActiveX.CAB
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {60261C06-81B0-4DE0-9313-E5BA203A64E9} - http://216.195.35.10/pdfmgr_s.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: iexplore - 2gYr1.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9465 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD79A59-37B1-459B-9097-09F9FAB8A523}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"IPInSightLAN 01"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 01"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-01-11 155648]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"CommunityTray"=C:\Program Files\VTech\Community\System\Startup.exe [2008-03-15 11776]
"Dell AIO Printer A960"=C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe [2003-09-21 270336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"FPCCSMiddleware"=C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe [2008-10-10 538432]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-17 520024]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"Google Update"=C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore]
2gYr1.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\SYSTEM32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE"="C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe"="C:\Program Files\GameHouse\Jigsaw\Jigsaw.exe:*:Enabled:Jigsaw"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Motorola\RSD Lite\SDL.exe"="C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Disabled:SDL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Shockwave.com\Wheel of Fortune\product\Wheel of Fortune.exe"="C:\Program Files\Shockwave.com\Wheel of Fortune\product\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\WINDOWS\SYSTEM32\dlbfcoms.exe"="C:\WINDOWS\SYSTEM32\dlbfcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\EMCO\Malware Destroyer\MalwareDestroyer.exe"="C:\Program Files\EMCO\Malware Destroyer\MalwareDestroyer.exe:*:Enabled:Malware Scanner for Home User's"
"C:\Program Files\VTech\Community\System\PCTray.exe"="C:\Program Files\VTech\Community\System\PCTray.exe:*:Disabled:Vtech local server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-12-27 11:50:04 ----A---- C:\WINDOWS\system32\29583s5ambot7z5.exe
2009-12-25 10:53:42 ----A---- C:\WINDOWS\z02f59yware918.exe
2009-12-13 14:55:47 ----A---- C:\WINDOWS\system32\52139rojz53.exe
2009-12-11 08:28:21 ----A---- C:\WINDOWS\system32\7e55adzware17969.exe
2009-12-10 18:38:19 ----A---- C:\WINDOWS\system32\195z5spy195.dll
2009-12-10 15:47:24 ----A---- C:\WINDOWS\system32\2a45steal9z45.dll
2009-12-09 10:21:23 ----A---- C:\WINDOWS\system32\2b96b5zkdoor3104.exe
2009-12-09 06:59:09 ----A---- C:\WINDOWS\b25thzea531991.exe
2009-12-08 01:31:11 ----A---- C:\WINDOWS\6a35thre9t188z9.exe
2009-12-07 19:08:37 ----A---- C:\WINDOWS\1fvzr5549.dll
2009-12-06 23:54:43 ----A---- C:\WINDOWS\22535n9t-a-virus32z.dll
2009-12-05 07:29:53 ----A---- C:\WINDOWS\2341295t-a-virusz5a.dll
2009-12-04 03:08:04 ----A---- C:\WINDOWS\system32\31941tr5j1z8.dll
2009-12-02 20:51:48 ----A---- C:\WINDOWS\3z1ast95l1821.exe
2009-12-01 10:33:50 ----A---- C:\WINDOWS\system32\506stealz890.exe
2009-11-27 05:45:26 ----A---- C:\WINDOWS\system32\17552h9cktool1b5z.dll
2009-11-24 01:53:55 ----A---- C:\WINDOWS\9ez4vir2755.exe
2009-11-23 08:44:19 ----A---- C:\WINDOWS\z599ste5l3169.exe
2009-11-21 23:09:47 ----A---- C:\WINDOWS\1056z5i9usea.dll
2009-11-21 07:32:34 ----A---- C:\WINDOWS\6z469ir2975.exe
2009-11-18 15:26:59 ----A---- C:\WINDOWS\system32\395czhief25979.dll
2009-11-18 00:09:17 ----A---- C:\WINDOWS\system32\55390spy75z.exe
2009-11-16 23:59:12 ----A---- C:\WINDOWS\system32\622adownload59z050.dll
2009-11-14 14:18:38 ----A---- C:\WINDOWS\59d4downlo5dez9797.exe
2009-11-13 10:09:52 ----A---- C:\WINDOWS\system32\54cabac9doorz745.exe
2009-11-10 14:21:05 ----A---- C:\WINDOWS\system32\3z17addware5759.exe
2009-11-09 14:54:44 ----A---- C:\WINDOWS\system32\6625zir9s23f.exe
2009-11-04 11:01:07 ----A---- C:\WINDOWS\59956virus4z1.exe
2009-11-03 04:40:55 ----A---- C:\WINDOWS\z58ddownloade92836.dll
2009-11-01 23:35:05 ----A---- C:\WINDOWS\6506addware219z.dll
2009-11-01 07:34:39 ----A---- C:\WINDOWS\system32\19z785irus2079.exe
2009-10-27 02:05:47 ----A---- C:\WINDOWS\system32\7e0zpars9853.exe
2009-10-26 21:41:41 ----A---- C:\WINDOWS\system32\z595sparse547.dll
2009-10-26 10:59:23 ----A---- C:\WINDOWS\system32\528fz9ief5670.dll
2009-10-25 05:30:31 ----A---- C:\WINDOWS\z955irus2a2.dll
2009-10-23 16:19:50 ----A---- C:\WINDOWS\27897spam9otz95.dll
2009-10-22 10:54:17 ----A---- C:\WINDOWS\3099spy5z9.exe
2009-10-15 21:27:06 ----A---- C:\WINDOWS\95f5thief32z9.dll
2009-10-14 10:53:11 ----A---- C:\WINDOWS\system32\559threaz32183.exe
2009-10-11 04:55:10 ----A---- C:\WINDOWS\system32\1115zsp5922.dll
2009-10-09 15:13:44 ----A---- C:\WINDOWS\system32\595edowzl9ader8335.dll
2009-10-09 04:07:25 ----A---- C:\WINDOWS\2859zp9ware2157.dll
2009-10-08 16:43:06 ----A---- C:\WINDOWS\5028ztrojb9.exe
2009-10-06 11:56:15 ----A---- C:\WINDOWS\system32\25555hacktooz5999.exe
2009-10-05 03:43:56 ----A---- C:\WINDOWS\4581not-a-9irus3ebz.dll
2009-10-04 11:19:20 ----A---- C:\WINDOWS\system32\59z1threat28939.dll
2009-10-02 08:31:54 ----A---- C:\WINDOWS\6253vzr1329.dll
2009-10-02 02:30:17 ----A---- C:\WINDOWS\system32\96685hreat22z69.exe
2009-09-27 17:12:23 ----A---- C:\WINDOWS\system32\695bs9eal2z20.dll
2009-09-27 14:49:10 ----A---- C:\WINDOWS\system32\4057szeal12319.exe
2009-09-23 12:12:14 ----A---- C:\WINDOWS\system32\z3a5thi9f2395.exe
2009-09-22 13:27:51 ----A---- C:\WINDOWS\42bzspar9e5498.dll
2009-09-18 21:13:11 ----A---- C:\WINDOWS\system32\22796n5t9a-virusz65.exe
2009-09-15 17:23:57 ----A---- C:\WINDOWS\2261not-a-vzrus955.dll
2009-09-14 20:03:10 ----A---- C:\WINDOWS\system32\409dsp5zare199.exe
2009-09-14 18:28:48 ----A---- C:\WINDOWS\25069tr5j7z8.exe
2009-09-11 09:32:55 ----A---- C:\WINDOWS\54dbthre9t1z960.exe
2009-09-11 06:53:17 ----A---- C:\WINDOWS\system32\32740hackto9z2955.dll
2009-09-07 12:28:32 ----A---- C:\WINDOWS\system32\31053s5amboz71c9.exe
2009-09-07 11:08:26 ----D---- C:\rsit
2009-09-07 09:59:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-06 14:55:59 ----A---- C:\WINDOWS\12891zp51a49.exe
2009-09-03 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-02 21:18:53 ----A---- C:\WINDOWS\4198szy546.exe
2009-08-28 06:53:51 ----A---- C:\WINDOWS\7240tzreat19259.dll
2009-08-28 04:20:50 ----A---- C:\WINDOWS\7879s9ealz175.dll
2009-08-26 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-25 23:16:25 ----A---- C:\WINDOWS\system32\5e70addwaze2910.exe
2009-08-25 17:24:32 ----A---- C:\WINDOWS\1b25add9aze25.exe
2009-08-22 22:04:58 ----A---- C:\WINDOWS\system32\65b9stealz25.exe
2009-08-21 10:17:48 ----A---- C:\WINDOWS\system32\50485spy396z.exe
2009-08-20 17:24:58 ----A---- C:\WINDOWS\system32\41b7bac9d5or23z.dll
2009-08-18 15:48:10 ----A---- C:\WINDOWS\552athr9a58z47.dll
2009-08-18 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-18 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-17 16:22:03 ----A---- C:\WINDOWS\61z9not-a-vi9us745.exe
2009-08-17 03:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-17 03:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-17 03:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-08-17 03:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-17 03:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-17 03:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-17 03:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-17 03:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-17 03:17:59 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-17 03:17:51 ----D---- C:\Program Files\MSBuild
2009-08-17 03:17:35 ----D---- C:\Program Files\Reference Assemblies
2009-08-17 03:16:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-17 03:16:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-17 03:16:38 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-17 03:10:15 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-17 03:10:01 ----D---- C:\Program Files\MSXML 6.0
2009-08-17 03:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-17 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-17 03:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-17 03:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-17 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-17 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-17 03:06:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-17 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-17 03:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-17 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-17 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-17 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-17 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-17 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-16 19:41:02 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-16 08:35:14 ----D---- C:\Program Files\Trend Micro
2009-08-16 08:03:58 ----D---- C:\Program Files\EMCO
2009-08-15 09:29:48 ----D---- C:\Documents and Settings\Derek M. Divito\Application Data\Malwarebytes
2009-08-15 09:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-09 06:07:59 ----A---- C:\WINDOWS\system32\5886d9wnloaderz2755.dll

======List of files/folders modified in the last 1 months======

2009-09-07 11:08:28 ----D---- C:\WINDOWS\Prefetch
2009-09-07 09:59:40 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-07 09:59:38 ----AD---- C:\Program Files
2009-09-07 09:54:10 ----D---- C:\Program Files\Mozilla Firefox
2009-09-06 05:09:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-05 11:00:01 ----D---- C:\WINDOWS\Temp
2009-09-05 10:58:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 10:54:15 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-05 10:45:02 ----D---- C:\Documents and Settings\Derek M. Divito\Application Data\uTorrent
2009-09-03 20:31:35 ----D---- C:\WINDOWS
2009-09-03 03:08:27 ----D---- C:\WINDOWS\SYSTEM32
2009-09-03 03:01:58 ----HD---- C:\WINDOWS\INF
2009-09-03 03:01:51 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-08-30 07:23:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-26 03:00:42 ----A---- C:\WINDOWS\imsins.BAK
2009-08-21 21:44:42 ----D---- C:\WINDOWS\Minidump
2009-08-21 13:10:13 ----D---- C:\Documents and Settings
2009-08-18 03:11:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-18 03:11:24 ----RSD---- C:\WINDOWS\assembly
2009-08-18 03:07:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-18 03:05:05 ----SHD---- C:\WINDOWS\Installer
2009-08-18 03:05:05 ----D---- C:\Config.Msi
2009-08-17 20:46:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-17 20:45:47 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-17 20:29:53 ----A---- C:\WINDOWS\WIN.INI
2009-08-17 20:29:29 ----D---- C:\Program Files\Windows Media Player
2009-08-17 20:27:26 ----D---- C:\WINDOWS\Help
2009-08-17 20:27:26 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-17 18:25:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-17 03:41:27 ----D---- C:\WINDOWS\system32\WBEM
2009-08-17 03:41:27 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-17 03:41:25 ----D---- C:\WINDOWS\AppPatch
2009-08-17 03:30:28 ----D---- C:\Program Files\Internet Explorer
2009-08-17 03:24:46 ----D---- C:\WINDOWS\WinSxS
2009-08-17 03:17:54 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 03:17:45 ----RSD---- C:\WINDOWS\Fonts
2009-08-17 03:17:02 ----D---- C:\WINDOWS\system32\SPOOL
2009-08-17 03:12:34 ----D---- C:\WINDOWS\system32\MUI
2009-08-17 03:05:46 ----D---- C:\Program Files\Outlook Express
2009-08-17 03:03:26 ----D---- C:\WINDOWS\Debug
2009-08-16 08:06:06 ----D---- C:\Program Files\AWS
2009-08-14 21:35:50 ----D---- C:\Program Files\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16512]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-01-22 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2002-03-26 6016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 aldyzuud;aldyzuud; C:\WINDOWS\system32\drivers\aldyzuud.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 SECYPUSB;SAMSUNG YEPP; C:\WINDOWS\System32\Drivers\SECYEPPX.sys [2002-08-26 38316]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-07-15 22768]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-17 1029456]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Here is the Info file of the RSIT:
info.txt logfile of random's system information tool 1.06 2009-09-07 11:08:52

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32Bit EForm Initialization-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Amgraf\EformRun\Uninst.isu"
4Musics FLAC to MP3 Converter 4.5-->"C:\Program Files\4Musics FLAC to MP3 Converter\unins000.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
Arial CD Ripper v1.9.1-->"C:\Program Files\Arial CD Ripper\unins000.exe"
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Cake Mania-->C:\Program Files\Cake Mania\uninstall.exe
Cake Mania® 3-->C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CAKEMA~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell AIO Printer A960-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
EvenFit-->MsiExec.exe /I{0EAD5AFB-E853-44CE-A4E4-5658AE0D7F29}
Fake MP3 Detector-->C:\Program Files\Fake MP3 Detector\uninstall.exe
Fisher-Price Computer Cool School-->"C:\Program Files\InstallShield Installation Information\{803805A4-A3F7-4504-8B19-9A63BC8A4551}\Setup.exe" -runfromtemp -l0x0409 -hide_progress -zreg -removeonly
Fisher-Price Computer Cool School-->MsiExec.exe /X{803805A4-A3F7-4504-8B19-9A63BC8A4551}
foobar2000 v0.9.6.6 beta 1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Free M4a to MP3 Converter 6.0-->"C:\Program Files\Free M4a to MP3 Converter\unins000.exe"
Free Sound Recorder-->C:\PROGRA~1\FREESO~1\UNWISE.EXE C:\PROGRA~1\FREESO~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
iriver Firmware Updater (remove only)-->"C:\Program Files\iriver\iriver Firmware Updater\uninstall.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Little Shop - City Lights (remove only)-->C:\Program Files\Yahoo! Games\LittleShopCityLights\Uninstall.exe {444694B8-D2A5-389B-9216-5FC945DAED28}
Little Shop - City Lights-->MsiExec.exe /X{444694B8-D2A5-389B-9216-5FC945DAED28}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MONOPOLY HERE & NOW EDITION-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\MONOPOLY HERE & NOW EDITION.rguninst"
Monopoly®-->C:\PROGRA~1\SHOCKW~1.COM\Monopoly\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\Monopoly\INSTALL.LOG
Motorola Driver Installation 3.4.0-->MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NTI CD-Maker 2000 Plus-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewTech Infosystems\NTI CD-Maker 2000 Plus\Uninst.isu"
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealArcade-->"c:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst"
RSD_LITE_2_3-->MsiExec.exe /X{EC812778-9FDD-4167-9335-EE6DBCBD60BF}
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
V.Link-->C:\Program Files\InstallShield Installation Information\{7C5B88B2-AEDC-49A8-B72C-7A0C61FB6566}\setup.exe -runfromtemp -l0x0009 -removeonly
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual IP InSight(SBC)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}SBC\setup.exe SBC
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahtzee Download Edition-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Yahtzee Download Edition.rguninst"
YP-300 yepp Explorer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20839CA9-6663-11D6-95E3-0090270DC2DC}\setup.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090602-0] (disabled) (outdated)
AV: Panda Antivirus Platinum 7 (disabled) (outdated)
FW: Panda Antivirus Platinum 7 (disabled)

======System event log======

Computer Name: D5QHBK51
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 212865
Source Name: Disk
Time Written: 20090801141556.000000-300
Event Type: warning
User:

Computer Name: D5QHBK51
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 212864
Source Name: Disk
Time Written: 20090801135356.000000-300
Event Type: warning
User:

Computer Name: D5QHBK51
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 212863
Source Name: Disk
Time Written: 20090801125453.000000-300
Event Type: warning
User:

Computer Name: D5QHBK51
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 212862
Source Name: Disk
Time Written: 20090801121409.000000-300
Event Type: warning
User:

Computer Name: D5QHBK51
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 212861
Source Name: Ftdisk
Time Written: 20090801115552.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: D5QHBK51
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 7
Source Name: crypt32
Time Written: 20090625194646.000000-300
Event Type: error
User:

Computer Name: D5QHBK51
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established


Record Number: 6
Source Name: crypt32
Time Written: 20090625194645.000000-300
Event Type: error
User:

Computer Name: D5QHBK51
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 5
Source Name: crypt32
Time Written: 20090625194644.000000-300
Event Type: error
User:

Computer Name: D5QHBK51
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 3
Source Name: Microsoft Fax
Time Written: 20090625194420.000000-300
Event Type: warning
User:

Computer Name: D5QHBK51
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 2
Source Name: Microsoft Fax
Time Written: 20090625194420.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_06\lib\ext\QTJava.zip

-----------------EOF-----------------


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 08 September 2009 - 01:48 PM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Bittorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 09 September 2009 - 09:02 PM

Thank you again for all your assistance Syler. Here is the requested info:

ComboFix 09-09-09.04 - Derek M. Divito 09/09/2009 20:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.143 [GMT -5:00]
Running from: c:\documents and settings\Derek M. Divito\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090602-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Antivirus Platinum 7 *disabled* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Derek M. Divito\Local Settings\Temporary Internet Files\H10_20GC_ENG_MT.ZIP
c:\documents and settings\Derek M. Divito\Local Settings\Temporary Internet Files\head_firmware.inf
c:\documents and settings\Kristin L. Divito\My Documents\ZbThumbnail.info
c:\windows\1001zw5rm5fc9.exe
c:\windows\1008zv5rus5d49.dll
c:\windows\101eaddzare9535.dll
c:\windows\102095ormze4.bin
c:\windows\10541hackto9l2z5.exe
c:\windows\1056z5i9usea.dll
c:\windows\11091no9-5-vzrus54f.bin
c:\windows\11358troz9ef.cpl
c:\windows\11547s5azbot6f29.exe
c:\windows\11926wo5m29z9.exe
c:\windows\11fz95r60.cpl
c:\windows\123445a9ktozl444.bin
c:\windows\1235ztroj3919.ocx
c:\windows\12891zp51a49.exe
c:\windows\129z8viru5b9.ocx
c:\windows\12czadd5are1968.cpl
c:\windows\13025t9oj2zc.dll
c:\windows\134999ir5s44cz.ocx
c:\windows\13754not-azvi5us69e.ocx
c:\windows\13zcthi953102.bin
c:\windows\1443azdwa952599.exe
c:\windows\14659sp9z0e.ocx
c:\windows\147589pazbot4bc.bin
c:\windows\1495t9ief16z6.cpl
c:\windows\1497not-a-v5ru9507z.dll
c:\windows\14azspa9se22665.bin
c:\windows\15005w9rm79az.bin
c:\windows\155739orz6fd.ocx
c:\windows\1570nzt-a-v9rus770.ocx
c:\windows\157199pzmbot388.exe
c:\windows\15853not-a-vizus2d9.dll
c:\windows\15dbackdoor1949z.ocx
c:\windows\15z9thief1391.bin
c:\windows\1653add9are2425z.bin
c:\windows\1731959t-a-viruz54b.ocx
c:\windows\17459hacktoolz28.bin
c:\windows\1755nzt-a-v9rus4d5.exe
c:\windows\17b3tzreat5489.cpl
c:\windows\186z5troj599.bin
c:\windows\19265spz795.ocx
c:\windows\1959zhacktool369.dll
c:\windows\195bth9efz905.cpl
c:\windows\1973trojzc85.dll
c:\windows\19829spamboz225.ocx
c:\windows\198znot-9-virus27b5.ocx
c:\windows\1996s5yware306z.bin
c:\windows\199bzpars92858.exe
c:\windows\19z29spambot5d8.exe
c:\windows\1b1bthiez58969.dll
c:\windows\1b25add9aze25.exe
c:\windows\1bbathie913z5.dll
c:\windows\1c6a5zw9re1512.cpl
c:\windows\1cbfdownloade9135z.ocx
c:\windows\1ce4spyw59e92z.cpl
c:\windows\1f95backd5or4z5.ocx
c:\windows\1fvzr5549.dll
c:\windows\1z152hackto9lf5.exe
c:\windows\1z230tr9j1995.dll
c:\windows\1z251troj89.exe
c:\windows\20038no9-a-vir5sz93.bin
c:\windows\20baczdoor2509.bin
c:\windows\20z29pye75.bin
c:\windows\21134tr5j9az.ocx
c:\windows\211989acktzol4c25.exe
c:\windows\21395spamboz245.exe
c:\windows\219319azktool575.cpl
c:\windows\21959w9rm14z.exe
c:\windows\219919ro56zd.ocx
c:\windows\22224spam5o96z4.ocx
c:\windows\22229pywarz519.ocx
c:\windows\222z0not-95virus673.dll
c:\windows\22535n9t-a-virus32z.dll
c:\windows\2261not-a-vzrus955.dll
c:\windows\2313spa5bo960dz.ocx
c:\windows\2341295t-a-virusz5a.dll
c:\windows\2373tz9j5f5.exe
c:\windows\2398thr5at18z34.ocx
c:\windows\24194hack5ool9zb.cpl
c:\windows\24552trojza09.ocx
c:\windows\24580spambot59z.cpl
c:\windows\24830vzrus695.ocx
c:\windows\2504zpy595.ocx
c:\windows\2505sp91z8.exe
c:\windows\25069tr5j7z8.exe
c:\windows\2509z9pambot28c.exe
c:\windows\251529roj5b7z.exe
c:\windows\2537spa9bzt71a.cpl
c:\windows\254znot-a-vi5us966.exe
c:\windows\255275irus5zc9.cpl
c:\windows\25579spy1z59.exe
c:\windows\25692vizu5249.dll
c:\windows\25745vizus390.cpl
c:\windows\2581spambot9z.exe
c:\windows\259179ozmaf.cpl
c:\windows\2595v59usz4b.dll
c:\windows\25972t9ojz80.bin
c:\windows\25z59viru97d6.cpl
c:\windows\26895tro96az.dll
c:\windows\273ez5r39.cpl
c:\windows\27589wozm555.exe
c:\windows\27589zpambot259.ocx
c:\windows\27897spam9otz95.dll
c:\windows\27a59zwn5oader1951.dll
c:\windows\2801n5tza-virus4789.exe
c:\windows\280z29a5ktool740.cpl
c:\windows\28150worm59z.ocx
c:\windows\2827spywzr59594.cpl
c:\windows\2854spz9se7955.bin
c:\windows\2859zp9ware2157.dll
c:\windows\28797spambotzb59.exe
c:\windows\288z0not-a-5iru937d.cpl
c:\windows\29520spy23z.exe
c:\windows\29741sp56z5.dll
c:\windows\29974noz-a-5irus490.bin
c:\windows\29995not-z-virus403.exe
c:\windows\299z5v9rus54.bin
c:\windows\29z60hack5ool423.dll
c:\windows\2a6zspyware1259.exe
c:\windows\2aeespywar9z521.cpl
c:\windows\2c19stezl3530.ocx
c:\windows\2e15thief19z7.dll
c:\windows\2e39addzare18505.ocx
c:\windows\2e58d9wnlozder1848.exe
c:\windows\2e71addz95e1861.dll
c:\windows\2f7ct95ezt19212.bin
c:\windows\2z45v5r16919.bin
c:\windows\2z95spy953.ocx
c:\windows\30216not5a-viru92z.cpl
c:\windows\303avir915z.exe
c:\windows\30504haz9tool21a.ocx
c:\windows\30785not-a-z9rus54.exe
c:\windows\3099spy5z9.exe
c:\windows\31018v5rusz93.cpl
c:\windows\31054zackto9lbf5.dll
c:\windows\313539iruz16b.ocx
c:\windows\3145vir9z85.cpl
c:\windows\31926hacztoo5505.cpl
c:\windows\32019spa5zot247.cpl
c:\windows\320et5reatz9372.dll
c:\windows\32528no9-a5viruz304.ocx
c:\windows\32753n9t5a-virus9z.ocx
c:\windows\33459dzware1515.exe
c:\windows\336fthr9zt15212.bin
c:\windows\3396hacz5ool9d2.exe
c:\windows\3456vzr52239.exe
c:\windows\3479spywaz5172.ocx
c:\windows\34z6vir593.bin
c:\windows\35069spambot294z.ocx
c:\windows\3586spz659.cpl
c:\windows\3595t5zj710.cpl
c:\windows\359z9v9rus20c.exe
c:\windows\3675thie5329z.cpl
c:\windows\375f9ownlzader1595.cpl
c:\windows\39155zorm21d.cpl
c:\windows\3948zparse5350.cpl
c:\windows\39a0tzreat59149.exe
c:\windows\39z1steal1454.exe
c:\windows\3a09thief2z57.cpl
c:\windows\3b2aza59door2955.cpl
c:\windows\3b4fs9y5arz821.ocx
c:\windows\3d29a5kdoor22z5.ocx
c:\windows\3d2tzreat910015.ocx
c:\windows\3dz8stea59160.exe
c:\windows\3e4fbzck9oor14205.ocx
c:\windows\3e575h9efz977.bin
c:\windows\3ec9th5eat3606z.bin
c:\windows\3z1ast95l1821.exe
c:\windows\3z753s9ambot552.exe
c:\windows\4198szy546.exe
c:\windows\41doznlo9der5843.ocx
c:\windows\425zvirus74d9.exe
c:\windows\429fb5c9door5z.bin
c:\windows\42bzspar9e5498.dll
c:\windows\431f9a5kdoorz060.cpl
c:\windows\432astez92955.dll
c:\windows\4469download5r19z9.cpl
c:\windows\450zthreat23943.bin
c:\windows\4539spzrse2619.ocx
c:\windows\4581not-a-9irus3ebz.dll
c:\windows\4693backdoor175z.dll
c:\windows\47f9zhief2345.exe
c:\windows\495bazdware9154.dll
c:\windows\49aspa5s93z16.bin
c:\windows\49bb9czdoo52986.dll
c:\windows\4e94b95kdoor70z.bin
c:\windows\4f53sz9ware16935.ocx
c:\windows\4z5fth59at31216.ocx
c:\windows\501athrzat9183.bin
c:\windows\5028ztrojb9.exe
c:\windows\50dzsteal7249.exe
c:\windows\511e9parse1z8.bin
c:\windows\5159roj682z.exe
c:\windows\51z9vir89.exe
c:\windows\51zb9hief1995.bin
c:\windows\52223troj9fz.exe
c:\windows\5264threat274z19.cpl
c:\windows\528spazse719.dll
c:\windows\529c5te9z2287.ocx
c:\windows\52b6v5z2019.bin
c:\windows\530cdow9loader130z.exe
c:\windows\53z3hacktool1fb9.ocx
c:\windows\53z59ir1967.dll
c:\windows\54dbthre9t1z960.exe
c:\windows\54z95worm38e.bin
c:\windows\552athr9a58z47.dll
c:\windows\557zspambot5a9.ocx
c:\windows\55842hacktooz29f.dll
c:\windows\55887tzoj6e59.exe
c:\windows\55z5downloade92254.bin
c:\windows\561e9teal2816z.exe
c:\windows\5689tzrea516533.exe
c:\windows\5764back9oo5z089.ocx
c:\windows\58093not-a-vizus169.exe
c:\windows\5891thzef10969.bin
c:\windows\5901spar5e259z.bin
c:\windows\59956virus4z1.exe
c:\windows\599cbaczdoor2557.dll
c:\windows\59d4downlo5dez9797.exe
c:\windows\59z4steal1466.cpl
c:\windows\5b6zt5ief79.exe
c:\windows\5ba0szea92004.bin
c:\windows\5ba7ste9z5047.cpl
c:\windows\5bazthie51922.exe
c:\windows\5bf9steaz54.bin
c:\windows\5bfdb95kdooz2469.ocx
c:\windows\5c9ezp5rse1065.dll
c:\windows\5df0vir229z.dll
c:\windows\5f9tzief1025.bin
c:\windows\5z15thief1599.bin
c:\windows\5z4409roj5bf.bin
c:\windows\5z73sparse3597.ocx
c:\windows\5z89spars91376.ocx
c:\windows\60579zoj1a2.bin
c:\windows\6096z9arse2058.ocx
c:\windows\61z9not-a-vi9us745.exe
c:\windows\62459irus13z.exe
c:\windows\6253vzr1329.dll
c:\windows\6295zp9ware361.bin
c:\windows\6506addware219z.dll
c:\windows\6519vzru91c25.ocx
c:\windows\659fs9ealz885.cpl
c:\windows\65bfthzef5509.cpl
c:\windows\65f65hr9at19058z.dll
c:\windows\65zaddware1940.cpl
c:\windows\6630a5dwa9ez343.dll
c:\windows\690edow5loadez1582.cpl
c:\windows\69815parsz695.cpl
c:\windows\69c9back9oor3517z.bin
c:\windows\69e8th5ef952z.exe
c:\windows\69ffaddwarz559.cpl
c:\windows\6a35thre9t188z9.exe
c:\windows\6azes9eal1655.exe
c:\windows\6c669hi5f1156z.dll
c:\windows\6ce4downl9a5er2024z.dll
c:\windows\6db4zow9loade5708.dll
c:\windows\6ddcaddzar91985.dll
c:\windows\6ebd95r869z.cpl
c:\windows\6ff5backd9zr421.exe
c:\windows\6z469ir2975.exe
c:\windows\6z74v9r5101.ocx
c:\windows\6z97spy5b59.cpl
c:\windows\7056s95zse849.dll
c:\windows\71875ddwarez249.cpl
c:\windows\7240tzreat19259.dll
c:\windows\72a45t9al1z63.bin
c:\windows\72as5ywarez999.bin
c:\windows\7349down5oad9z902.dll
c:\windows\7456th9ez2511.exe
c:\windows\759dsparse565z.ocx
c:\windows\77z2hac5to9l5ed.bin
c:\windows\786threat25990z.dll
c:\windows\7879s9ealz175.dll
c:\windows\78c4dozn95ader3200.bin
c:\windows\794abackdooz2549.ocx
c:\windows\79555zoj9c9.ocx
c:\windows\795tz5ef2996.bin
c:\windows\79z9tr5j3bb.dll
c:\windows\7ab1bac9dooz2555.exe
c:\windows\7b5dspywz9e2824.bin
c:\windows\7e20a9dware2953z.cpl
c:\windows\7f455ddware98z3.bin
c:\windows\7fe1d5wnloadez1918.bin
c:\windows\7ffaaddwar93z45.dll
c:\windows\7z9tr5j7cf.ocx
c:\windows\7zdth9ef635.dll
c:\windows\82ddzwnload5r2946.bin
c:\windows\83cspar5e20z9.ocx
c:\windows\83dstza59974.bin
c:\windows\8494zot-a-virus559.cpl
c:\windows\850zspambo945f.cpl
c:\windows\85955or92cz.cpl
c:\windows\8899trzj3985.ocx
c:\windows\8929p5zare2245.exe
c:\windows\8z81vi9u5671.cpl
c:\windows\9009v9rus56z.exe
c:\windows\90besparz51576.bin
c:\windows\9209vi5z69.bin
c:\windows\92495wozm56.dll
c:\windows\9281vi5z948c.cpl
c:\windows\9309sparsez0485.bin
c:\windows\9361n95-a-zirus4af.cpl
c:\windows\9399hacktz5l10a.dll
c:\windows\9399nz9-a-virus7e5.ocx
c:\windows\94b7dz5nloader2977.bin
c:\windows\9517zp5ware1098.ocx
c:\windows\9557hacktool2zd.ocx
c:\windows\958ethreat17695z.cpl
c:\windows\95a2backzoor605.exe
c:\windows\95f5thief32z9.dll
c:\windows\968725rzj797.ocx
c:\windows\9719wor5z98.ocx
c:\windows\97785hiez277.cpl
c:\windows\9785spz98a.exe
c:\windows\97b1threat57517z.dll
c:\windows\9869spambo5477z.bin
c:\windows\9873znot-a5virus4bd.cpl
c:\windows\98835oz-a-virusd6.bin
c:\windows\9925spambot428z.cpl
c:\windows\993spyzc5.ocx
c:\windows\99475ormz9c.cpl
c:\windows\99800v5ruszc1.ocx
c:\windows\9c7zaddware1035.cpl
c:\windows\9c8fspyzar5703.dll
c:\windows\9ez4vir2755.exe
c:\windows\9f4fz5arse19.ocx
c:\windows\9fa4bac5door22z0.ocx
c:\windows\9z0t5ief2990.ocx
c:\windows\9z519orm5e6.bin
c:\windows\9z531viru5275.ocx
c:\windows\9z5cthief2139.dll
c:\windows\9z5vir1701.dll
c:\windows\9z93vir357.bin
c:\windows\9z95spy11e.cpl
c:\windows\a15szywa9e5.bin
c:\windows\ac05t9alz57.exe
c:\windows\b25thzea531991.exe
c:\windows\bb3downloader5z95.cpl
c:\windows\c00th5z9t27139.bin
c:\windows\c2dthief59z.cpl
c:\windows\c53ba9zdoor2165.exe
c:\windows\c56spzw5r9910.dll
c:\windows\ceazte592853.bin
c:\windows\cf2azdware29549.bin
c:\windows\czd5parse991.exe
c:\windows\d54zparse2549.bin
c:\windows\d98tz9ef5513.dll
c:\windows\dedbazkdoo919965.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\ed5v9z1595.dll
c:\windows\Installer\1573a0f.msp
c:\windows\Installer\1ed28f0f.msp
c:\windows\Installer\e2eb3.msi
c:\windows\system32\110769pamb5z12b.cpl
c:\windows\system32\1115zsp5922.dll
c:\windows\system32\117zst5al95.dll
c:\windows\system32\1196zwo5m41.cpl
c:\windows\system32\11z3sparse950.ocx
c:\windows\system32\12767spa5bot2d9z.exe
c:\windows\system32\133zsp9mbo524b.cpl
c:\windows\system32\13529acktzol6a1.cpl
c:\windows\system32\13564s9ambotz75.ocx
c:\windows\system32\138daddw59e19z4.cpl
c:\windows\system32\14926wo5z3f1.cpl
c:\windows\system32\14z51sp5595.dll
c:\windows\system32\15191sp9zee.ocx
c:\windows\system32\152559orm45cz.ocx
c:\windows\system32\1539159ojebz.ocx
c:\windows\system32\153cbackd9zr2196.dll
c:\windows\system32\1548sparsez988.cpl
c:\windows\system32\15744hac9tozl2a.dll
c:\windows\system32\157z4worm6cf9.cpl
c:\windows\system32\15899spambzt579.exe
c:\windows\system32\15918not-a9virusz9a.dll
c:\windows\system32\15955zpy5ed.exe
c:\windows\system32\1596virz953.bin
c:\windows\system32\15c0thief2359z.cpl
c:\windows\system32\15z94sp9mbot33b.cpl
c:\windows\system32\16195pywzre897.cpl
c:\windows\system32\16345hack9ooz4cc.dll
c:\windows\system32\1700th5ef14z79.ocx
c:\windows\system32\17552h9cktool1b5z.dll
c:\windows\system32\17761virz59a9.cpl
c:\windows\system32\18985virusz4f.cpl
c:\windows\system32\18z38hackto9l65f.dll
c:\windows\system32\19253troj4d9z.bin
c:\windows\system32\19457not-a-vi5us42z9.bin
c:\windows\system32\1959zvi9us352.cpl
c:\windows\system32\195z5spy195.dll
c:\windows\system32\19675not-a-virzs1a15.cpl
c:\windows\system32\19691wormz55.ocx
c:\windows\system32\19fedow5loader2z73.dll
c:\windows\system32\19z785irus2079.exe
c:\windows\system32\1e965parze3143.dll
c:\windows\system32\1f71do9nloade52z18.cpl
c:\windows\system32\1f97downloader2175z.dll
c:\windows\system32\1z1295i9us57d.exe
c:\windows\system32\1z152virus294.bin
c:\windows\system32\1z46t5reat29947.ocx
c:\windows\system32\1z595not-9-virus6fa.bin
c:\windows\system32\1z686s9ycd5.ocx
c:\windows\system32\1z6b5p9rse2036.dll
c:\windows\system32\1z89dd5are938.ocx
c:\windows\system32\1z958troj5f0.dll
c:\windows\system32\1zc4sp95are241.dll
c:\windows\system32\207209pzmbo523c.cpl
c:\windows\system32\213z3tro957f.dll
c:\windows\system32\21453hackt9olzef.dll
c:\windows\system32\2161down5oader1993z.exe
c:\windows\system32\21680troj9d5z.exe
c:\windows\system32\2180szy9a5.ocx
c:\windows\system32\22390trz955.exe
c:\windows\system32\2239spy5are21z6.exe
c:\windows\system32\22796n5t9a-virusz65.exe
c:\windows\system32\23199ownlo5dzr309.bin
c:\windows\system32\23254v9ruz67c.ocx
c:\windows\system32\234359pambot38z.bin
c:\windows\system32\2359threaz166555.cpl
c:\windows\system32\2390z5orm93e.ocx
c:\windows\system32\23z79troj595.dll
c:\windows\system32\24191h59ktzol40c.bin
c:\windows\system32\24922not-9-z5rus262.dll
c:\windows\system32\249845p949az.exe
c:\windows\system32\25196trzj1679.ocx
c:\windows\system32\25520sp9zbot550.exe
c:\windows\system32\25531sp9mbotz55.cpl
c:\windows\system32\25555hacktooz5999.exe
c:\windows\system32\2559downzoader2278.cpl
c:\windows\system32\25796t5oj39z.cpl
c:\windows\system32\25999spy150z.cpl
c:\windows\system32\259ds9ezl727.cpl
c:\windows\system32\26298szy395.ocx
c:\windows\system32\2647zvir9s3f5.dll
c:\windows\system32\2652wzr53479.exe
c:\windows\system32\26541spamzot479.bin
c:\windows\system32\26657vi5us71z9.dll
c:\windows\system32\28055spamzo9256.exe
c:\windows\system32\28480not-a5vizu91a4.cpl
c:\windows\system32\28655zrojeb9.bin
c:\windows\system32\289zspy559.bin
c:\windows\system32\2925sparsz2859.bin
c:\windows\system32\294abackd5or510z.bin
c:\windows\system32\29565n5t-a9virus4z7.bin
c:\windows\system32\29583s5ambot7z5.exe
c:\windows\system32\29689zpa5bot2e9.ocx
c:\windows\system32\2990trojz25.ocx
c:\windows\system32\299badd5arez797.bin
c:\windows\system32\29abv592z16.bin
c:\windows\system32\29c7s9ywar5269z.bin
c:\windows\system32\2a45steal9z45.dll
c:\windows\system32\2ae4zpyware29715.dll
c:\windows\system32\2b55ad9warez250.bin
c:\windows\system32\2b96b5zkdoor3104.exe
c:\windows\system32\2d53spyw9re56z7.dll
c:\windows\system32\2dz59ddware2567.dll
c:\windows\system32\2dzdspyw9re5465.cpl
c:\windows\system32\2dzfbac59oor1660.cpl
c:\windows\system32\2f5aspyware689z.bin
c:\windows\system32\2z16stea5996.bin
c:\windows\system32\2z339p5459.dll
c:\windows\system32\2z55959y7bf.ocx
c:\windows\system32\2z834wo9560e.bin
c:\windows\system32\2z853troj2c89.ocx
c:\windows\system32\2z931wo9m1095.bin
c:\windows\system32\2z95s9eal1820.dll
c:\windows\system32\2zafbackdoo95837.ocx
c:\windows\system32\3009z5o9m365.bin
c:\windows\system32\30355w9rm2dz.ocx
c:\windows\system32\30553z5r928b.dll
c:\windows\system32\30595spamboz5e9.exe
c:\windows\system32\3059spy5d5z.exe
c:\windows\system32\31053s5amboz71c9.exe
c:\windows\system32\31422zpambo955b.bin
c:\windows\system32\31661w9z5453.cpl
c:\windows\system32\31941tr5j1z8.dll
c:\windows\system32\3196not-azvir5s1ac.cpl
c:\windows\system32\32153s95239z.exe
c:\windows\system32\32295s952fcz.ocx
c:\windows\system32\32485not-a5virzs9d.dll
c:\windows\system32\32546spy19z.cpl
c:\windows\system32\3259vir8z2.ocx
c:\windows\system32\32740hackto9z2955.dll
c:\windows\system32\33eb9hief172z5.exe
c:\windows\system32\34f39zyware1445.dll
c:\windows\system32\3674noz-a-vi5u92b9.ocx
c:\windows\system32\3785no9-a-virus3baz.ocx
c:\windows\system32\37bbdown5oazer9094.bin
c:\windows\system32\3955threaz32130.cpl
c:\windows\system32\3956spazs9449.exe
c:\windows\system32\3957sp556z.exe
c:\windows\system32\395czhief25979.dll
c:\windows\system32\3999z5r30.cpl
c:\windows\system32\39z1spyware27795.dll
c:\windows\system32\3a71baczdo9r513.cpl
c:\windows\system32\3c56thrza95645.ocx
c:\windows\system32\3d979teal159z.cpl
c:\windows\system32\3e59thze91829.dll
c:\windows\system32\3e9zbackd5or16539.exe
c:\windows\system32\3f26ad5ware935z.exe
c:\windows\system32\3f5ev59210z.bin
c:\windows\system32\3f8e5oznloade92683.ocx
c:\windows\system32\3z17addware5759.exe
c:\windows\system32\3z545spy919.exe
c:\windows\system32\3z90spars51630.bin
c:\windows\system32\3z959hreat6067.bin
c:\windows\system32\3z981spamb9td5.dll
c:\windows\system32\3ze15ir9615.ocx
c:\windows\system32\4057szeal12319.exe
c:\windows\system32\4059vzr1781.dll
c:\windows\system32\409dsp5zare199.exe
c:\windows\system32\41b7bac9d5or23z.dll
c:\windows\system32\423zte5l22329.bin
c:\windows\system32\42b15hreat22z97.ocx
c:\windows\system32\437zs9y735.bin
c:\windows\system32\4393zi9u5545.exe
c:\windows\system32\43d5dzwnlo9der2137.cpl
c:\windows\system32\43z9s9arse2557.ocx
c:\windows\system32\4451th5zf459.ocx
c:\windows\system32\449fsparsz7335.ocx
c:\windows\system32\4512spywa5e26z9.bin
c:\windows\system32\4577thrzat9936.bin
c:\windows\system32\47b9sparze2585.exe
c:\windows\system32\4823vir9956z.cpl
c:\windows\system32\4954hazkto59750.bin
c:\windows\system32\49bdad5ware9583z.dll
c:\windows\system32\4b5azir29929.cpl
c:\windows\system32\4d2asz5rse3299.ocx
c:\windows\system32\4d2zthie9545.ocx
c:\windows\system32\4ecddow5l9ader14z9.ocx
c:\windows\system32\4z565teal7169.ocx
c:\windows\system32\50105i9usz39.bin
c:\windows\system32\50485spy396z.exe
c:\windows\system32\506stealz890.exe
c:\windows\system32\5099zir793.bin
c:\windows\system32\509fthie599z9.ocx
c:\windows\system32\50z51s9y458.exe
c:\windows\system32\51dzspa5s93259.dll
c:\windows\system32\51f8thiefz199.exe
c:\windows\system32\52139rojz53.exe
c:\windows\system32\5219thze91854.bin
c:\windows\system32\52290spy379z.dll
c:\windows\system32\5237ha9kzool4e.dll
c:\windows\system32\52519szambot3e6.bin
c:\windows\system32\528fz9ief5670.dll
c:\windows\system32\52dc5ownloade95z4.bin
c:\windows\system32\52z10s9y4a9.exe
c:\windows\system32\5345b9zkdoor1894.exe
c:\windows\system32\5355z9ambot565.dll
c:\windows\system32\535bvir9z35.dll
c:\windows\system32\5392h9cktooz544.exe
c:\windows\system32\53e1bzckd95r1659.exe
c:\windows\system32\53z0h9cktool52b.cpl
c:\windows\system32\54cabac9doorz745.exe
c:\windows\system32\54z60tr9j65.ocx
c:\windows\system32\5538th9efz558.dll
c:\windows\system32\55390spy75z.exe
c:\windows\system32\5571azdware9969.ocx
c:\windows\system32\5573zir1990.ocx
c:\windows\system32\55998szyfa.exe
c:\windows\system32\559threaz32183.exe
c:\windows\system32\5611virz963.bin
c:\windows\system32\56479ownloader59z7.exe
c:\windows\system32\57070viruz291.cpl
c:\windows\system32\572zs9y7b.exe
c:\windows\system32\576avirz6709.cpl
c:\windows\system32\576ha5ktzo9247.cpl
c:\windows\system32\5835vir92z5.cpl
c:\windows\system32\5858downloader9689z.exe
c:\windows\system32\5866spywa9ez.cpl
c:\windows\system32\587c9ir1757z.bin
c:\windows\system32\5881vzr29159.dll
c:\windows\system32\5886d9wnloaderz2755.dll
c:\windows\system32\589a95wnloazer181.exe
c:\windows\system32\59474spambot4c6z.exe
c:\windows\system32\595edowzl9ader8335.dll
c:\windows\system32\595zthief1914.dll
c:\windows\system32\596aste5l301z.exe
c:\windows\system32\5990a5dwzre2853.exe
c:\windows\system32\59d9zteal5383.bin
c:\windows\system32\59fzv5r1178.ocx
c:\windows\system32\59z1threat28939.dll
c:\windows\system32\59z4backd9or577.dll
c:\windows\system32\5a53dzwnloader980.bin
c:\windows\system32\5ac0bazk9oo51830.bin
c:\windows\system32\5c19threa5z8798.ocx
c:\windows\system32\5c919ackd5or1z65.dll
c:\windows\system32\5ccc9zief1021.bin
c:\windows\system32\5e70addwaze2910.exe
c:\windows\system32\5effzt5al497.cpl
c:\windows\system32\5fz359dware2617.exe
c:\windows\system32\5z5d5ownload9r536.ocx
c:\windows\system32\5z815ackdo9r3207.ocx
c:\windows\system32\5zcth9eat19589.cpl
c:\windows\system32\602fazdwar932245.bin
c:\windows\system32\60zbt9r5at28253.exe
c:\windows\system32\6120backdo9r2759z.bin
c:\windows\system32\622adownload59z050.dll
c:\windows\system32\6365virus4a9z.ocx
c:\windows\system32\63z9vir1185.cpl
c:\windows\system32\63zsp5rse32309.exe
c:\windows\system32\6499t5ief1798z.exe
c:\windows\system32\65485hrezt30792.cpl
c:\windows\system32\65495aczdoor223.cpl
c:\windows\system32\65b9stealz25.exe
c:\windows\system32\65b9threat8229z.bin
c:\windows\system32\65fz5hreat9038.cpl
c:\windows\system32\65z5t9oj55e.cpl
c:\windows\system32\6625zir9s23f.exe
c:\windows\system32\67129owzl5ader2812.exe
c:\windows\system32\67f9downlzad5r1005.ocx
c:\windows\system32\693caddwzre5760.exe
c:\windows\system32\695bs9eal2z20.dll
c:\windows\system32\6bc2zownl5ader32429.cpl
c:\windows\system32\6cd89pywarez541.cpl
c:\windows\system32\6db5ba59dozr473.cpl
c:\windows\system32\6eazst5al2950.cpl
c:\windows\system32\7019doznloade51853.cpl
c:\windows\system32\709zth9ef257.ocx
c:\windows\system32\719bs9ywaz52513.ocx
c:\windows\system32\71c5hreatz8967.cpl
c:\windows\system32\73205ow9zoader845.bin
c:\windows\system32\73bfs9ars5z796.cpl
c:\windows\system32\748zsparse5938.dll
c:\windows\system32\7499t9r5at5657z.dll
c:\windows\system32\7499wo5928z.bin
c:\windows\system32\7535spa9sz899.exe
c:\windows\system32\75679pzrse662.exe
c:\windows\system32\7635zr954d7.dll
c:\windows\system32\765tz9ef2199.dll
c:\windows\system32\7792zir9525.ocx
c:\windows\system32\789athiz5885.exe
c:\windows\system32\7ade9tealz785.cpl
c:\windows\system32\7e0zpars9853.exe
c:\windows\system32\7e55adzware17969.exe
c:\windows\system32\7ec45hreat3019z.cpl
c:\windows\system32\7ee2downloa9er2150z.bin
c:\windows\system32\7ez5threat2594.bin
c:\windows\system32\8098t9oj554z.ocx
c:\windows\system32\859795rm70z.cpl
c:\windows\system32\8847s59mzot173.dll
c:\windows\system32\8dzsp5rse2695.exe
c:\windows\system32\8z09ir2553.exe
c:\windows\system32\91505acktzo9543.cpl
c:\windows\system32\91715or935z.bin
c:\windows\system32\91aba9kdoo59z.ocx
c:\windows\system32\92252worm58z.cpl
c:\windows\system32\9320h5cztool178.dll
c:\windows\system32\93545not-5-vizus16f.exe
c:\windows\system32\945cthreat232z1.dll
c:\windows\system32\94z57troj5a0.bin
c:\windows\system32\9503virz589.ocx
c:\windows\system32\9506spambot57z.ocx
c:\windows\system32\95522spazbot1dc.bin
c:\windows\system32\9565zworm500.ocx
c:\windows\system32\9575thz5at7493.ocx
c:\windows\system32\9589tzoj55e.cpl
c:\windows\system32\95z95parse555.dll
c:\windows\system32\964605pyzdd.exe
c:\windows\system32\96685hreat22z69.exe
c:\windows\system32\96b8zhrea55523.dll
c:\windows\system32\9706z5ot-a-virus721.cpl
c:\windows\system32\9720z5y198.ocx
c:\windows\system32\975threat2z179.cpl
c:\windows\system32\977925orz591.bin
c:\windows\system32\97ca5ackdooz1615.dll
c:\windows\system32\98203spamb5z6c8.cpl
c:\windows\system32\98722wor5ez.bin
c:\windows\system32\9886zvir5s6c5.dll
c:\windows\system32\9a265ownlzader834.cpl
c:\windows\system32\9bb2vzr515.bin
c:\windows\system32\9c4dtz5ef2730.ocx
c:\windows\system32\9z25sparse2767.ocx
c:\windows\system32\9z5fspa5se755.bin
c:\windows\system32\b52th9ef1924z.ocx
c:\windows\system32\d2dzh9eat25477.dll
c:\windows\system32\e06th5zat20943.bin
c:\windows\system32\e28tzr9at3335.ocx
c:\windows\system32\f29st9zl5135.exe
c:\windows\system32\z0479troj259.exe
c:\windows\system32\z059sparse1416.ocx
c:\windows\system32\z1d959ckdoor938.bin
c:\windows\system32\z3a5thi9f2395.exe
c:\windows\system32\z4545tro9b5.exe
c:\windows\system32\z571795y4fc.bin
c:\windows\system32\z594th5ea910716.cpl
c:\windows\system32\z595sparse547.dll
c:\windows\system32\z649759rm55.bin
c:\windows\system32\z7171tro59b9.ocx
c:\windows\system32\z9086sp5384.exe
c:\windows\system32\z9409troj6f5.bin
c:\windows\system32\z950v9rus355.exe
c:\windows\system32\z995ir1990.exe
c:\windows\system32\zc55ba9kdoor661.exe
c:\windows\system32\zda8v9r22855.cpl
c:\windows\system32\ze5astea97475.cpl
c:\windows\z02f59yware918.exe
c:\windows\z051spam9ot250.cpl
c:\windows\z059thi9f32105.exe
c:\windows\z097thief1573.dll
c:\windows\z0d4thi9f577.cpl
c:\windows\z1525tr9j57f.exe
c:\windows\z339t9ief959.bin
c:\windows\z3635s9y3475.bin
c:\windows\z4609troj7395.exe
c:\windows\z5007tr9j62c.bin
c:\windows\z5291wor9605.dll
c:\windows\z52thr9at10352.dll
c:\windows\z53asteal27929.bin
c:\windows\z5549s5978f.cpl
c:\windows\z58ddownloade92836.dll
c:\windows\z599ste5l3169.exe
c:\windows\z6079ownloade52314.ocx
c:\windows\z619vir25925.cpl
c:\windows\z67795py329.exe
c:\windows\z6997hacktool755.ocx
c:\windows\z69spy255.ocx
c:\windows\z742tr9554b.cpl
c:\windows\z9319v5r9s6b5.dll
c:\windows\z955irus2a2.dll
c:\windows\za4e95ief1883.cpl
c:\windows\za59bac5door67.exe
c:\windows\zb23s9yware20725.cpl
c:\windows\zb5threa529538.bin
c:\windows\zf24backdoor5928.bin
c:\windows\zf3vi915535.bin
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GXVXCSERV.SYS
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-07 16:08 . 2009-09-07 16:08 -------- d-----w- C:\rsit
2009-09-07 14:59 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 14:59 . 2009-09-07 14:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 14:59 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 15:51 . 2009-09-05 15:51 -------- d-----w- c:\documents and settings\Administrator.D5QHBK51.000\Local Settings\Application Data\Mozilla
2009-08-21 18:16 . 2009-08-21 18:16 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-08-21 18:16 . 2009-08-21 18:16 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-08-21 18:16 . 2007-06-24 02:58 25600 ----a-w- c:\documents and settings\HelpAssistant\usbsermptxp.sys
2009-08-21 18:16 . 2007-06-24 02:58 22768 ----a-w- c:\documents and settings\HelpAssistant\usbsermpt.sys
2009-08-21 18:16 . 2009-08-30 14:46 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-08-21 18:14 . 2007-06-24 02:58 9232 ----a-w- c:\documents and settings\HelpAssistant\mqdmmdfl.sys
2009-08-21 18:14 . 2007-06-24 02:58 92064 ----a-w- c:\documents and settings\HelpAssistant\mqdmmdm.sys
2009-08-21 18:14 . 2007-06-24 02:58 79328 ----a-w- c:\documents and settings\HelpAssistant\mqdmserd.sys
2009-08-21 18:14 . 2007-06-24 02:58 66656 ----a-w- c:\documents and settings\HelpAssistant\mqdmbus.sys
2009-08-21 18:14 . 2007-06-24 02:58 6208 ----a-w- c:\documents and settings\HelpAssistant\mqdmcmnt.sys
2009-08-21 18:14 . 2007-06-24 02:58 5936 ----a-w- c:\documents and settings\HelpAssistant\mqdmwhnt.sys
2009-08-21 18:14 . 2007-06-24 02:58 4048 ----a-w- c:\documents and settings\HelpAssistant\mqdmcr.sys
2009-08-21 18:10 . 2009-09-10 01:41 -------- d-----w- c:\documents and settings\HelpAssistant
2009-08-20 02:55 . 2009-08-20 02:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\MediaMonkey
2009-08-17 23:28 . 2009-08-17 23:28 -------- d-----w- c:\documents and settings\Derek M. Divito\Local Settings\Application Data\PCHealth
2009-08-17 08:17 . 2009-08-17 08:18 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-17 08:17 . 2009-08-17 08:17 -------- d-----w- c:\program files\MSBuild
2009-08-17 08:17 . 2009-08-17 08:17 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 08:16 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-17 08:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-17 08:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-17 08:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-17 08:16 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-17 08:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-17 08:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-17 08:10 . 2009-08-17 08:10 -------- d-----w- c:\program files\MSXML 6.0
2009-08-16 18:04 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-16 18:04 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-16 18:04 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-16 18:04 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-16 18:04 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-16 18:04 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-08-16 18:04 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-16 18:04 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-08-16 18:04 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-16 18:04 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-16 18:00 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-16 17:59 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-16 15:45 . 2009-08-16 15:45 -------- d-----w- c:\documents and settings\Administrator.D5QHBK51.000\Application Data\Malwarebytes
2009-08-16 13:35 . 2009-08-16 13:35 -------- d-----w- c:\program files\Trend Micro
2009-08-16 13:03 . 2009-08-16 13:03 -------- d-----w- c:\program files\EMCO
2009-08-15 14:29 . 2009-08-15 14:29 -------- d-----w- c:\documents and settings\Derek M. Divito\Application Data\Malwarebytes
2009-08-15 14:29 . 2009-08-15 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 15:45 . 2008-07-16 02:23 -------- d-----w- c:\documents and settings\Derek M. Divito\Application Data\uTorrent
2009-08-18 01:45 . 2009-05-26 02:47 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-18 01:45 . 2009-05-26 01:41 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-18 01:27 . 2007-10-06 04:16 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-17 08:41 . 2008-03-20 01:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-16 13:06 . 2005-03-16 02:06 -------- d-----w- c:\program files\AWS
2009-08-15 02:35 . 2008-07-16 02:23 -------- d-----w- c:\program files\uTorrent
2009-08-05 09:11 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2002-08-29 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-11 06:45 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 15:59 . 2004-02-06 23:05 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-04 07:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 08:44 . 2004-03-30 01:48 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-03-30 01:48 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2002-08-29 10:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2002-08-29 10:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2002-08-29 10:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2002-08-29 10:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:34 . 2002-08-29 10:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2002-08-29 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"Google Update"="c:\documents and settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-11 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"CommunityTray"="c:\program files\VTech\Community\System\Startup.exe" [2008-03-15 11776]
"Dell AIO Printer A960"="c:\program files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"FPCCSMiddleware"="c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe" [2008-10-11 538432]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-18 520024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Motorola\\RSD Lite\\SDL.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\VTech\\Community\\System\\PCTray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/25/2009 8:41 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/25/2009 10:00 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/25/2009 10:00 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/22/2007 10:21 PM 24652]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\SYSTEM32\DRIVERS\vacs2xkd.sys [9/14/2008 3:57 PM 42880]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\SYSTEM32\DRIVERS\ASPI32.SYS [9/28/2007 9:22 PM 16512]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:44]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006Core.job
- c:\documents and settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-03 03:40]

2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006UA.job
- c:\documents and settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-03 03:40]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
DPF: {54EABC7D-40DC-4667-8517-F42D00540342} - hxxp://roocast.umkc.edu/tegrity/_Player/1.0/Code/DRMActiveX.CAB
FF - ProfilePath - c:\documents and settings\Derek M. Divito\Application Data\Mozilla\Firefox\Profiles\yo7ok7pa.default\
FF - plugin: c:\documents and settings\Derek M. Divito\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Derek M. Divito\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCE08D86A-A41A-410A-943C-13BABB7DC474", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9EDC9ED-603A-4F3F-BBEA-59C8853A3236", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID90D10942-D952-4863-9DD6-A2BDBBAD456E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0ECEE744-7B69-4912-AB91-AE76D61ECB04", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF25635B2-1AB9-47B5-88D1-8877B22C86DE", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID27B7F812-4159-45B9-A389-B7A118A58DE4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF849DF29-393B-4F8B-99D1-117A70D66FC7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBF1E9C3D-637C-4171-BD12-28A7360B879A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDDE1C0601-7947-4D7F-A6E5-E68BF6BA1E37", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EA0DCCE-4D98-4876-9C6A-E5C563D0820A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID446462BA-2AAD-4C88-BC63-5210E2F31465", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0862E368-A40E-4E55-83EB-FBC5571BABA4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDD2A96E3C-FFB3-4D38-9AC3-B127527BEA35", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4B05B39A-9DDC-4650-A7F8-D5B134E5FFE5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC8E2574A-7BCE-4B93-A22E-61831DFD6DB8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID659796C0-8B5D-48D7-A4EB-7E6874E26274", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID78071AB5-E729-414E-8D02-9C1D034F82E7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDCC3F71E1-17F3-4C5B-997D-44CA56943197", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE67D5C78-B2D4-4BA0-8D69-1C7AF4BB08B5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFC5F3D7A-D321-412C-8A5D-9AD0C8041941", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6EC5CD16-81BC-4515-9EDD-9265C906F56E", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID67CFB2C5-E491-4395-977B-CD45E4124655", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID73600569-52E6-4760-8BAB-B68202937D98", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB02EBD42-6885-401A-9389-E089F7DDC872", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDBAE5CB8C-4075-4743-B2E4-78DA8D8CDC64", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID28B07B04-DA99-4FD3-BF27-4972F2B8142B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D53448F-D12B-4102-8CE2-697DAE8D6643", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE3266A47-A141-47B8-AAA8-5F16FB4F8CCD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB33AB7AF-76D7-4B1C-B709-5D6BF9E7B1C7", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID153B7451-0BB5-4B37-95C0-44D89E2F1F2B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID3BBE8E21-0D3D-4BAA-AC6F-C7BCEF750849", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9B5B4F2D-A7D9-4329-B0FE-92B301A8CAAD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA5C42921-8CD0-4924-97C3-01B5B0610BC6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID06969252-F90F-4CF2-9074-33772EB64859", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFBF37655-1236-4C0D-96C5-F94E1724841B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDC1A3F035-B68F-4B2B-9FD5-E36DAAAF26DD", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID368F3685-543E-4812-9FDE-96E097E453FC", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID43969873-56AA-4113-84CB-4AB2AEB9AA31", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA205DD80-63D4-4E41-B785-26EC3D90B97B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID068D43E7-7551-4A2F-AE96-4A38A9AD1953", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF443E9CB-9EEC-456E-8AE7-F3102D5CD47D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDE36A7B16-645D-4261-BFF8-3A7E69C5F7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID379805E3-E0E2-40DC-B51B-6DC1AE5802AA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDF6240D69-A06D-44A1-8003-8496CCEF2C53", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID26C3113D-5A71-4F1B-A2CB-BE59E1279DDA", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID92B97F2B-7565-4CE9-9AC7-0598DFD731F8", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID2AA5E7CF-9696-42F0-B76A-8655296EADF2", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0AAACE0B-ACEF-4781-83F4-BFB52EEC995A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID0D56FF58-A39D-4E8C-A40B-2E3711251772", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID946121C2-11F1-49DD-A7E3-CF793DE827A4", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDB853303D-1BAB-43F3-9D7D-101D0DA8E7A5", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID9E578247-FE29-4F8C-8202-A24A5688CF2A", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6D065A8F-FFC0-4A0F-B863-1D724B8C786B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4451D291-6940-42CE-9D3C-CA1D4C96549C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID064B722D-079D-4EBB-B3CF-9FCBF64FFF5D", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID38F8AB0F-5DFB-43D9-889E-8717CC4AB59B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID4EC68CD1-0EF1-4CB9-9EF1-3D64AB266149", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID44F96B27-CFAD-41E1-83A1-6B28040C3BDE", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 20:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Dell AIO Printer A960\dlbfbmon.exe
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-10 20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 01:55

Pre-Run: 16,892,223,488 bytes free
Post-Run: 17,916,858,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

1005 --- E O F --- 2009-09-03 08:01

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 10 September 2009 - 06:53 PM

Hello,

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


Please copy the contents of the code box below, open notepad and paste it there. On the top toolbar in notepad select file, then save as.
In the box that opens type in Regfix.reg for the file name. Right below that click the down arrow in the line for "save as" and select
all files. Save this to your desktop and close notepad.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000000

Now locate Regfix.reg on your desktop and double click it. Select Yes when it prompts you, then Ok.

Next

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Then please post back here with a new Rsit log.

Thanks

unite.jpg


#9 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 10 September 2009 - 09:28 PM

Thank you..all procedures were done with no problems
Here is my new RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Derek M. Divito at 2009-09-10 21:22:24
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (45%) free of 38 GB
Total RAM: 510 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:05 PM, on 9/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\VTech\Community\System\PCTray.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Derek M. Divito\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Derek M. Divito.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CommunityTray] "C:\Program Files\VTech\Community\System\Startup.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {25FD7375-AB50-4EE1-8D4E-F76ECAC680B2} (CPlayFirstC4CControl Object) - http://www.playfirst.com/play/game/connect...4C.1.0.0.50.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {54EABC7D-40DC-4667-8517-F42D00540342} (DRMActiveXControl Class) - http://roocast.umkc.edu/tegrity/_Player/1..../DRMActiveX.CAB
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://usfulfillment.puretracks.com/onager.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.playfirst.com/play/game/dinerda...h2.1.0.0.67.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://l.yimg.com/jh/games/web_games/sony/...loadControl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2683760852-2610574806-3532698304-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"IPInSightLAN 01"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe [2003-06-11 380928]
"IPInSightMonitor 01"=C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [2003-06-11 122880]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-01-11 155648]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"CommunityTray"=C:\Program Files\VTech\Community\System\Startup.exe [2008-03-15 11776]
"Dell AIO Printer A960"=C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe [2003-09-21 270336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"FPCCSMiddleware"=C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe [2008-10-10 538432]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-08-17 520024]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-12-22 222080]
"Google Update"=C:\Documents and Settings\Derek M. Divito\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-02 133104]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\Motorola\RSD Lite\SDL.exe"="C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Disabled:SDL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\VTech\Community\System\PCTray.exe"="C:\Program Files\VTech\Community\System\PCTray.exe:*:Disabled:Vtech local server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-09-10 21:21:07 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-10 21:21:07 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-09-10 21:21:06 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-10 21:21:06 ----A---- C:\WINDOWS\system32\java.exe
2009-09-10 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-10 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-09 20:56:30 ----A---- C:\ComboFix.txt
2009-09-09 20:06:21 ----A---- C:\Boot.bak
2009-09-09 20:06:12 ----RASHD---- C:\cmdcons
2009-09-09 19:58:50 ----A---- C:\WINDOWS\zip.exe
2009-09-09 19:58:50 ----A---- C:\WINDOWS\SWREG.exe
2009-09-09 19:58:50 ----A---- C:\WINDOWS\PEV.exe
2009-09-09 19:58:50 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-09 19:58:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-09 19:58:49 ----A---- C:\WINDOWS\SWSC.exe
2009-09-09 19:58:49 ----A---- C:\WINDOWS\sed.exe
2009-09-09 19:58:49 ----A---- C:\WINDOWS\grep.exe
2009-09-09 19:58:33 ----D---- C:\WINDOWS\ERDNT
2009-09-09 19:57:55 ----AD---- C:\Qoobox
2009-09-07 11:08:26 ----D---- C:\rsit
2009-09-07 09:59:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-03 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-26 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-18 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-18 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-08-17 03:34:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-17 03:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-17 03:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-08-17 03:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-17 03:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-17 03:29:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-17 03:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-17 03:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-17 03:17:59 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-17 03:17:51 ----D---- C:\Program Files\MSBuild
2009-08-17 03:17:35 ----D---- C:\Program Files\Reference Assemblies
2009-08-17 03:16:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-17 03:16:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-17 03:16:38 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-17 03:10:15 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-08-17 03:10:01 ----D---- C:\Program Files\MSXML 6.0
2009-08-17 03:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-17 03:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-17 03:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-17 03:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-17 03:06:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-17 03:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-17 03:06:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-17 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-17 03:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-17 03:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-17 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-17 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-17 03:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-17 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-16 19:41:02 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-16 08:35:14 ----D---- C:\Program Files\Trend Micro
2009-08-16 08:03:58 ----D---- C:\Program Files\EMCO
2009-08-15 09:29:48 ----D---- C:\Documents and Settings\Derek M. Divito\Application Data\Malwarebytes
2009-08-15 09:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

======List of files/folders modified in the last 1 months======

2009-09-10 21:22:13 ----D---- C:\WINDOWS\Prefetch
2009-09-10 21:21:39 ----SHD---- C:\WINDOWS\Installer
2009-09-10 21:21:38 ----D---- C:\Config.Msi
2009-09-10 21:21:07 ----D---- C:\WINDOWS\SYSTEM32
2009-09-10 21:18:49 ----D---- C:\Program Files\Java
2009-09-10 21:13:49 ----D---- C:\Program Files\Mozilla Firefox
2009-09-10 21:09:33 ----D---- C:\WINDOWS\Temp
2009-09-10 21:07:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-10 21:04:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-10 20:26:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-09-10 20:26:01 ----AD---- C:\Program Files
2009-09-10 17:57:59 ----D---- C:\WINDOWS
2009-09-10 03:11:53 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 03:02:44 ----HD---- C:\WINDOWS\INF
2009-09-10 03:02:42 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-10 03:02:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 03:02:34 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 20:56:40 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-09 20:42:21 ----A---- C:\WINDOWS\system.ini
2009-09-09 20:37:45 ----D---- C:\WINDOWS\system32\CONFIG
2009-09-09 20:30:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-09 20:24:05 ----D---- C:\WINDOWS\AppPatch
2009-09-09 20:23:55 ----D---- C:\Program Files\Common Files
2009-09-09 20:06:21 ----RASH---- C:\BOOT.INI
2009-09-05 10:54:15 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-05 10:45:02 ----D---- C:\Documents and Settings\Derek M. Divito\Application Data\uTorrent
2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-21 21:44:42 ----D---- C:\WINDOWS\Minidump
2009-08-21 13:10:13 ----D---- C:\Documents and Settings
2009-08-21 04:46:35 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-18 03:11:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-18 03:11:24 ----RSD---- C:\WINDOWS\assembly
2009-08-18 03:07:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-17 20:46:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-17 20:45:47 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-17 20:29:53 ----A---- C:\WINDOWS\WIN.INI
2009-08-17 20:29:29 ----D---- C:\Program Files\Windows Media Player
2009-08-17 20:27:26 ----D---- C:\WINDOWS\Help
2009-08-17 20:27:26 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-17 18:25:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-17 03:41:27 ----D---- C:\WINDOWS\system32\WBEM
2009-08-17 03:30:28 ----D---- C:\Program Files\Internet Explorer
2009-08-17 03:24:46 ----D---- C:\WINDOWS\WinSxS
2009-08-17 03:17:54 ----D---- C:\WINDOWS\system32\en-US
2009-08-17 03:17:45 ----RSD---- C:\WINDOWS\Fonts
2009-08-17 03:17:02 ----D---- C:\WINDOWS\system32\SPOOL
2009-08-17 03:12:34 ----D---- C:\WINDOWS\system32\MUI
2009-08-17 03:05:46 ----D---- C:\Program Files\Outlook Express
2009-08-17 03:03:26 ----D---- C:\WINDOWS\Debug
2009-08-16 08:06:06 ----D---- C:\Program Files\AWS
2009-08-14 21:35:50 ----D---- C:\Program Files\uTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16512]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-01-22 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2002-03-26 6016]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
S3 a5o7m8hf;a5o7m8hf; C:\WINDOWS\system32\drivers\a5o7m8hf.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 SECYPUSB;SAMSUNG YEPP; C:\WINDOWS\System32\Drivers\SECYEPPX.sys [2002-08-26 38316]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 25600]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2006-07-15 22768]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-10 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-17 1029456]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 11 September 2009 - 05:58 PM

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Posted Image

Next

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Then please post back here with the ESET log.

Thanks

unite.jpg


#11 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 11 September 2009 - 11:54 PM

I ran ESET and it stated that no threats were found.
This was the second time I ran the scan.
The first time I ran this scan, I had to leave the computer for a while. When I returned I had the "blue screen" and it said it was beginning physical dump of memory. I remember reading that. but there was also a lot of stuff on the screen. Im sorry I wasnt able to copy.
I hope this doesnt affect the status of my problem(s)
Thank you

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 11 September 2009 - 11:59 PM

I don't see any other problems, how are things running now? If you get another crash please note down any information.

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.

Once you have updated please post a new DDS log.

Cheers.

unite.jpg


#13 Double D

Double D
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 13 September 2009 - 10:27 AM

That is part of my probelm. IE will not work for me, it opens up but then just freezes (not responding). IE7, WMP, Outlook all do this. I know this isnt the right forum for this problem, but I cant install SP3, since windows.update.com, can only be used in IE, and not FireFox.
Thank you for all your previous assistance.

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:28 PM

Posted 13 September 2009 - 10:16 PM

Ok, please update Malwarebytes and do a new scan, also run another scan with DDS and post the logs. If nothing shows up then I think you
would be better posting in another forum to get help with these issues.

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:28 PM

Posted 18 September 2009 - 06:27 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users