Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Vimax malware - please help


  • This topic is locked This topic is locked
20 replies to this topic

#1 kkmd

kkmd

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 14 September 2009 - 11:56 PM

Hi,
I posted a topic on this forum on Sunday, 9/13 entitled "Infected with Vimax malware and can't run dds or RootRepeal". It got moved to a the "Am I infected?" forum and garmanma suggested I try to run Win32kDiag. That also didn't work. He then suggested that I try to run OTL, post the logs here and tell you that this is all I could run. So, OTL did run. Here are the two logs it created:

OTL.txt:

OTL logfile created on: 9/14/2009 9:41:43 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\MasterUser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

1022.09 Mb Total Physical Memory | 402.79 Mb Available Physical Memory | 39.41% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.70 Gb Total Space | 40.84 Gb Free Space | 28.23% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASTER
Current User Name: MasterUser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/06/26 11:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
PRC - [2009/02/14 16:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2003/12/05 21:08:04 | 00,050,688 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PRC - [2004/06/29 10:23:32 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
PRC - [2004/08/13 00:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/06/10 12:56:29 | 01,442,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/06/10 12:56:31 | 01,406,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/08/18 16:26:26 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/06/23 11:48:12 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTHELPER.EXE
PRC - [2006/06/26 10:46:04 | 00,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/06/26 11:33:32 | 00,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 11:34:40 | 00,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/13 06:00:00 | 00,182,272 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
PRC - [2009/03/04 19:08:39 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/07 16:53:07 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/01/11 04:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2004/06/29 10:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
PRC - [2007/01/08 16:08:10 | 00,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2004/09/20 14:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2009/08/07 16:53:11 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2006/06/26 11:34:58 | 00,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2009/08/07 16:53:11 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/09/12 14:43:56 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/14 21:40:29 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MasterUser\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/07 16:53:07 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/15 11:25:20 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service [On_Demand | Stopped])
SRV - [1999/12/13 08:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2009/02/14 16:29:14 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService [Auto | Running])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/01/11 04:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2007/06/12 18:20:57 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/01 17:52:25 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/06/29 10:22:56 | 00,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe -- (IAANTMon [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/06/26 11:33:42 | 00,099,888 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2006/06/26 11:33:56 | 00,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2006/02/20 15:23:08 | 00,495,616 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcycoms.exe -- (lxcy_device [On_Demand | Stopped])
SRV - [2007/01/08 16:08:10 | 00,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/09/20 14:09:00 | 00,127,043 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2008/11/10 13:23:38 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [Auto | Running])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 11:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2006/10/05 11:51:58 | 00,043,672 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2008/04/13 11:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/08/07 16:53:36 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/07 16:53:35 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/07 16:53:36 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/05/29 16:41:54 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2004/05/25 03:01:00 | 00,300,928 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2009/06/23 13:34:30 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2009/06/23 13:34:30 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2009/06/23 13:36:14 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2009/06/23 13:36:24 | 00,528,408 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2009/06/23 13:34:40 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2009/06/23 13:34:40 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])
DRV - [2009/06/23 13:36:36 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2009/06/23 13:35:04 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2009/06/23 13:35:04 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2009/06/23 13:37:22 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2009/06/23 13:34:52 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2009/06/23 13:34:52 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])
DRV - [2009/06/23 13:37:32 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/08/04 02:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/08/13 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/06/23 13:37:54 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2006/06/22 16:29:48 | 00,020,272 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Running])
DRV - [2008/04/14 00:15:30 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/06/23 13:38:06 | 00,798,744 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2009/06/23 13:38:16 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2009/06/23 13:38:26 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2003/11/17 14:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Stopped])
DRV - [2003/11/17 14:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2004/06/29 10:17:16 | 00,477,952 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2005/09/20 18:27:20 | 00,010,368 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
DRV - [2004/09/30 01:27:00 | 00,016,880 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2006/06/26 11:33:28 | 01,587,632 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys -- (Lvckap [On_Demand | Running])
DRV - [2006/06/26 11:33:36 | 01,952,816 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Running])
DRV - [2006/06/22 16:29:42 | 01,413,424 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Running])
DRV - [2006/06/26 11:33:40 | 00,023,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2006/06/22 16:29:48 | 00,038,960 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2006/06/22 16:29:48 | 00,961,072 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Running])
DRV - [2006/08/16 09:23:46 | 00,021,888 | ---- | M] (M-Audio) -- C:\WINDOWS\System32\drivers\ma_cmidi.sys -- (MA_CMIDI [On_Demand | Stopped])
DRV - [2007/02/14 21:13:20 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2008/04/13 11:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2003/10/15 17:07:38 | 00,012,288 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\mtdv2ku2.sys -- (MTDVC2 [On_Demand | Stopped])
DRV - [2003/10/11 08:39:52 | 00,011,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\mtdv2ks2.sys -- (MTDVC2_ENUM [On_Demand | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2004/09/20 14:09:00 | 02,738,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2009/06/23 13:37:10 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/03/17 21:59:56 | 00,046,944 | ---- | M] (FotoNation Ltd.) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (PentaxUsb [On_Demand | Stopped])
DRV - [2002/09/09 11:53:50 | 00,017,018 | ---- | M] (Intellon, Inc.) -- C:\WINDOWS\System32\PLCNDIS5.SYS -- (PLCNDIS5 [On_Demand | Stopped])
DRV - [2008/06/10 13:04:26 | 00,031,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2004/02/27 17:40:20 | 00,093,184 | ---- | M] (Digital Dream Co Europe Ltd ) -- C:\WINDOWS\System32\drivers\STVles.sys -- (STVles [On_Demand | Stopped])
DRV - [2004/02/27 17:40:22 | 00,006,144 | ---- | M] (Digital Dream Co Europe Ltd ) -- C:\WINDOWS\System32\drivers\STVlesm.sys -- (STVlesm [On_Demand | Stopped])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/08/13 00:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/08/13 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 11:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2003/11/17 14:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/09/12 18:32:04 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/07 16:53:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/08/07 16:53:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 21:02:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/12 14:44:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 14:44:00 | 00,000,000 | ---D | M]

[2009/03/15 01:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Extensions
[2008/07/26 12:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/15 01:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/09/14 20:47:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Firefox\Profiles\xqzf8322.default\extensions
[2009/08/10 14:13:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Firefox\Profiles\xqzf8322.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/12 17:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\MasterUser\Application Data\mozilla\Firefox\Profiles\xqzf8322.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/30 19:49:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 14:44:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/12 14:43:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 14:43:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/12 14:43:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/03/09 00:03:10 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/09 00:03:10 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/09 13:57:44 | 00,001,490 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/03/09 00:03:10 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/09 00:03:10 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/09 00:03:10 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/02 23:07:06 | 00,002,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SafeSearch.xml
[2009/03/09 00:03:10 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
O4 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005..\RunOnce: [] C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE File not found
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008/05/24 17:26:40 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\MasterUser\Start Menu\Programs\Startup\AutorunsDisabled [2008/05/24 17:07:15 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shock...h/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl..._4_0_01-win.cab (Java Plug-in 1.4.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/games/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.215.64.14 24.205.1.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.157,85.255.112.63
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2783961754-768521223-4200969722-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{381e5aed-c87f-11dc-ac50-000f66e61d8a}\Shell - "" = AutoRun
O33 - MountPoints2\{381e5aed-c87f-11dc-ac50-000f66e61d8a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{381e5aed-c87f-11dc-ac50-000f66e61d8a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8b3b2c36-901e-11dd-aeb4-000f66e61d8a}\Shell - "" = AutoRun
O33 - MountPoints2\{8b3b2c36-901e-11dd-aeb4-000f66e61d8a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8b3b2c36-901e-11dd-aeb4-000f66e61d8a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a22cf1fd-49dd-11dd-adfe-000f66e61d8a}\Shell\AutoRun\command - "" = E:\PMB_P.exe -- File not found
O33 - MountPoints2\{d91d4286-13a1-11dd-ad35-000f66e61d8a}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/14 21:40:24 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MasterUser\Desktop\OTL.exe
[2009/09/13 20:00:43 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\Win32kDiag.exe
[2009/09/12 16:04:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/09/12 16:04:52 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/09/12 15:00:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MasterUser\My Documents\Bunch of Files
[2009/09/12 13:12:53 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\settings.dat
[2009/09/12 13:12:09 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\MasterUser\Desktop\RootRepeal.exe
[2009/09/12 13:11:24 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\dds(2).scr
[2009/09/12 13:02:05 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\dds.scr
[2009/09/08 01:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MasterUser\Local Settings\Application Data\PCHealth
[2009/09/07 15:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2009/09/07 15:46:43 | 08,499,200 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\MasterUser\Desktop\cbSetup8.exe
[2009/09/07 15:20:19 | 08,060,048 | ---- | C] (PC Tools ) -- C:\Documents and Settings\MasterUser\Desktop\rminstall.exe
[2009/09/07 14:34:36 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MasterUser\Desktop\HijackThis.exe
[2009/09/07 14:33:59 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MasterUser\Desktop\HijackThisInstaller.exe
[2009/09/07 14:11:22 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/07 14:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/09/07 14:05:39 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\WindowsDefender(2).msi
[2009/09/07 13:53:47 | 00,017,214 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\WindowsDefender.msi
[2009/09/07 13:51:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\AROTrial_bt.exe
[2009/09/07 11:15:48 | 01,656,933 | ---- | C] () -- C:\Documents and Settings\MasterUser\Desktop\pc-decrapifier-2.0.0.exe
[2009/08/16 15:19:10 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/06/23 12:29:50 | 00,049,719 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/06/23 12:29:48 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/06/23 11:51:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/06/23 11:49:14 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/03/28 11:13:45 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/03/28 11:12:34 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2008/05/24 13:37:45 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/04/22 16:48:41 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2008/04/02 19:24:16 | 00,000,487 | ---- | C] () -- C:\WINDOWS\SETTINGS.INI
[2008/03/17 17:19:46 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2007/12/27 08:14:07 | 00,000,116 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2007/10/15 11:58:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcyvs.dll
[2007/10/15 11:58:52 | 00,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyinpa.dll
[2007/10/15 11:58:52 | 00,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyiesc.dll
[2007/10/15 11:58:51 | 00,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcycoin.dll
[2007/10/15 11:58:38 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcydrs.dll
[2007/10/15 11:58:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcycaps.dll
[2007/10/15 11:58:38 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcycnv4.dll
[2007/10/15 11:58:29 | 01,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyserv.dll
[2007/10/15 11:58:29 | 00,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyusb1.dll
[2007/10/15 11:58:29 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyhbn3.dll
[2007/10/15 11:58:29 | 00,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomc.dll
[2007/10/15 11:58:29 | 00,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcylmpm.dll
[2007/10/15 11:58:29 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcycomm.dll
[2007/10/15 11:58:29 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lxcyinst.dll
[2007/10/15 11:58:29 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcyprox.dll
[2007/10/15 11:58:29 | 00,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcypplc.dll
[2007/08/29 14:02:56 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007/06/12 18:29:42 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/05/08 16:55:34 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/26 10:53:52 | 00,000,216 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/01/30 19:31:46 | 00,002,424 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/30 18:48:38 | 00,000,444 | ---- | C] () -- C:\WINDOWS\powermp3cutterjoiner.ini
[2006/10/29 17:24:45 | 00,022,334 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/10/29 14:10:36 | 00,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2006/10/15 17:42:50 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2006/07/18 03:49:18 | 01,445,696 | ---- | C] () -- C:\WINDOWS\System32\bbMPEG.dll
[2006/06/26 11:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/14 10:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/01/22 18:59:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\dsa_32.dll
[2006/01/12 18:47:00 | 00,000,021 | ---- | C] () -- C:\WINDOWS\PI4_setup.ini
[2006/01/11 10:03:56 | 00,002,878 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/12/18 07:26:43 | 00,001,480 | ---- | C] () -- C:\WINDOWS\System32\0cw8034i.sys
[2005/12/18 07:24:20 | 00,000,124 | ---- | C] () -- C:\WINDOWS\ttyni.dll
[2005/10/06 19:13:59 | 00,000,030 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2005/09/28 15:05:45 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/08/31 18:33:54 | 00,092,672 | ---- | C] ( ) -- C:\WINDOWS\System32\DVDRead.dll
[2005/06/19 13:33:06 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/05/28 15:20:33 | 00,000,895 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/17 20:27:59 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2005/03/18 17:54:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2005/03/18 17:54:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2005/03/18 17:54:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2005/03/18 17:52:22 | 00,000,218 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/03/17 20:36:49 | 00,000,045 | ---- | C] () -- C:\WINDOWS\JFLILLL.ini
[2005/01/22 17:50:48 | 00,019,800 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/06 15:13:10 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/12/22 06:01:22 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/22 05:56:17 | 00,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/22 05:47:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/22 05:44:22 | 00,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/12/22 05:11:06 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 16:25:56 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/11 16:15:00 | 00,000,629 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/11 16:07:24 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/06/14 14:21:46 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/06/14 14:21:02 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/06/14 14:15:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/06/14 14:09:22 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/06/04 18:25:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/06/04 18:23:44 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/04/20 10:08:08 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2003/10/08 13:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 14:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 12:51:52 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 12:51:52 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 12:51:52 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 12:51:52 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 12:51:52 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 12:51:52 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 12:51:52 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 21:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 21:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 18:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files]
[2009/09/14 21:40:29 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MasterUser\Desktop\OTL.exe
[2009/09/14 20:55:10 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/14 20:37:01 | 41,113,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/14 20:37:01 | 00,105,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/14 20:35:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/14 20:35:05 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/09/14 20:34:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/14 20:34:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/14 20:34:51 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/14 20:34:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/09/14 08:48:20 | 00,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/09/14 08:48:20 | 00,033,232 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/09/14 08:48:20 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/09/14 08:48:20 | 00,032,448 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/09/14 08:48:20 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx
[2009/09/14 08:47:57 | 04,932,302 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF
[2009/09/14 08:47:57 | 04,932,302 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
[2009/09/13 20:00:47 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\Win32kDiag.exe
[2009/09/13 13:45:21 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/13 11:55:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2009/09/13 10:35:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/13 10:17:01 | 00,000,446 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/09/12 16:04:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/09/12 13:12:53 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\settings.dat
[2009/09/12 13:12:16 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\MasterUser\Desktop\RootRepeal.exe
[2009/09/12 13:11:27 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\dds(2).scr
[2009/09/12 13:02:11 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\dds.scr
[2009/09/09 20:15:25 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 15:48:39 | 08,499,200 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\MasterUser\Desktop\cbSetup8.exe
[2009/09/07 15:21:23 | 08,060,048 | ---- | M] (PC Tools ) -- C:\Documents and Settings\MasterUser\Desktop\rminstall.exe
[2009/09/07 14:34:39 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MasterUser\Desktop\HijackThis.exe
[2009/09/07 14:34:05 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MasterUser\Desktop\HijackThisInstaller.exe
[2009/09/07 14:05:40 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\WindowsDefender(2).msi
[2009/09/07 14:01:53 | 00,017,214 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\WindowsDefender.msi
[2009/09/07 13:51:14 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\AROTrial_bt.exe
[2009/09/07 11:16:01 | 01,656,933 | ---- | M] () -- C:\Documents and Settings\MasterUser\Desktop\pc-decrapifier-2.0.0.exe
[2009/08/30 09:49:56 | 00,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
[2009/08/28 14:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/16 18:19:53 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
< End of report >


And here is the contents of the Extras.txt:

OTL Extras logfile created on: 9/14/2009 9:41:43 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\MasterUser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

1022.09 Mb Total Physical Memory | 402.79 Mb Available Physical Memory | 39.41% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.70 Gb Total Space | 40.84 Gb Free Space | 28.23% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASTER
Current User Name: MasterUser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Outlook Express\MSIMN.EXE" = C:\Program Files\Outlook Express\MSIMN.EXE:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Netscape\Netscape Browser\netscape.exe" = C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape Browser -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa -- File not found
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe" = C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™ -- File not found
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe" = C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- File not found
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe" = C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe" = C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\WINDOWS\SYSTEM32\lxcycoms.exe" = C:\WINDOWS\SYSTEM32\lxcycoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe" = C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe:*:Enabled:Morpheus -- File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe" = C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe" = C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\WINDOWS\SYSTEM32\USMT\migwiz.exe" = C:\WINDOWS\SYSTEM32\USMT\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe" = C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FCAE630-CCBD-4A61-B83A-06021C331CC0}_is1" = ShellZip 3.0 Beta3
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{32A3A4F4-B792-11D6-A78A-00B0D0150040}" = J2SE Development Kit 5.0 Update 4
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3EBD3749-304E-4A4C-9575-C00E5F015217}" = Apple Mobile Device Support
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{71813834-C5F1-4B86-907A-54CEF83EB2E2}" = PSShortcuts
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{7CF31609-270B-11D6-9445-000102308676}" = Java 2 Runtime Environment, SE v1.4.0_01
"{7D62E2E7-99D7-4709-8185-0A5EC5A72DF3}" = PlanetSide: Aftershock
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}" = NETGEAR XE102 Powerline Ethernet Adapter
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2A80AA7-1A04-404C-A5C2-E7DE3BB8A397}" = GameShark Media Manager for PSP
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C40B2CC1-D880-4062-A2C2-02C8852B671F}_is1" = X-OOM Music on PSP
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D35191B3-F340-4C11-A4E0-8B09477B4302}" = HP Memories Disc
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EAF598EE-CB88-4F85-AE2B-227DC99F8520}" = ArcSoft PhotoImpression
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Video FX Utility" = Advanced Video FX Utility
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AsUninst.exe" = Anvil Studio
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"Belarc Advisor" = Belarc Advisor 7.2
"Best Buy Rhapsody" = Best Buy Rhapsody
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CobBackup8" = Cobian Backup 8
"Covert Operations" = Covert Operations
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Photo Manager" = Creative Photo Manager
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"DellSupport" = Dell Support 5.0.0 (766)
"DiskRedactor_is1" = DiskRedactor
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Ease Audio Converter_is1" = Ease Audio Converter 4.80
"EditPlus 2" = EditPlus 2
"EPSON Printer and Utilities" = EPSON Printer Software
"Graph_is1" = Graph 4.3
"GraphCalc v4.0.1_is1" = GraphCalc v4.0.1
"Handbrake" = Handbrake 2.4.1
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"l'espion S v204 Installation Files" = l'espion S v204 Installation Files
"Lexmark 3400 Series" = Lexmark 3400 Series
"Logitech VideoCall" = Logitech VideoCall
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDI to WAV Converter_is1" = MIDI to WAV Converter 6.0
"Motorola USB Drivers" = Motorola USB Drivers
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MyWaySearchAssistantDE" = My Way Search Assistant
"Need2FindBar Uninstall" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OmegaBR" = OmegaBR
"PENTAX Optio 50 Driver" = PENTAX Optio 50 Driver
"Picaboo Installer" = Picaboo Installer
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PSP Video 9" = PSP Video 9 1.74
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SightSpeed" = SightSpeed (remove only)
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"speer" = SolidPeer
"Starcraft" = Starcraft
"Switch" = Switch Sound File Converter
"SysInfo" = Creative System Information
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebCam Live! Product Registration" = WebCam Live! Product Registration
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2783961754-768521223-4200969722-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IncrediFlash XTreme 1.0" = IncrediFlash XTreme 1.0(remove only)
"InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/15/2009 1:55:14 PM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application spywatchinstaller.exe, version 0.0.0.0, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 8/15/2009 4:44:07 PM | Computer Name = MASTER | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2009 8:31:51 PM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module unknown, version 0.0.0.0, fault address 0x10001f97.

Error - 8/27/2009 8:31:58 PM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 9/7/2009 2:09:32 PM | Computer Name = MASTER | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2009 4:56:05 AM | Computer Name = MASTER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/9/2009 4:48:11 AM | Computer Name = MASTER | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 9/10/2009 11:30:00 PM | Computer Name = MASTER | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 9/10/2009 11:46:46 PM | Computer Name = MASTER | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16876, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000027f9.

Error - 9/10/2009 11:52:14 PM | Computer Name = MASTER | Source = Application Error | ID = 1001
Description = Fault bucket 1392513195.

[ System Events ]
Error - 8/20/2009 12:07:47 PM | Computer Name = MASTER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 8/20/2009 12:07:50 PM | Computer Name = MASTER | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 8/20/2009 7:37:03 PM | Computer Name = MASTER | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Quicken PDF Printer share name
Printer.

Error - 9/7/2009 6:59:32 PM | Computer Name = MASTER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring
the volume.

Error - 9/7/2009 9:44:55 PM | Computer Name = MASTER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TINY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8CF9650C-20D1-49B6-B920.
The
master browser is stopping or an election is being forced.

Error - 9/8/2009 10:22:10 AM | Computer Name = MASTER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
TINY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8CF9650C-20D1-49B6-B920.
The
master browser is stopping or an election is being forced.

Error - 9/8/2009 10:59:40 AM | Computer Name = MASTER | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.100. The machine with the IP address 192.168.1.102 did
not allow the name to be claimed by this machine.

Error - 9/8/2009 3:44:47 PM | Computer Name = MASTER | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.100 on
the Network Card with network address 000F66E61D8A.

Error - 9/8/2009 7:09:34 PM | Computer Name = MASTER | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring
the volume.

Error - 9/13/2009 11:38:46 AM | Computer Name = MASTER | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 8070194f, parameter3
f7acbc30, parameter4 f7acb92c.


< End of report >


I really appreciate the help. If I posted to the wrong place, please let me know. Thanks.

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 30 September 2009 - 09:02 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 30 September 2009 - 11:19 PM

Hi,
I still have the problem. Vimax ads show up anytime I use any browser and I often get redirected. I ran RSIT and will include the logs here. I will be away for a few days so I won't be able to respond back until Oct. 4th or 5th so please don't close this out if I don't respond back until that time.

Thank you sooo much for the help!

Contents of log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MasterUser at 2009-09-30 21:11:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (28%) free of 148 GB
Total RAM: 1022 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:41 PM, on 9/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MasterUser\Desktop\RSIT.exe
C:\Program Files\trend micro\MasterUser.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\WINDOWS\TEMP\E_S643.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE http://www.symantec.com/techsupp/servlet/P...000049.000000b9
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.157,85.255.112.63
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.157,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.157,85.255.112.63
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13687 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-07 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-01 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-01 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-01 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-01 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-09-20 4583424]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"Antiy Auto Update"=C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-18 2007832]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-06-23 19456]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"EPSON Stylus Photo R280 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE [2007-04-13 182272]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-04 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE http://www.symantec.com/techsupp/servlet/P...000049.000000b9 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

C:\Documents and Settings\MasterUser\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-07 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Outlook Express\MSIMN.EXE"="C:\Program Files\Outlook Express\MSIMN.EXE:*:Enabled:Outlook Express"
"C:\Program Files\Netscape\Netscape Browser\netscape.exe"="C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape Browser"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe"="C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\WINDOWS\SYSTEM32\lxcycoms.exe"="C:\WINDOWS\SYSTEM32\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\WINDOWS\SYSTEM32\USMT\migwiz.exe"="C:\WINDOWS\SYSTEM32\USMT\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{381e5aed-c87f-11dc-ac50-000f66e61d8a}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3b2c36-901e-11dd-aeb4-000f66e61d8a}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22cf1fd-49dd-11dd-adfe-000f66e61d8a}]
shell\AutoRun\command - E:\PMB_P.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91d4286-13a1-11dd-ad35-000f66e61d8a}]
shell\AutoRun\command - E:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-09-30 21:11:28 ----D---- C:\rsit
2009-09-30 21:11:28 ----D---- C:\Program Files\trend micro
2009-09-19 18:04:39 ----D---- C:\Program Files\iPod
2009-09-19 18:04:35 ----D---- C:\Program Files\iTunes
2009-09-19 18:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 17:59:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-09 20:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 20:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 20:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-07 15:49:07 ----D---- C:\Program Files\Cobian Backup 8
2009-09-07 14:08:16 ----D---- C:\Program Files\Windows Defender

======List of files/folders modified in the last 1 months======

2009-09-30 21:11:28 ----D---- C:\Program Files
2009-09-30 21:08:19 ----D---- C:\Program Files\Mozilla Firefox
2009-09-30 20:04:43 ----D---- C:\WINDOWS\Prefetch
2009-09-30 19:04:25 ----SD---- C:\WINDOWS\Tasks
2009-09-30 19:01:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-30 18:43:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-30 18:42:41 ----A---- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2009-09-30 17:51:40 ----D---- C:\WINDOWS\Temp
2009-09-27 18:01:19 ----D---- C:\WINDOWS\SYSTEM32
2009-09-27 09:45:09 ----D---- C:\WINDOWS
2009-09-22 18:19:17 ----HD---- C:\$AVG8.VAULT$
2009-09-20 12:35:30 ----D---- C:\Documents and Settings\MasterUser\Application Data\Skype
2009-09-19 21:47:28 ----HD---- C:\WINDOWS\INF
2009-09-19 18:26:41 ----D---- C:\Documents and Settings\MasterUser\Application Data\Apple Computer
2009-09-19 18:26:40 ----SHD---- C:\WINDOWS\Installer
2009-09-19 18:26:40 ----HD---- C:\Config.Msi
2009-09-19 18:14:24 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-19 18:05:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-19 18:04:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-19 18:03:08 ----D---- C:\Program Files\Bonjour
2009-09-19 18:02:31 ----D---- C:\Program Files\QuickTime
2009-09-13 08:39:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-12 17:03:13 ----RSD---- C:\WINDOWS\Fonts
2009-09-12 15:03:31 ----D---- C:\WINDOWS\Help
2009-09-12 13:59:28 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-09-10 07:19:47 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 20:15:25 ----A---- C:\WINDOWS\imsins.BAK
2009-09-07 14:08:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-07 13:43:37 ----D---- C:\tmp
2009-09-07 12:44:39 ----D---- C:\WINDOWS\Minidump
2009-09-07 11:25:31 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-10-05 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-07 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-07 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-07 108552]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-14 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-05-25 300928]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-06-23 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-06-23 528408]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-06-23 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-06-23 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-06-23 92696]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-22 20272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-06-23 798744]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-06-23 162840]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 Lvckap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-22 1413424]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-22 961072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-09-20 2738592]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-06-23 127512]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-06-23 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-06-23 189464]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-09-30 16880]
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology; C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys [2003-10-15 12288]
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology; C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys [2003-10-11 11648]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\oflpydin.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PentaxUsb;Pentax Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STVles;l'espion S (Webcam); C:\WINDOWS\system32\drivers\STVles.sys [2004-02-27 93184]
S3 STVlesm;l'espion S (Webcam)m; C:\WINDOWS\system32\drivers\STVlesm.sys [2004-02-27 6144]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-07 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2009-02-14 307200]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-09-20 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-08-15 79360]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


And the contents of the info.txt file:

info.txt logfile of random's system information tool 1.06 2009-09-30 21:11:46

======Uninstall list======

-->rundll32 C:\PROGRA~1\NEED2F~1\bar\2.bin\Nd2fnBar.dll,O
Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80426743-0CC7-4967-BFEC-10DE08D1B6F3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9104A09A-EC83-11D8-8469-00D0B726B56E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9744AE38-1CC6-414F-96CE-0643AEE30A9B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
ACDSee for PENTAX-->MsiExec.exe /I{EED5156C-4BA8-4105-A506-DB9D00F8B68D}
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Advanced Video FX Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x9 /remove
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Anvil Studio-->C:\WINDOWS\system32\AsUninst.exe
AOL Instant Messenger-->C:\PROGRA~1\AIM\uninstll.exe -LOG= C:\PROGRA~1\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF598EE-CB88-4F85-AE2B-227DC99F8520}\Setup.exe" -l0x9 -uninst
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Best Buy Rhapsody-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Covert Operations-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Red Storm Entertainment\Covert Operations\Uninst.isu"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Photo Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Micro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D944236D-7992-41D6-8257-930B5832F1CC}\SETUP.EXE" -l0x9 /remove
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDE4CC8B-134B-421E-943C-90799E56F664}\setup.exe" -l0x9 -L0x9 /SMAINT
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (766)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DiskRedactor-->"C:\Program Files\CEZEO software\Disk Redactor\unins000.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Ease Audio Converter 4.80-->"C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
EditPlus 2-->C:\Program Files\EditPlus 2\remove.exe
Empire Earth II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x9 -removeonly
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON R280 User's Guide-->C:\Program Files\epson\guide\spr280_e\uninstall.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
G5a922EN-->MsiExec.exe /X{A3E77D20-647C-40E2-B69B-C120D4D58190}
GameShark Media Manager for PSP-->MsiExec.exe /I{C2A80AA7-1A04-404C-A5C2-E7DE3BB8A397}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Graph 4.3-->"C:\Program Files\Graph\unins000.exe"
GraphCalc v4.0.1-->"C:\Program Files\GraphCalc\unins000.exe"
Handbrake 2.4.1-->C:\Program Files\Handbrake\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc-->MsiExec.exe /X{D35191B3-F340-4C11-A4E0-8B09477B4302}
HP Photosmart Essential 2.01-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Development Kit 5.0 Update 4-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150040}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.0_01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java Platform, Enterprise Edition 5 SDK-->"C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190001_5a3e312\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
l'espion S v204 Installation Files-->C:\PROGRA~1\DIGITA~2\STVLES~1\UNWISE.EXE C:\PROGRA~1\DIGITA~2\STVLES~1\INSTALL.LOG
Lexmark 3400 Series-->C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech VideoCall-->C:\PROGRA~1\Logitech\VIDEOC~1\UNWISE.EXE C:\PROGRA~1\Logitech\VIDEOC~1\INSTALL.LOG
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
M-Audio Key Rig 1.0.1-->"C:\Program Files\M-Audio\Key Rig\unins000.exe"
M-Audio Series II MIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Premium 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe D:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
MIDI to WAV Converter 6.0-->"C:\Program Files\MIDI to WAV Converter\unins000.exe"
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Motorola USB Drivers-->C:\PROGRA~1\MOTORO~1\UNWISE.EXE C:\PROGRA~1\MOTORO~1\INSTALL.LOG
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant-->rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NETGEAR XE102 Powerline Ethernet Adapter-->MsiExec.exe /X{AF79DFD1-04C2-4CE5-9C8F-F60CA3CF01A7}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OmegaBR-->"C:\Program Files\OmegaBR\Uninstall.exe"
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PENTAX Optio 50 Driver-->C:\PROGRA~1\PENTAX~1\UNWISE.EXE C:\PROGRA~1\PENTAX~1\INSTALL.LOG
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
Picaboo Installer-->C:\Program Files\Picaboo\PicabooInstaller\PicabooInstaller.exe /uninstall
PlanetSide: Aftershock-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D62E2E7-99D7-4709-8185-0A5EC5A72DF3}\setup.exe" -l0x9
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PSP Video 9 1.74-->C:\Program Files\pspvideo9\uninst.exe
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody Player Engine-->MsiExec.exe /I{6A136B9A-1895-436F-83F8-30D9C68BB6EA}
Sansa Media Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
ShellZip 3.0 Beta3-->"C:\Program Files\ShellZip\unins000.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
SightSpeed (remove only)-->"C:\Program Files\SightSpeed\uninst.exe"
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SolidPeer-->C:\WINDOWS\DrUninst.exe /partnerid 33 /bundleid 5
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
V CAST Music-->MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VoiceOver Kit-->MsiExec.exe /I{6DE13770-01B7-4366-8DA6-48237793F445}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCam Live! Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93CC99FD-FCFC-4BAB-BCB0-3814826DF93D}\SETUP.EXE" -l0x9 /remove
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
X-OOM Music on PSP-->"C:\Program Files\X-OOM\Music on PSP\unins000.exe"
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MASTER
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 215106
Source Name: b57w2k
Time Written: 20090814105247.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 215081
Source Name: b57w2k
Time Written: 20090813184007.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 19
Message: Sharing printer failed + 1722, Printer Quicken PDF Printer share name Printer.

Record Number: 215052
Source Name: Print
Time Written: 20090812162729.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MASTER
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 215050
Source Name: b57w2k
Time Written: 20090812162722.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 215019
Source Name: b57w2k
Time Written: 20090811172617.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: MASTER
Event Code: 32068
Message:
Record Number: 116178
Source Name: Microsoft Fax
Time Written: 20090615060524.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 32026
Message:
Record Number: 116177
Source Name: Microsoft Fax
Time Written: 20090615060524.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 32068
Message:
Record Number: 116163
Source Name: Microsoft Fax
Time Written: 20090614210756.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 32026
Message:
Record Number: 116162
Source Name: Microsoft Fax
Time Written: 20090614210756.000000-420
Event Type: warning
User:

Computer Name: MASTER
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16850, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Record Number: 116154
Source Name: Application Error
Time Written: 20090614205931.000000-420
Event Type: error
User:

======Environment variables======

"AS_ADMIN_USER"=admin
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\SONICS~1\;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0304
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks again.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 01 October 2009 - 07:42 AM

Hi kkmd,

Thanks for letting me know you are going to be delayed in replying, I will make sure I keep the topic open a bit longer.


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Ares). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now.

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:
  • Viewpoint Media Player
  • My Way Search Assistant
Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 05 October 2009 - 06:06 PM

Are you still with me kkmd?

unite.jpg


#6 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 05 October 2009 - 11:21 PM

Hi syler,
Yes, I'm here. I got back late yesterday and had to work today so this is the first I've been able to try your instructions. I just tried to do the first step (remove Viewpoint Media Player and My Way Search Assistant). Viewpoint Media Player doesn't show up in the list of applications. My Way Search Assistant does but I get an error when I try to remove it.

Error loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\descras.dll

The specified module could not be found.


So I went on to your next step - download and run Malwarebytes' Anti-Malware. I downloaded it and installed it - making sure to check Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware. Once it finished installing, it did not launch automatically. So, I tried starting it several ways - none of which worked. So I looked for the executable and there isn't a .exe file in the file folder (C:\Program Files\Malwarebytes' Anti-Malware). So I tried downloading it again and saved it to a new file folder - different name - still no executable.

Since I failed to complete the first 2 steps you recommend, I thought I should stop now and send you a note to ask what to do next. Should I go on to scan for Rootkits with GMER? Or should I wait until I can do the first 2 steps correctly?

I'm sorry that I couldn't make any progress. What am I doing wrong?

Thank you so much for the help. I really, really appreciate it.
kkmd

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 07 October 2009 - 11:30 AM

Hi kkmd,

Let's see if we can make some progress, it's absolutely fine for you to stop and ask if theirs something you can't do :(

So I looked for the executable and there isn't a .exe file in the file folder (C:\Program Files\Malwarebytes' Anti-Malware


You need to make sure that you can see the file extensions.

Open My Computer and click on the Tools tab, then select Folder Options.
When it opens Folder Options click on the View tab.
Scroll down too Hide extensions for known file types and untick it.
Now click Apply then Ok.

Now you should be able to the the .exe extension, change MBAM.exe to kkmd.exe and try to run it.

If you still can't get it to run, go ahead and run Gmer then post back with the log requested.

Thanks
Syler

unite.jpg


#8 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 09 October 2009 - 09:06 AM

Hi, syler,
Sorry it took me a couple of days to respond. I have made some progress:

Following your directions, I got Malwarebytes' Anit-Malware to run. Here is the report:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/8/2009 6:55:34 PM
mbam-log-2009-10-08 (18-55-34).txt

Scan type: Quick Scan
Objects scanned: 110057
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 5
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.157,85.255.112.63 -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\MasterUser\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\MsMovies (Worm.P2P) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\bszip.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\MasterUser\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\MsMovies\p.zip (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\b.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ESQULzcounter (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.


It did ask me to restart the computer, which it did - but it had problems and when I tried it a 2nd time it performed a CHKDSK. I wasn't sure if Malware had done everything so I tried running the executable again and the computer crashed.

Anyway, I then downloaded and ran GMER. Here is the log from that:

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-09 06:53:15
Windows 5.1.2600 Service Pack 3
Running: qul5wkb9.exe; Driver: C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\uftdypow.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FC2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FC2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FC2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1776] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FC2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\MasterUser\Desktop\qul5wkb9.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\MasterUser\Desktop\qul5wkb9.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\MasterUser\Desktop\qul5wkb9.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\MasterUser\Desktop\qul5wkb9.exe[1952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01132E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01132C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01132C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[2252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01132C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[3792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[3792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[3792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[3792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs EED62400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULrwbwucxerxxymqwwqjklyxuiqujngilx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULrwbwucxerxxymqwwqjklyxuiqujngilx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULrmaoyinfibbtamyqbphesdokxjlkmoao.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULrvwhdytrrxqmopepvvaboejftxhiosvb.dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340A0DCF-1E4A-8A17-9747-E7B523E72789}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340A0DCF-1E4A-8A17-9747-E7B523E72789}@iafioinhdiomgkjilb 0x69 0x61 0x66 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340A0DCF-1E4A-8A17-9747-E7B523E72789}@haliegojmfdfglhf 0x6A 0x61 0x67 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C700564B-8707-322C-25E8-C963535BBBFE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C700564B-8707-322C-25E8-C963535BBBFE}@iaggmbkdlfdejejmic 0x6A 0x61 0x68 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C700564B-8707-322C-25E8-C963535BBBFE}@haegcbhnjaeidfbj 0x6A 0x61 0x68 0x6A ...

---- EOF - GMER 1.0.15 ----


One last thing - I have AVG on the PC and I couldn't figure out how to disable it so it has run a couple of scans. The most recent run found 2 threats:

C:\WINDOWS\SYSTEM32\DVDRead.dll
C:\WINDOWS\SYSTEM32\ESQULrmaoyinfibbtamyqbphesdokxjlkmaoo.dll

They were "Moved to Virus Vault" but they couldn't be "healed".

Oh - and in your earlier reply you ask me to post the "New Rsit log" - what is that? Is there something else I should be running?

As always - THANK YOU!!!!!!!

kkmd

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 10 October 2009 - 09:55 PM

Hello kkmd,

Sorry for the slight delay in my reply.

Oh - and in your earlier reply you ask me to post the "New Rsit log" - what is that?


That is the log from Rsit which I asked you to run in my first reply, you need to run it again, it will only produce one log this time please post it in your
next reply.

You version of malwarebytes is not up to date, as of writing this the latest database version is 2940. Run malwarebytes and click on the update
tab then download the latests definitions, if it crashes again just post back with the Rsit log for now.

Thanks

unite.jpg


#10 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 11 October 2009 - 01:59 PM

Hi Syler,
I updated the version of Malwarebytes and tried to run it - it hung at "3 seconds" (same as yesterday when I tried to run it several times). So, I decided to try to download a version to a new folder and try running it again - same result. Each time this happens it doesn't let me do "Ctrl/Alt/Delete" or anything, I have to press the PC's on/off button to shut off the machine and then re-boot.

However, I was able to run RSIT. Here is the log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by MasterUser at 2009-10-11 11:51:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (28%) free of 148 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:46 AM, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\MasterUser\Desktop\RSIT.exe
C:\Documents and Settings\MasterUser\Desktop\MasterUser.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\kkmd.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\WINDOWS\TEMP\E_S643.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE http://www.symantec.com/techsupp/servlet/P...000049.000000b9
O4 - HKUS\S-1-5-18\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 13498 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-07 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-01 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-07 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-01 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-01 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-09-20 4583424]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-12-05 50688]
"IAAnotif"=C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]
"Antiy Auto Update"=C:\Program Files\Antiy Labs\Alive\ALiveCenter.exe []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-07 2023704]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-06-23 19456]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-06-26 497200]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2006-06-26 614960]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\kkmd.exe /runcleanupscript []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"EPSON Stylus Photo R280 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE [2007-04-13 182272]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-04 68856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=C:\PROGRA~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE http://www.symantec.com/techsupp/servlet/P...000049.000000b9 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutorunsDisabled

C:\Documents and Settings\MasterUser\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-07 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Outlook Express\MSIMN.EXE"="C:\Program Files\Outlook Express\MSIMN.EXE:*:Enabled:Outlook Express"
"C:\Program Files\Netscape\Netscape Browser\netscape.exe"="C:\Program Files\Netscape\Netscape Browser\netscape.exe:*:Enabled:Netscape Browser"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1160959732\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1160959732\ee\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Incomplete\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe"="C:\Documents and Settings\MasterUser\Desktop\limewire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\WINDOWS\SYSTEM32\lxcycoms.exe"="C:\WINDOWS\SYSTEM32\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe"="C:\Documents and Settings\MasterUser\Desktop\Journey and Nip\Help\zipitfast_archive\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS61B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS628.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\WINDOWS\SYSTEM32\USMT\migwiz.exe"="C:\WINDOWS\SYSTEM32\USMT\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe"="C:\Documents and Settings\MasterUser\Local Settings\Temp\7zS66B.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{381e5aed-c87f-11dc-ac50-000f66e61d8a}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b3b2c36-901e-11dd-aeb4-000f66e61d8a}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a22cf1fd-49dd-11dd-adfe-000f66e61d8a}]
shell\AutoRun\command - E:\PMB_P.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91d4286-13a1-11dd-ad35-000f66e61d8a}]
shell\AutoRun\command - E:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-10-11 11:40:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware3
2009-10-10 22:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-08 19:07:25 ----SHD---- C:\found.000
2009-10-08 18:35:12 ----D---- C:\Documents and Settings\MasterUser\Application Data\Malwarebytes
2009-10-05 21:15:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware2
2009-10-05 20:15:15 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-09-30 21:11:28 ----D---- C:\rsit
2009-09-30 21:11:28 ----D---- C:\Program Files\trend micro
2009-09-19 18:04:39 ----D---- C:\Program Files\iPod
2009-09-19 18:04:35 ----D---- C:\Program Files\iTunes
2009-09-19 18:04:35 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 17:59:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2009-10-11 11:49:14 ----SD---- C:\WINDOWS\Tasks
2009-10-11 11:46:18 ----D---- C:\WINDOWS
2009-10-11 11:46:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-11 11:40:51 ----D---- C:\WINDOWS\Prefetch
2009-10-11 11:40:43 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-11 11:40:41 ----D---- C:\Program Files
2009-10-11 11:38:26 ----D---- C:\Program Files\Mozilla Firefox
2009-10-11 11:23:15 ----D---- C:\WINDOWS\Temp
2009-10-11 10:41:27 ----D---- C:\Documents and Settings\MasterUser\Application Data\Apple Computer
2009-10-11 10:41:07 ----HD---- C:\WINDOWS\INF
2009-10-11 09:43:27 ----D---- C:\WINDOWS\SYSTEM32
2009-10-10 22:10:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-10 22:09:53 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-10 22:09:01 ----N---- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2009-10-10 13:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-10-10 09:21:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-09 07:04:19 ----HD---- C:\$AVG8.VAULT$
2009-09-20 12:35:30 ----D---- C:\Documents and Settings\MasterUser\Application Data\Skype
2009-09-19 18:26:40 ----SHD---- C:\WINDOWS\Installer
2009-09-19 18:26:40 ----HD---- C:\Config.Msi
2009-09-19 18:05:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-19 18:04:38 ----D---- C:\Program Files\Common Files\Apple
2009-09-19 18:03:08 ----D---- C:\Program Files\Bonjour
2009-09-19 18:02:31 ----D---- C:\Program Files\QuickTime
2009-09-13 08:39:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-12 17:03:13 ----RSD---- C:\WINDOWS\Fonts
2009-09-12 15:03:31 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-10-05 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-07 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-07 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-08-07 108552]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-02-14 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-06-23 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-06-23 528408]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-06-23 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-06-23 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-06-23 92696]
R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2006-06-22 20272]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-06-23 798744]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-06-23 162840]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 Lvckap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2006-06-22 1413424]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2006-06-22 961072]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-09-20 2738592]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-06-23 127512]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2008-06-10 31048]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-05-25 300928]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-06-23 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-06-23 189464]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2004-09-30 16880]
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 MA_CMIDI;M-Audio USB Driver; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MTDVC2;Panasonic DVC USB-SERIAL2 Driver for NT Technology; C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys [2003-10-15 12288]
S3 MTDVC2_ENUM;Panasonic DVC COM2 Driver for NT Technology; C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys [2003-10-11 11648]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\MASTER~1\LOCALS~1\Temp\oflpydin.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PentaxUsb;Pentax Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 46944]
S3 pete;pete; \??\C:\WINDOWS\system32\drivers\pete.sys []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STVles;l'espion S (Webcam); C:\WINDOWS\system32\drivers\STVles.sys [2004-02-27 93184]
S3 STVlesm;l'espion S (Webcam)m; C:\WINDOWS\system32\drivers\STVlesm.sys [2004-02-27 6144]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-07 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2009-02-14 307200]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-09-20 127043]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-08-15 79360]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-06-12 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Thank you for the help!!
kkmd

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 11 October 2009 - 10:58 PM

Hi,

I see that you have several startup items disabled using autoruns, I need to see what these disabled items are, so please re-enable all the entries you
have disabled in autorus.

You need to make sure you disable AVG before running the next tool, you can find instructions on how to do so here.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#12 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 12 October 2009 - 10:42 PM

Hi Syler,
You said that I have several startup items disabled using autoruns. Perhaps these were disabled by someone else in my house...because I don't remember doing that. How do I "re-enable" them?

But I was able to run ComboFix. Here is the log:

ComboFix 09-10-12.03 - MasterUser 10/12/2009 20:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.444 [GMT -7:00]
Running from: c:\documents and settings\MasterUser\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MasterUser\a.exe
c:\documents and settings\MasterUser\b.exe
c:\program files\Altnet
c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
c:\program files\Common Files\inetget
c:\program files\Common Files\inetget\mc-110-12-0000137.exe
c:\program files\e2g
c:\program files\e2g\data19
c:\program files\e2g\IeBHOs.dll
c:\program files\INSTAFINK
c:\program files\INSTAFINK\Cache\instafinktb0302.cfg
c:\program files\INSTAFINK\Uninstall.exe
c:\program files\Need2Find
c:\program files\Need2Find\bar\2.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\2.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\2.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\0016B431
c:\program files\Need2Find\bar\Cache\0016BBF2
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\wmplayer
c:\program files\wmplayer\p.zip
c:\windows\cdmxtras
c:\windows\dat.txt
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\7a9d1a.msi
c:\windows\search_res.txt
c:\windows\system32\AdCache
c:\windows\system32\AdCache\B_329_0_0_106800.htm
c:\windows\system32\AdCache\B_329_0_0_107400.htm
c:\windows\system32\AdCache\B_329_1_0_449200.gif
c:\windows\system32\AdCache\B_329_1_0_449600.gif
c:\windows\system32\AdCache\B_329_1_0_454300.gif
c:\windows\system32\AdCache\B_329_2_0_105300.htm
c:\windows\system32\AdCache\B_329_2_0_106800.htm
c:\windows\system32\AdCache\B_329_2_0_107400.htm
c:\windows\system32\AdCache\B_329_3_0_106800.htm
c:\windows\system32\AdCache\B_329_3_0_107400.htm
c:\windows\system32\AdCache\B_329_4_0_111600.htm
c:\windows\system32\AdCache\B_329_4_0_152400.htm
c:\windows\system32\AdCache\B_329_4_0_155300.htm
c:\windows\system32\AdCache\B_329_4_0_164100.htm
c:\windows\system32\AutoRun.inf
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\dsa_32.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-11 18:40 . 2009-10-11 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3
2009-10-10 20:20 . 2009-10-10 20:21 34816 ----a-w- c:\windows\system32\drivers\pete.sys
2009-10-09 08:54 . 2009-10-09 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-09 02:07 . 2009-10-09 02:07 -------- d-----w- C:\found.000
2009-10-09 01:35 . 2009-10-09 01:35 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Malwarebytes
2009-10-06 04:15 . 2009-10-06 04:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-10-06 03:15 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 04:11 . 2009-10-01 04:11 -------- d-----w- C:\rsit
2009-10-01 04:11 . 2009-10-01 04:11 -------- d-----w- c:\program files\trend micro
2009-09-20 01:04 . 2009-09-20 01:04 -------- d-----w- c:\program files\iPod
2009-09-20 01:04 . 2009-09-20 01:26 -------- d-----w- c:\program files\iTunes
2009-09-20 01:04 . 2009-09-20 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 00:59 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-20 00:59 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 03:16 . 2006-08-19 20:50 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-12 02:01 . 2007-09-09 16:56 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Skype
2009-10-11 17:41 . 2006-10-25 01:07 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Apple Computer
2009-10-11 17:41 . 2007-10-19 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 20:31 . 2004-12-22 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-10 16:21 . 2009-08-12 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 01:04 . 2007-10-19 23:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 01:03 . 2007-06-13 01:28 -------- d-----w- c:\program files\Bonjour
2009-09-20 01:02 . 2006-08-14 03:02 -------- d-----w- c:\program files\QuickTime
2009-09-10 21:54 . 2009-08-12 03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-08-12 03:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 14:19 . 2009-01-10 22:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 22:49 . 2009-09-07 22:49 -------- d-----w- c:\program files\Cobian Backup 8
2009-09-07 21:08 . 2009-09-07 21:08 -------- d-----w- c:\program files\Windows Defender
2009-09-07 20:29 . 2004-12-22 13:01 83384 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 18:25 . 2004-12-22 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 18:31 . 2005-04-18 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-08-15 18:28 . 2009-08-15 18:28 384 ------w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-08-15 18:28 . 2009-08-15 18:28 384 ------w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-08-15 18:25 . 2009-08-15 18:25 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-08-15 18:24 . 2009-08-15 18:24 444952 ------w- c:\windows\system32\wrap_oal.dll
2009-08-15 18:24 . 2004-12-22 12:44 109080 ------w- c:\windows\system32\OpenAL32.dll
2009-08-15 17:59 . 2005-01-04 02:10 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Creative
2009-08-15 17:57 . 2007-04-10 16:26 -------- d-----w- c:\program files\EA GAMES
2009-08-15 17:56 . 2008-04-01 22:42 -------- d-----w- c:\program files\ordrumbox
2009-08-15 17:55 . 2007-08-18 23:00 -------- d-----w- c:\program files\Common Files\Scanner
2009-08-15 17:55 . 2005-11-20 06:45 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Netscape
2009-08-15 17:51 . 2005-01-04 03:18 -------- d-----w- c:\program files\Microsoft Games
2009-08-09 21:45 . 2009-08-09 21:45 73747 ------w- c:\documents and settings\MasterUser\Start Menu.zip
2009-08-07 23:53 . 2009-08-07 23:53 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-07 23:53 . 2009-08-07 23:53 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-07 23:53 . 2009-08-07 23:53 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-07 23:53 . 2009-08-07 23:53 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2004-08-04 11:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 11:00 58880 ------w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CtHelper.exe [2009-06-23 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\MasterUser\Start Menu\Programs\Startup\AutorunsDisabled
Memeo AutoBackup Launcher.lnk - c:\documents and settings\MasterUser\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-4-26 73728]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2008-2-3 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 23:53 11952 ------w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\MSIMN.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxcycoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [8/7/2009 4:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/7/2009 4:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/7/2009 4:53 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/15/2009 11:25 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [8/11/2009 8:33 PM 38224]
S3 oflpydin;oflpydin;\??\c:\docume~1\MASTER~1\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\MASTER~1\LOCALS~1\Temp\oflpydin.sys [?]
S3 PentaxUsb;Pentax Digital Camera on USB;c:\windows\SYSTEM32\DRIVERS\CoachUsb.sys [9/28/2005 3:38 PM 46944]
S3 pete;pete;c:\windows\SYSTEM32\DRIVERS\pete.sys [10/10/2009 1:20 PM 34816]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\PLCNDIS5.SYS [9/9/2002 11:53 AM 17018]
S3 STVles;l'espion S (Webcam);c:\windows\SYSTEM32\DRIVERS\STVles.sys [1/12/2006 6:46 PM 93184]
S3 STVlesm;l'espion S (Webcam)m;c:\windows\SYSTEM32\DRIVERS\STVlesm.sys [1/12/2006 6:46 PM 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-10-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35]

2009-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2009-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-10-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\MasterUser\Application Data\Mozilla\Firefox\Profiles\xqzf8322.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKCU-RunOnce-<NO NAME> - c:\progra~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE
HKLM-Run-Antiy Auto Update - c:\program files\Antiy Labs\Alive\ALiveCenter.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\kkmd.exe
AddRemove-speer - c:\windows\DrUninst.exe
AddRemove-IncrediFlash XTreme 1.0 - c:\documents and settings\MasterUser\Desktop\Flash\IncrediFlash XTreme 1\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Antiy Auto Update = c:\program files\Antiy Labs\Alive\ALiveCenter.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????.????I3?c:\program files\Com
CTHelper = CTHELPER.EXE?

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340A0DCF-1E4A-8A17-9747-E7B523E72789}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafioinhdiomgkjilb"=hex:69,61,66,68,6d,6a,61,70,70,6d,65,64,6a,68,65,64,67,70,
00,00
"haliegojmfdfglhf"=hex:6a,61,67,68,70,69,6b,70,6e,68,66,6f,66,65,63,64,69,68,
64,61,00,00

[HKEY_USERS\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C700564B-8707-322C-25E8-C963535BBBFE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaggmbkdlfdejejmic"=hex:6a,61,68,6a,67,62,62,63,64,63,67,61,69,6e,64,61,6d,67,
6a,6f,00,01
"haegcbhnjaeidfbj"=hex:6a,61,68,6a,67,62,62,63,64,63,67,61,69,6e,64,61,6d,67,
6a,6f,00,01
.
Completion time: 2009-10-13 20:35
ComboFix-quarantined-files.txt 2009-10-13 03:33

Pre-Run: 43,011,276,800 bytes free
Post-Run: 44,103,483,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

344 --- E O F --- 2009-10-12 22:50


Thanks for the help!!! I really appreciate it.
kkmd

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 13 October 2009 - 02:47 PM

Hi,

Don't worry about autoruns we will leave it for now.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\SYSTEM32\DRIVERS\pete.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"=-
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-
Driver::
pete
oflpydin

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#14 kkmd

kkmd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 13 October 2009 - 11:57 PM

Hi Syler,
Here is the log from the ComboFix run (with the additional code):

ComboFix 09-10-12.03 - MasterUser 10/13/2009 21:33.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.406 [GMT -7:00]
Running from: c:\documents and settings\MasterUser\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MasterUser\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\SYSTEM32\DRIVERS\pete.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SYSTEM32\DRIVERS\pete.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OFLPYDIN
-------\Service_oflpydin
-------\Service_pete


((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-11 18:40 . 2009-10-11 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware3
2009-10-09 08:54 . 2009-10-09 08:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-10-09 02:07 . 2009-10-09 02:07 -------- d-----w- C:\found.000
2009-10-09 01:35 . 2009-10-09 01:35 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Malwarebytes
2009-10-06 04:15 . 2009-10-06 04:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-10-06 03:15 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 04:11 . 2009-10-01 04:11 -------- d-----w- C:\rsit
2009-10-01 04:11 . 2009-10-01 04:11 -------- d-----w- c:\program files\trend micro
2009-09-20 01:04 . 2009-09-20 01:04 -------- d-----w- c:\program files\iPod
2009-09-20 01:04 . 2009-09-20 01:26 -------- d-----w- c:\program files\iTunes
2009-09-20 01:04 . 2009-09-20 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-20 00:59 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-09-20 00:59 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 04:44 . 2006-08-19 20:50 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-10-12 02:01 . 2007-09-09 16:56 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Skype
2009-10-11 17:41 . 2006-10-25 01:07 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Apple Computer
2009-10-11 17:41 . 2007-10-19 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-10 20:31 . 2004-12-22 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-10 16:21 . 2009-08-12 03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 01:04 . 2007-10-19 23:33 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 01:03 . 2007-06-13 01:28 -------- d-----w- c:\program files\Bonjour
2009-09-20 01:02 . 2006-08-14 03:02 -------- d-----w- c:\program files\QuickTime
2009-09-10 21:54 . 2009-08-12 03:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2009-08-12 03:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 14:19 . 2009-01-10 22:53 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-07 22:49 . 2009-09-07 22:49 -------- d-----w- c:\program files\Cobian Backup 8
2009-09-07 21:08 . 2009-09-07 21:08 -------- d-----w- c:\program files\Windows Defender
2009-09-07 20:29 . 2004-12-22 13:01 83384 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 18:25 . 2004-12-22 12:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 18:31 . 2005-04-18 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-08-15 18:28 . 2009-08-15 18:28 384 ------w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-08-15 18:28 . 2009-08-15 18:28 384 ------w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2009-08-15 18:25 . 2009-08-15 18:25 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-08-15 18:24 . 2009-08-15 18:24 444952 ------w- c:\windows\system32\wrap_oal.dll
2009-08-15 18:24 . 2004-12-22 12:44 109080 ------w- c:\windows\system32\OpenAL32.dll
2009-08-15 17:59 . 2005-01-04 02:10 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Creative
2009-08-15 17:57 . 2007-04-10 16:26 -------- d-----w- c:\program files\EA GAMES
2009-08-15 17:56 . 2008-04-01 22:42 -------- d-----w- c:\program files\ordrumbox
2009-08-15 17:55 . 2007-08-18 23:00 -------- d-----w- c:\program files\Common Files\Scanner
2009-08-15 17:55 . 2005-11-20 06:45 -------- d-----w- c:\documents and settings\MasterUser\Application Data\Netscape
2009-08-15 17:51 . 2005-01-04 03:18 -------- d-----w- c:\program files\Microsoft Games
2009-08-09 21:45 . 2009-08-09 21:45 73747 ------w- c:\documents and settings\MasterUser\Start Menu.zip
2009-08-07 23:53 . 2009-08-07 23:53 11952 ------w- c:\windows\system32\avgrsstx.dll
2009-08-07 23:53 . 2009-08-07 23:53 335240 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-08-07 23:53 . 2009-08-07 23:53 108552 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-08-07 23:53 . 2009-08-07 23:53 27784 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2004-08-04 11:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 11:00 58880 ------w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_03.32.00 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-20 4583424]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-12-06 50688]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"CTHelper"="CTHELPER.EXE" - c:\windows\SYSTEM32\CtHelper.exe [2009-06-23 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\MasterUser\Start Menu\Programs\Startup\AutorunsDisabled
Memeo AutoBackup Launcher.lnk - c:\documents and settings\MasterUser\Application Data\Microsoft\Installer\{6BCEB97B-F315-455D-BC2D-565A1A6781E8}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-4-26 73728]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2008-2-3 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-07 23:53 11952 ------w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=ma_cmidn.dll
"midi3"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Outlook Express\\MSIMN.EXE"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxcycoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\USMT\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [8/7/2009 4:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/7/2009 4:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/7/2009 4:53 PM 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 1:34 PM 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 COMMONFX;COMMONFX;c:\windows\SYSTEM32\DRIVERS\COMMONFX.sys [6/23/2009 1:34 PM 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [8/15/2009 11:25 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\SYSTEM32\DRIVERS\CTAUDFX.sys [6/23/2009 1:34 PM 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\SYSTEM32\DRIVERS\CTERFXFX.sys [6/23/2009 1:35 PM 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\SYSTEM32\DRIVERS\CTSBLFX.sys [6/23/2009 1:34 PM 566296]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 PentaxUsb;Pentax Digital Camera on USB;c:\windows\SYSTEM32\DRIVERS\CoachUsb.sys [9/28/2005 3:38 PM 46944]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\PLCNDIS5.SYS [9/9/2002 11:53 AM 17018]
S3 STVles;l'espion S (Webcam);c:\windows\SYSTEM32\DRIVERS\STVles.sys [1/12/2006 6:46 PM 93184]
S3 STVlesm;l'espion S (Webcam)m;c:\windows\SYSTEM32\DRIVERS\STVlesm.sys [1/12/2006 6:46 PM 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-10-13 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2004-04-01 04:35]

2009-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 19:56]

2009-01-19 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]

2009-10-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\MasterUser\Application Data\Mozilla\Firefox\Profiles\xqzf8322.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-<NO NAME> - c:\progra~1\NETSCAPE\NETSCA~1\NETSCAPE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 21:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{340A0DCF-1E4A-8A17-9747-E7B523E72789}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafioinhdiomgkjilb"=hex:69,61,66,68,6d,6a,61,70,70,6d,65,64,6a,68,65,64,67,70,
00,00
"haliegojmfdfglhf"=hex:6a,61,67,68,70,69,6b,70,6e,68,66,6f,66,65,63,64,69,68,
64,61,00,00

[HKEY_USERS\S-1-5-21-2783961754-768521223-4200969722-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C700564B-8707-322C-25E8-C963535BBBFE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaggmbkdlfdejejmic"=hex:6a,61,68,6a,67,62,62,63,64,63,67,61,69,6e,64,61,6d,67,
6a,6f,00,01
"haegcbhnjaeidfbj"=hex:6a,61,68,6a,67,62,62,63,64,63,67,61,69,6e,64,61,6d,67,
6a,6f,00,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\ZuneBusEnum.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-14 21:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-14 04:52
ComboFix2.txt 2009-10-13 03:35

Pre-Run: 44,023,984,128 bytes free
Post-Run: 43,811,561,472 bytes free

271 --- E O F --- 2009-10-12 22:50


Thank you!!!
kkmd

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:12 AM

Posted 14 October 2009 - 09:18 PM

Hello,

That's looking better let me know in your next reply if you are having any more problems.

  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
  • Click on the File tab, and select Save.
  • In the box that opens type Regfix.reg for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this Posted Image)
  • Double click Regfix.reg, Select yes when it prompts you, then Ok.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users