Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches rerouting + Sluggish computer


  • This topic is locked This topic is locked
24 replies to this topic

#1 Kalookakoo

Kalookakoo

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 December 2009 - 06:09 PM

Hello everyone =) Thanks for helping me.

Lately my computer has been running a bit slower than it usually does and whenever I search up things in google whether it be IE or FF, there are times (not all the time, sometims) where instead of clicking the link it seems to try to reroute to widgetlibrarypieces.com... though the page remains blank. That even happen when I try to right click the link. And when downloading anything through FF, it can sometimes get to the point where I have to shut down FF's process through task manager because it won't respond anymore. The whole shutting down the browser through its process is getting annoying as I randomly sometimes have to do it during watching a video or whatever I'm doing.

So far what I've done all by lonesome, is run Super antispyware, Malware bytes removal (something like that), and CC cleaner and ge rid of everything they told me to. Also, since then, I abandoned Wndows Live onecare and currently use Avage I tired using kaspersky, but it kept crashing and I had other issue). I've also updated my java to most recent and got rid of all prexisting versions.

Hopefully you guys can help me, as despte being able to download some very small files from FF, the google problem remains and i'm suspicious of my computer slowness.


DDS (Ver_09-12-01.01) - NTFSx86
Run by David at 17:34:49.90 on Wed 12/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.127 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 091223-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Purple Moon\Hide My IP 2007\SecureSrv.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: hiddenhackers Toolbar: {f77173fa-5de1-4bd8-a0a2-d84571421735} - c:\program files\hiddenhackers\tbhidd.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: hiddenhackers Toolbar: {f77173fa-5de1-4bd8-a0a2-d84571421735} - c:\program files\hiddenhackers\tbhidd.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: hiddenhackers Toolbar: {f77173fa-5de1-4bd8-a0a2-d84571421735} - c:\program files\hiddenhackers\tbhidd.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
LSP: c:\windows\system32\securenet.dll
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.36.9/ttinst.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 80.69.94.166 gameguard.mapleglobal.com
Hosts: 80.69.94.166 63.251.217.184
Hosts: 24.13.34.142 gameguard.mapleglobal.com
Hosts: 24.13.34.142 gameguard.mapleglobal.com
Hosts: 24.13.34.142 gameguard.mapleglobal.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\79e8yznb.default\
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\79e8yznb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\79e8yznb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\79e8yznb.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-21 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-21 138680]
R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun;c:\program files\drivehq\drivehq filemanager\DHQFMSvc.exe [2008-1-24 36864]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-11 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-6-11 600944]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-6 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-20 30104]
R3 SecureSrv;SecureSrv;c:\purple moon\hide my ip 2007\SecureSrv.exe [2008-3-26 102704]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2008-5-15 99248]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-21 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-21 352920]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-20 30104]
S3 cheetah1;cheetah1; [x]
S3 DADriv1;DADriv1; [x]
S3 Kaspersky1;Kaspersky1; [x]
S3 白目國中生1;白目國中生1; [x]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sejt1;sejt1; [x]
S3 toBzM;toBzM; [x]
S3 uzeil1;uzeil1; [x]
S3 xp1;xp1; [x]

=============== Created Last 30 ================

2009-12-21 02:46:34 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-21 02:46:34 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-21 02:46:27 0 d-----w- c:\program files\AVG
2009-12-21 02:46:16 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-21 02:27:21 0 d-----w- c:\docume~1\david\applic~1\AVG8
2009-12-20 22:27:55 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-20 22:22:30 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-20 04:03:37 0 d-----w- c:\program files\Microsoft Windows OneCare Live(2)
2009-12-19 23:45:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-12-19 21:57:26 0 d-----w- c:\docume~1\david\applic~1\QuickScan
2009-12-19 20:17:27 0 d-sh--w- C:\found.004
2009-12-19 04:33:36 0 d-----w- c:\program files\Trend Micro
2009-12-19 04:22:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-19 01:22:41 0 d-----w- c:\docume~1\david\applic~1\Malwarebytes
2009-12-19 01:22:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-19 00:07:23 0 d-----w- c:\program files\CCleaner
2009-12-12 21:59:33 0 d-----w- c:\program files\Ask.com
2009-12-05 02:22:36 0 d-----w- c:\program files\softnyx
2009-11-28 01:41:02 0 d-----w- c:\program files\Softnyx Canada

==================== Find3M ====================

2009-12-15 22:20:47 8820 ----a-w- c:\docume~1\david\applic~1\wklnhst.dat
2009-12-08 02:17:47 40112 ----a-w- c:\docume~1\david\applic~1\GDIPFONTCACHEV1.DAT
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-04-13 00:47:50 10496 ----a-w- c:\program files\nicmgr.exe
2009-04-13 00:47:49 3744 ----a-w- c:\program files\hamachi.ttf
2009-04-13 00:47:49 35162 ----a-w- c:\program files\hamachi.lng
2009-04-13 00:47:49 1318 ----a-w- c:\program files\uninstall.lng
2009-04-13 00:47:49 115760 ----a-w- c:\program files\uninstall.exe
2009-04-13 00:47:49 10600 ----a-w- c:\program files\license.txt
2009-04-13 00:47:48 597032 ----a-w- c:\program files\hamachi.exe
2009-04-13 00:47:48 264 ----a-w- c:\program files\hamachi.key
2008-11-28 00:20:06 693 ----a-w- c:\program files\Shortcut to Starcraft.lnk
2008-05-10 14:50:14 0 -c--a-w- c:\program files\temp01
2008-04-14 23:12:18 959 -c--a-w- c:\program files\uninstall.dat
2009-02-28 02:48:39 16384 -csha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-02-28 02:48:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-02-28 02:48:16 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022720090228\index.dat
2009-02-28 02:48:39 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 17:36:04.04 ===============

Attached Files


Edited by Kalookakoo, 23 December 2009 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 04 January 2010 - 06:55 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 04 January 2010 - 07:57 PM

Thanks for the help. I just want to let you know that I got rid of Avast, and put Microsoft security essentials and it killed 2 trojans and another malware, but I know for a fact my computer is not back to it's normal state because most of the viruses I have detected have been coming from a folder in documents and settings labeled "HelpAssistant" and it has Loads of files that never should have went there, since the folder should not exist. It reappears on boot despite me deleting it several times. It would be great to get rid of it, and make sure my computer is finally clean.
+ Logging into bank accounts brings a screen asking for sensitive information which banks say is a virus rerouting or similar, and it's not their page.

here are the logs

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2010-01-04 19:45:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 41 GB (53%) free of 76 GB
Total RAM: 510 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:23 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Purple Moon\Hide My IP 2007\SecureSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Documents and Settings\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O1 - Hosts: 80.69.94.166 gameguard.mapleglobal.com
O1 - Hosts: 80.69.94.166 63.251.217.184
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://secure.footprint.net/kingsisle/stat...ameLauncher.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgersho...esPlayer_v5.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecureSrv - Unknown owner - C:\Purple Moon\Hide My IP 2007\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe (file missing)

--
End of file - 13617 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6BEAA73D-E5F8-4A5F-9D1D-6EB19A197DED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-12-18 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77173fa-5de1-4bd8-a0a2-d84571421735}]
hiddenhackers Toolbar - C:\Program Files\hiddenhackers\tbhidd.dll [2008-02-28 1470488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll []
{f77173fa-5de1-4bd8-a0a2-d84571421735} - hiddenhackers Toolbar - C:\Program Files\hiddenhackers\tbhidd.dll [2008-02-28 1470488]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-05-04 291760]
"lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-03-05 20480]
"InvisibleBrowsing"= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"HostManager"=C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe [2006-09-25 50736]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-05-04 312240]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1173843243\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1173843243\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe"="C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe"="C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Nexon\MapleStory\NewPatcher.exe"="C:\Nexon\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\ijji\ENGLISH\u_skid.exe"="C:\ijji\ENGLISH\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\U_KwonHoOnline\KwonHoClient.exe"="C:\ijji\ENGLISH\U_KwonHoOnline\KwonHoClient.exe:*:Enabled:KwonHo"
"C:\Program Files\DriftCity\driftcity.exe"="C:\Program Files\DriftCity\driftcity.exe:*:Enabled:driftcity"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d3fc21-3bdf-11dd-a446-00038a000015}]
shell\AutoRun\command - F:\SETUP.EXE


======List of files/folders created in the last 1 months======

2010-01-04 19:45:57 ----DC---- C:\rsit
2009-12-31 16:51:14 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2009-12-31 16:47:25 ----D---- C:\WINDOWS\Hewlett-Packard
2009-12-30 17:20:36 ----D---- C:\Program Files\Microsoft Security Essentials
2009-12-30 16:28:41 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-12-24 21:23:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-24 20:58:59 ----D---- C:\Program Files\Panda Security
2009-12-23 17:58:35 ----AC---- C:\RootRepeal report 12-23-09 (17-58-34).txt
2009-12-21 15:57:22 ----D---- C:\Program Files\Alwil Software
2009-12-20 21:46:34 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-12-20 21:46:27 ----D---- C:\Program Files\AVG
2009-12-20 21:46:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-20 21:27:21 ----D---- C:\Documents and Settings\David\Application Data\AVG8
2009-12-20 17:22:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-19 23:03:37 ----D---- C:\Program Files\Microsoft Windows OneCare Live(2)
2009-12-19 18:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-12-19 16:57:26 ----D---- C:\Documents and Settings\David\Application Data\QuickScan
2009-12-19 15:17:27 ----SHD---- C:\found.004
2009-12-18 23:33:36 ----D---- C:\Program Files\Trend Micro
2009-12-18 23:22:58 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-18 23:22:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-18 23:22:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-18 23:22:57 ----A---- C:\WINDOWS\system32\java.exe
2009-12-18 20:22:41 ----D---- C:\Documents and Settings\David\Application Data\Malwarebytes
2009-12-18 20:22:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-18 19:07:23 ----D---- C:\Program Files\CCleaner
2009-12-12 16:59:33 ----D---- C:\Program Files\Ask.com

======List of files/folders modified in the last 1 months======

2010-01-04 19:46:24 ----D---- C:\WINDOWS\Prefetch
2010-01-04 19:46:13 ----D---- C:\WINDOWS\Temp
2010-01-04 18:18:17 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 15:28:44 ----SD---- C:\WINDOWS\Tasks
2010-01-04 15:24:43 ----D---- C:\WINDOWS\system32
2010-01-04 15:24:26 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-04 15:24:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-03 23:16:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-02 14:56:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-01 15:54:57 ----D---- C:\Documents and Settings
2010-01-01 11:58:04 ----A---- C:\WINDOWS\win.ini
2009-12-31 16:51:19 ----SHD---- C:\WINDOWS\Installer
2009-12-31 16:51:19 ----HDC---- C:\Config.Msi
2009-12-31 16:51:14 ----D---- C:\WINDOWS
2009-12-31 16:48:06 ----D---- C:\Program Files\HP
2009-12-30 17:21:09 ----D---- C:\WINDOWS\system32\drivers
2009-12-30 17:21:08 ----HD---- C:\WINDOWS\inf
2009-12-30 17:20:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-30 17:20:36 ----RD---- C:\Program Files
2009-12-30 16:58:54 ----D---- C:\WINDOWS\system32\config
2009-12-30 16:55:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 21:48:53 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-12-26 21:46:44 ----D---- C:\Program Files\Shockwave.com
2009-12-25 14:56:56 ----D---- C:\Program Files\SpongeBob SquarePants Krabby Quest
2009-12-24 23:43:00 ----D---- C:\Program Files\Google
2009-12-24 23:41:08 ----D---- C:\Program Files\IrfanView
2009-12-24 23:36:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-24 23:32:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-24 23:32:00 ----D---- C:\WINDOWS\WinSxS
2009-12-24 23:30:55 ----RSD---- C:\WINDOWS\assembly
2009-12-24 23:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-24 23:30:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-24 23:30:41 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-12-24 23:30:41 ----D---- C:\Program Files\Common Files
2009-12-24 21:20:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-24 16:12:24 ----ASHC---- C:\boot.ini
2009-12-24 16:12:24 ----A---- C:\WINDOWS\system.ini
2009-12-20 21:41:09 ----SD---- C:\Documents and Settings\David\Application Data\Microsoft
2009-12-20 17:37:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-20 17:27:56 ----D---- C:\WINDOWS\system32\wbem
2009-12-20 17:27:55 ----D---- C:\WINDOWS\Registration
2009-12-19 22:25:28 ----D---- C:\Program Files\Java
2009-12-18 20:47:41 ----D---- C:\WINDOWS\PeerNet
2009-12-18 20:16:28 ----D---- C:\Program Files\uTorrent
2009-12-18 19:12:47 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-18 19:12:13 ----D---- C:\WINDOWS\Debug
2009-12-18 19:12:08 ----D---- C:\WINDOWS\Minidump
2009-12-15 18:42:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-15 16:20:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-14 23:06:16 ----D---- C:\Program Files\Internet Explorer
2009-12-10 18:37:23 ----D---- C:\WINDOWS\network diagnostic
2009-12-09 16:14:00 ----D---- C:\WINDOWS\ie8updates
2009-12-09 16:12:45 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-20 30104]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-05-16 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 白目國中生1;白目國中生1; C:\WINDOWS\system32\drivers\白目國中生1.sys []
S3 alvroq0f;alvroq0f; C:\WINDOWS\system32\drivers\alvroq0f.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-20 30104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cheetah1;cheetah1; C:\WINDOWS\system32\drivers\cheetah1.sys []
S3 DADriv1;DADriv1; C:\WINDOWS\system32\drivers\DADriv1.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-12 15440]
S3 Kaspersky1;Kaspersky1; C:\WINDOWS\system32\drivers\Kaspersky1.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sejt1;sejt1; C:\WINDOWS\system32\drivers\sejt1.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-05-18 37760]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toBzM;toBzM; C:\WINDOWS\system32\drivers\toBzM.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uzeil1;uzeil1; C:\WINDOWS\system32\drivers\uzeil1.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xp1;xp1; C:\WINDOWS\system32\drivers\xp1.sys []
S4 spcstb;spcstb; C:\WINDOWS\system32\drivers\spcstb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun; C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2007-07-11 36864]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-18 153376]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-04-26 537520]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 SecureSrv;SecureSrv; C:\Purple Moon\Hide My IP 2007\SecureSrv.exe [2008-03-13 102704]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 99248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-29 3407292]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-01-04 19:47:29

======Uninstall list======

-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\PROGRA~1\VIRTUA~1\Uninstall.exe Sprint
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC Tool-->C:\PROGRA~1\ACTOOL~1\UNWISE.EXE C:\PROGRA~1\ACTOOL~1\INSTALL.LOG
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Actual Search & Replace Version 2.8.1-->"C:\Program Files\Actual Search & Replace\unins000.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Photoshop Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Aimersoft PSP Video Converter(Build 1.1.52)-->"C:\Program Files\Aimersoft\PSP Video Converter\unins000.exe"
AIMTunes (remove only)-->C:\Program Files\AIMTunes\Uninstall.exe
Alive YouTube Video Converter (version 1.2.3.9)-->"C:\Program Files\AliveMedia\YouTube Video Converter\unins000.exe"
Allok 3GP PSP MP4 iPod Video Converter 4.8.0310-->"C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter\unins000.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
AutoIt v3.2.10.0-->C:\Documents and Settings\David\Desktop\AutoIt3\Uninstall.exe
Avenue Flo Official Game Companion-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\AVENUE~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\AVENUE~1\INSTALL.LOG
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Babysitting Mania (remove only)-->"C:\Program Files\Babysitting Mania\Uninstall.exe"
Bazooka Scanner-->"C:\Program Files\Cheat Engine\Uninstall.exe" "C:\Program Files\Cheat Engine\install.log"
Believe in Sandy: Holiday Story (remove only)-->"C:\Program Files\Believe in Sandy - Holiday Story\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Broadcom Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Burger Rush-->C:\PROGRA~1\PLAYFI~1\BURGER~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\BURGER~1\INSTALL.LOG
Cake Mania 3-->"C:\Program Files\Cake Mania 3\Uninstall.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins001.exe"
Ciao Bella-->C:\PROGRA~1\SHOCKW~1.COM\CIAOBE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\CIAOBE~1\INSTALL.LOG
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Cooking Academy-->C:\PROGRA~1\SHOCKW~1.COM\COOKIN~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\COOKIN~1\INSTALL.LOG
Cool All Video to iPod Converter 5.0-->"C:\Program Files\Cool All Video to iPod Converter\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cucusoft iPod Video Converter 3.16-->"C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
Cucusoft Ultimate DVD + Video Converter Suite 7.15.7.8-->"C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
DB CIF Cam-->C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\setup.exe -runfromtemp -l0x0009 -removeonly
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
Diner Dash - Flo on the Go-->C:\PROGRA~1\PLAYFI~1\DINERD~2\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DINERD~2\INSTALL.LOG
Diner Dash + Together-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~1\INSTALL.LOG
Diner Dash 2 + Together-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\INSTALL.LOG
Diner Dash 2 Restaurant Rescue (remove only)-->"C:\Program Files\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
Diner Dash 2: Restaurant Rescue™-->C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\INSTALL.LOG
Diner Dash 2-->C:\PROGRA~1\PLAYFI~1\DINERD~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\DINERD~1\INSTALL.LOG
Diner Dash Flo on the Go (remove only)-->"C:\Program Files\Diner Dash Flo on the Go\Uninstall.exe"
Diner Dash™-->C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~1\INSTALL.LOG
Diner Dash: Hometown Hero (remove only)-->"C:\Program Files\Diner Dash Hometown Hero\Uninstall.exe"
Diner Dash: Flo on the Go-->C:\PROGRA~1\SHOCKW~1.COM\DINERD~3\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\DINERD~3\INSTALL.LOG
Disney Pix Micro Downloader-->MsiExec.exe /X{183135A3-2CE8-43B5-BA5A-757EBAECB413}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doggie Dash-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DOGGIE~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DOGGIE~1\INSTALL.LOG
Dora Saves the Snow Princess-->C:\PROGRA~1\NICKJR~1.ARC\DORASA~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\DORASA~1\INSTALL.LOG
Doras Carnival 2 - At the Boardwalk (remove only)-->"C:\Program Files\Doras Carnival 2 At the Boardwalk\Uninstall.exe"
Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Dr. Daisy Pet Vet (remove only)-->"C:\Program Files\Dr. Daisy Pet Vet\Uninstall.exe"
Dress Shop Hop-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DRESSS~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DRESSS~1\INSTALL.LOG
dvdXsoft iPod Video Converter 1.34-->"C:\Program Files\dvdXsoft\dvdXsoft iPod Video Converter\unins000.exe"
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Fashion Apprentice-->"C:\Program Files\Fashion Apprentice\Uninstall.exe"
Fashion Fits! (remove only)-->"C:\Program Files\Fashion Fits!\Uninstall.exe"
Fashion Fits!-->C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FASHIO~1\INSTALL.LOG
Fashionista-->C:\PROGRA~1\PLAYFI~1\FASHIO~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\FASHIO~1\INSTALL.LOG
First Class Flurry-->"C:\Program Files\First Class Flurry\Uninstall.exe"
First Class Flurry-->C:\PROGRA~1\PLAYFI~1\FIRSTC~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\FIRSTC~1\INSTALL.LOG
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Fruity Garden (remove only)-->"C:\Program Files\Fruity Garden\Uninstall.exe"
Go Go Gourmet Chef of the Year-->C:\PROGRA~1\PLAYFI~1\GOGOGO~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\GOGOGO~1\INSTALL.LOG
Go-Go Gourmet (remove only)-->"C:\Program Files\Go-Go Gourmet\Uninstall.exe"
GunboundWC-->"C:\Program Files\softnyx\GunboundWC\unins000.exe"
Hex Workshop v5-->MsiExec.exe /I{26A373DB-162B-4B6E-A488-0BED0F0FB227}
hiddenhackers Toolbar-->C:\PROGRA~1\HIDDEN~1\UNWISE.EXE C:\PROGRA~1\HIDDEN~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Holly: A Christmas Tale (remove only)-->"C:\Program Files\Holly - A Christmas Tale\Uninstall.exe"
Home Sweet Home (remove only)-->"C:\Program Files\Home Sweet Home\Uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
Ice Cream Craze (remove only)-->"C:\Program Files\Ice Cream Craze\Uninstall.exe"
Ice Cream Tycoon-->C:\PROGRA~1\PLAYFI~1\ICECRE~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\ICECRE~1\INSTALL.LOG
IconChanger-->C:\Program Files\IconChanger\Install.exe uninstall
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe"
IP Changer 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Plustech Inc.\IP Changer 2.0\Uninst.isu"
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Jane's Hotel (remove only)-->"C:\Program Files\Janes Hotel\Uninstall.exe"
Janes Realty-->C:\PROGRA~1\PLAYFI~1\JANESR~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\JANESR~1\INSTALL.LOG
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
JoJo's Fashion Show 2-->C:\PROGRA~1\PLAYFI~1\JOJO'S~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\JOJO'S~1\INSTALL.LOG
JumpStart 2nd Grade v1.2-->C:\WINDOWS\IsUninst.exe -fC:\KA\2G\DeIsL1.isu
JumpStart 4th Grade v1.2-->C:\WINDOWS\IsUninst.exe -fC:\KA\4G\DeIsL1.isu
JumpStart Advanced 1st Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSA1G.exe
JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe
Knowledge Munchers Deluxe-->C:\WINDOWS\uninst.exe -f"C:\Program Files\The Learning Company\Knowledge Muncher\DeIsL1.isu"
Leap Ahead Math Ages 6-9-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Leap Ahead Math Ages 6-9\Uninst.isu"
Lego Chic Boutique (remove only)-->"C:\Program Files\Lego Chic Boutique\Uninstall.exe"
Lexmark 2500 Series-->C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Magic ISO Maker v5.5 (build 0261)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
MediaCoder 0.3.7-->C:\Program Files\MediaCoder\uninst.exe
Meet Blue's Baby Brother-->C:\PROGRA~1\NICKJR~1.ARC\MEETBL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\MEETBL~1\INSTALL.LOG
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Windows Driver Kit Documentation 6001.080104-->MsiExec.exe /X{BAF3ADC8-7075-40E3-973C-18A7988D3C1B}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2005 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Monopoly Junior-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hasbro Interactive\Monopoly Junior\Uninst.isu"
Movie Joiner-->C:\Program Files\Movie Joiner\uninst.exe -c
Movie Splitter-->C:\Program Files\Movie Splitter\uninst.exe -c
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Musicmatch Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Sweet 16 Photoshoot-->"C:\Program Files\MySweet16Photoshoot_at\unins000.exe"
Naevius YouTube Converter 1.5-->"C:\Program Files\Naevius YouTube Converter\unins000.exe"
Nanny Mania (remove only)-->"C:\Program Files\Nanny Mania\Uninstall.exe"
Nanny Mania-->C:\PROGRA~1\SHOCKW~1.COM\NANNYM~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\NANNYM~1\INSTALL.LOG
Open Ports Scanner 2.4-->"C:\Program Files\Filesland\Open Ports Scanner\unins000.exe"
Operation Flashpoint uninstall-->C:\Program Files\Codemasters\OperationFlashpoint\uninstall.exe
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Paradise Pet Salon (remove only)-->"C:\Program Files\Paradise Pet Salon\Uninstall.exe"
PFConfig 1.0.160-->C:\Program Files\PFConfig\uninst.exe
Pizza Frenzy-->C:\PROGRA~1\PLAYFI~1\PIZZAF~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\PIZZAF~1\INSTALL.LOG
Plant Tycoon (remove only)-->"C:\Program Files\Plant Tycoon\Uninstall.exe"
Podmailing Beta 0.10.0-->C:\Program Files\Podmailing\uninstall.exe
PremiumSoft Navicat 8.0 for MySQL-->"C:\Program Files\PremiumSoft\Navicat 8.0 MySQL\unins000.exe"
QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Reader Rabbit's Reading 1-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Rrr1\uninstal\DeIsL1.isu
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
Rockett's First Dance-->C:\WINDOWS\uninst.exe -fC:\PurpleMn\Rockett\DeIsL2.isu
Rockett's Secret Invitation-->C:\WINDOWS\uninst.exe -fC:\PurpleMn\Rockett\DeIsL1.isu
Sallys Spa-->C:\PROGRA~1\PLAYFI~1\SALLYS~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\SALLYS~1\INSTALL.LOG
Scanned Text Editor 1-->C:\WINDOWS\cadkasdeinst01e.exe "C:\Program Files\Scanned Text Editor 1\"
Screen OCR SDK 5.5-->C:\SCREEN~1\UNWISE.EXE C:\SCREEN~1\OCRSDK.0
Secret Paths in the Forest-->C:\WINDOWS\uninst.exe -f"C:\Purple Moon\Secret Paths in the Forest\DeIsL1.isu"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shade 0.5-->MsiExec.exe /X{105CB419-2682-433B-8375-1DDA32E765E6}
Smart Games Challenge I v1.1-->C:\WINDOWS\uninst.exe -fC:\SMRTGAMS\SGC1\DeIsL1.isu
Softnyx Launcher-->"C:\Program Files\Softnyx\Launcher\unins000.exe"
Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SpongeBob Diner Dash-->C:\PROGRA~1\PLAYFI~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants Diner Dash (remove only)-->"C:\Program Files\SpongeBob SquarePants Diner Dash\Uninstall.exe"
SpongeBob SquarePants Diner Dash 2 (remove only)-->"C:\Program Files\SpongeBob SquarePants Diner Dash 2\Uninstall.exe"
SpongeBob SquarePants Diner Dash 2-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
SpongeBob SquarePants Krabby Quest-->"C:\Program Files\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
Stand O Food-->C:\PROGRA~1\PLAYFI~1\STANDO~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\STANDO~1\INSTALL.LOG
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StealthBot v2.6 Revision 3 (remove only)-->"C:\Program Files\StealthBot\uninst.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
Trojan Remover 6.6.5-->"C:\Program Files\Trojan Remover\unins000.exe"
TurboTax 2008 wgaiper-->MsiExec.exe /I{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnyiper-->MsiExec.exe /I{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Premier 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Premier 2007-->C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Ultimate Writing & Creativity Center-->C:\WINDOWS\uninst.exe -fC:\TLCWIN\UWCC\uninstal\DeIsL1.isu
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Virtual Assistant-->C:\WINDOWS\Motive\Sprint\MCCUninst.exe
Wedding Dash - Ready Aim Love-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~2\INSTALL.LOG
Wedding Dash (remove only)-->"C:\Program Files\Wedding Dash\Uninstall.exe"
Wedding Dash 2: Rings Around the World-->"C:\Program Files\Wedding Dash 2 - Rings Around the World\Uninstall.exe"
Wedding Dash 2-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\INSTALL.LOG
Where in the World is Carmen Sandiego?-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\WHEREI~1.5\DeIsL1.isu"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Window Hide Tool 2.0-->"C:\Program Files\Window Hide Tool\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wizard101-->"C:\Program Files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe" -runfromtemp -l0x0009 -removeonly
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xilisoft Video Converter-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

80.69.94.166 gameguard.mapleglobal.com
80.69.94.166 63.251.217.184
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 gameguard.mapleglobal.com
24.13.34.142 gameguard.mapleglobal.com
24.13.34.142 gameguard.mapleglobal.com
24.13.34.142 gameguard.mapleglobal.com
24.13.34.142 gameguard.mapleglobal.com

======Security center information======

AV: Microsoft Security Essentials

======System event log======

Computer Name: FAMILY
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 147204
Source Name: DCOM
Time Written: 20091227183717.000000-300
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: FAMILY
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 147203
Source Name: DCOM
Time Written: 20091227183717.000000-300
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: FAMILY
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 147202
Source Name: DCOM
Time Written: 20091227181746.000000-300
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: FAMILY
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 147201
Source Name: DCOM
Time Written: 20091227181746.000000-300
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: FAMILY
Event Code: 10016
Message: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{EF3311EB-539B-4254-B669-6532457D7060}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission can be modified using the Component Services administrative tool.

Record Number: 147200
Source Name: DCOM
Time Written: 20091227175816.000000-300
Event Type: error
User: NT AUTHORITY\LOCAL SERVICE

=====Application event log=====

Computer Name: FAMILY
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 25
Source Name: Application Hang
Time Written: 20100103020905.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1000
Message: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00a9259a.

Record Number: 19
Source Name: Application Error
Time Written: 20100103012253.000000-300
Event Type: error
User:

Computer Name: FAMILY
Event Code: 1517
Message: Windows saved user FAMILY\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 13
Source Name: Userenv
Time Written: 20100103011055.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 1517
Message: Windows saved user FAMILY\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7
Source Name: Userenv
Time Written: 20100102222359.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 1000
Message: Faulting application hpqste08.exe, version 70.0.170.0, faulting module unknown, version 0.0.0.0, fault address 0x00a90c98.

Record Number: 6
Source Name: Application Error
Time Written: 20100102195843.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\Program Files\Borland\Delphi7\Bin;C:\Program Files\Borland\Delphi7\Projects\Bpl\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-04 19:55:06
Windows 5.1.2600 Service Pack 3
Running: qr32rleg.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\pxtdypod.sys


---- System - GMER 1.0.15 ----

SSDT spna.sys ZwCreateKey [0xF86F30E0]
SSDT spna.sys ZwEnumerateKey [0xF8711CA2]
SSDT spna.sys ZwEnumerateValueKey [0xF8712030]
SSDT spna.sys ZwOpenKey [0xF86F30C0]
SSDT spna.sys ZwQueryKey [0xF8712108]
SSDT spna.sys ZwQueryValueKey [0xF8711F88]
SSDT spna.sys ZwSetValueKey [0xF871219A]

INT 0x62 ? 833DBBF8
INT 0x63 ? 8336EBF8
INT 0x82 ? 833DBBF8
INT 0x83 ? 8336EBF8
INT 0x83 ? 8336EBF8
INT 0xB4 ? 8336EBF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8336D1F8
Device \FileSystem\Fastfat \FatCdrom 82C5B500
Device \Driver\usbuhci \Device\USBPDO-0 832411F8
Device \Driver\usbuhci \Device\USBPDO-1 832411F8
Device \Driver\usbuhci \Device\USBPDO-2 832411F8
Device \Driver\PCI_PNP4478 \Device\00000053 spna.sys
Device \Driver\PCI_PNP4478 \Device\00000053 spna.sys
Device \Driver\usbehci \Device\USBPDO-3 831E91F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8336F1F8
Device \Driver\sptd \Device\2850556978 spna.sys
Device \Driver\Cdrom \Device\CdRom0 831B51F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7BED28CF-61E7-4FDE-86A6-A2517C77BB98} 82B541F8
Device \Driver\Cdrom \Device\CdRom1 831B51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F866DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82DBE658
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F866DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82DBE658
Device \Driver\atapi \Device\Ide\IdePort0 [F866DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 82DBE658
Device \Driver\atapi \Device\Ide\IdePort1 [F866DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 82DBE658
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F866DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82DBE658
Device \Driver\Cdrom \Device\CdRom2 831B51F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82B541F8
Device \Driver\NetBT \Device\NetbiosSmb 82B541F8
Device \Driver\usbuhci \Device\USBFDO-0 832411F8
Device \Driver\usbuhci \Device\USBFDO-1 832411F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B471F8
Device \Driver\usbuhci \Device\USBFDO-2 832411F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B471F8
Device \Driver\usbehci \Device\USBFDO-3 831E91F8
Device \Driver\Ftdisk \Device\FtControl 8336F1F8
Device \Driver\alvroq0f \Device\Scsi\alvroq0f1 83202500
Device \Driver\alvroq0f \Device\Scsi\alvroq0f1Port2Path0Target0Lun0 83202500
Device \FileSystem\Fastfat \Fat 82C5B500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 82DBD500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0xEF 0x0D 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xC4 0x0B 0xC6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0xD8 0x39 0x40 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0xEF 0x0D 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xC4 0x0B 0xC6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x01 0x58 0x2D 0x46 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDD 0xEF 0x0D 0x13 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xC4 0x0B 0xC6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x01 0x58 0x2D 0x46 ...
Reg HKLM\SOFTWARE\Classes\.AudioCD\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.AudioCD\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.bkf\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.bkf\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.CTT@ MessengerContactList
Reg HKLM\SOFTWARE\Classes\.dvd\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.dvd\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.Folder\PersistentHandler
Reg HKLM\SOFTWARE\Classes\.Folder\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\.ppi@ ppifile
Reg HKLM\SOFTWARE\Classes\.wsz\PersistentHandler@ {098f2470-bae0-11cd-b579-08002b30bfeb}
Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\LocalServer32@ C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\ProgID@ SongsDB.SDBDevice
Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\TypeLib@ {E602ED16-8EF9-4F08-B09F-6F6E8306C51B}
Reg HKLM\SOFTWARE\Classes\CLSID\{1B9E63C7-6BF7-9612-5604-A89EE981A6DC}\Version@ 1.0
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost@ FormHost Class
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost\CLSID
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost\CLSID@ {0B5A7836-4C16-4560-90B2-0F5DAF6D6D1B}
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost\CurVer
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost\CurVer@ FormHost.FormHost.1
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost.1@ FormHost Class
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost.1\CLSID
Reg HKLM\SOFTWARE\Classes\FormHost.FormHost.1\CLSID@ {0B5A7836-4C16-4560-90B2-0F5DAF6D6D1B}
Reg HKLM\SOFTWARE\Classes\iehistory@ IE History and Feeds Shell Data Source for Windows Search
Reg HKLM\SOFTWARE\Classes\iehistory@ShellFolder {11016101-E366-4D22-BC06-4ADA335C892B}
Reg HKLM\SOFTWARE\Classes\iehistory@URL Protocol
Reg HKLM\SOFTWARE\Classes\IEPH.HistoryHandler@ IE History Search Protocol Handler
Reg HKLM\SOFTWARE\Classes\IEPH.HistoryHandler\CLSID
Reg HKLM\SOFTWARE\Classes\IEPH.HistoryHandler\CLSID@ {EE0BDDFA-8373-4cc4-85D8-0618E453187C}
Reg HKLM\SOFTWARE\Classes\IEPH.RSSHandler@ IE RSS Search Protocol Handler
Reg HKLM\SOFTWARE\Classes\IEPH.RSSHandler\CLSID
Reg HKLM\SOFTWARE\Classes\IEPH.RSSHandler\CLSID@ {8A11B5FA-3C92-4E8B-8382-3C71B757D679}
Reg HKLM\SOFTWARE\Classes\ierss@ IE History and Feeds Shell Data Source for Windows Search
Reg HKLM\SOFTWARE\Classes\ierss@ShellFolder {11016101-E366-4D22-BC06-4ADA335C892B}
Reg HKLM\SOFTWARE\Classes\ierss@URL Protocol
Reg HKLM\SOFTWARE\Classes\KmSvc.CKmsCertEnroll@ Cert Enrollment class
Reg HKLM\SOFTWARE\Classes\KmSvc.CKmsCertEnroll\CLSID
Reg HKLM\SOFTWARE\Classes\KmSvc.CKmsCertEnroll\CLSID@ {ff258fc0-99b1-4297-b857-539ad9bc13ed}
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager@ Messenger Extensions Manager Object
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CLSID@ {BC20CB75-A981-460e-81D4-F06F61B59247}
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager\CurVer@ Messenger.MessengerExtensions.1
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1@ Messenger Extensions Manager Object
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.ExtensionsManager.1\CLSID@ {BC20CB75-A981-460e-81D4-F06F61B59247}
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp@ Messenger Application
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CLSID@ {FB7199AB-79BF-11d2-8D94-0000F875C541}
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp\CurVer@ Messenger.MessengerApp.1
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1@ Messenger Application
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MessengerApp.1\CLSID@ {FB7199AB-79BF-11d2-8D94-0000F875C541}
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CLSID@ {F3A614DC-ABE0-11d2-A441-00C04F795683}
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject\CurVer@ Messenger.MsgrObject.1
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.MsgrObject.1\CLSID@ {F3A614DC-ABE0-11d2-A441-00C04F795683}
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation@ Messenger Object
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CLSID@ {B69003B3-C55E-4b48-836C-BC5946FC3B28}
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CurVer
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation\CurVer@ Messenger.UIAutomation.1
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1@ Messenger.UIAutomation
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1\CLSID
Reg HKLM\SOFTWARE\Classes\Messenger.UIAutomation.1\CLSID@ {B69003B3-C55E-4b48-836C-BC5946FC3B28}
Reg HKLM\SOFTWARE\Classes\MessengerContactList@ Messenger Contact List
Reg HKLM\SOFTWARE\Classes\MessengerContactList@NoOpen You cannot open this file directly. You must open Messenger and select "Import Contacts..." from the "File" menu.
Reg HKLM\SOFTWARE\Classes\MessengerContactList\DefaultIcon
Reg HKLM\SOFTWARE\Classes\MessengerContactList\DefaultIcon@ C:\Program Files\Messenger\msmsgs.exe,-1
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv@ Messenger Private Object
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CLSID@ {AB1D8565-40E9-4616-984D-98465687E82C}
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CurVer
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv\CurVer@ MessengerPrivate.MessengerPriv.1
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1@ MessengerPrivate.MessengerPriv
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1\CLSID
Reg HKLM\SOFTWARE\Classes\MessengerPrivate.MessengerPriv.1\CLSID@ {AB1D8565-40E9-4616-984D-98465687E82C}
Reg HKLM\SOFTWARE\Classes\Microsoft.MMC.FrameworkSnapInFactory@ Microsoft.ManagementConsole.Advanced.FrameworkSnapInFactory
Reg HKLM\SOFTWARE\Classes\Microsoft.MMC.FrameworkSnapInFactory\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.MMC.FrameworkSnapInFactory\CLSID@ {D5AB5662-131D-453D-88C8-9BBA87502ADE}
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform@ ExecutivePlatform
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform\CLSID@ {B3FD5602-EB0F-415E-9F32-75DA391D6BF9}
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform\CurVer
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform\CurVer@ MMC.ExecutivePlatform.1
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform.1@ ExecutivePlatform
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform.1\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.ExecutivePlatform.1\CLSID@ {B3FD5602-EB0F-415E-9F32-75DA391D6BF9}
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter@ SnapInFailureReporter
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter\CLSID@ {4A65D267-1539-4BD1-921D-1C49B3E58EB7}
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter\CurVer
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter\CurVer@ MMC.SnapInFailureReporter.1
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter.1@ SnapInFailureReporter
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter.1\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.SnapInFailureReporter.1\CLSID@ {4A65D267-1539-4BD1-921D-1C49B3E58EB7}
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog@ WaitDialog
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog\CLSID@ {2D11CF10-4FE0-45B2-88DF-6FFBF92BE9AB}
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog\CurVer
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog\CurVer@ MMC.WaitDialog.1
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog.1@ WaitDialog
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog.1\CLSID
Reg HKLM\SOFTWARE\Classes\MMC.WaitDialog.1\CLSID@ {2D11CF10-4FE0-45B2-88DF-6FFBF92BE9AB}
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP@ MsRDP Class v7
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP\CurVer
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP\CurVer@ MsRDP.MsRDP.6
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.2@ MsRDP Class v3
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.2\CLSID
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.2\CLSID@ {971127BB-259F-48c2-BD75-5F97A3331551}
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.3@ MsRDP Class v4
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.3\CLSID
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.3\CLSID@ {6A6F4B83-45C5-4ca9-BDD9-0D81C12295E4}
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.4@ MsRDP Class v5
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.4\CLSID
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.4\CLSID@ {54CE37E0-9834-41ae-9896-4DAB69DC022B}
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.5@ MsRDP Class v6
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.5\CLSID
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.5\CLSID@ {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.6@ MsRDP Class v7
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.6\CLSID
Reg HKLM\SOFTWARE\Classes\MsRDP.MsRDP.6\CLSID@ {7390f3d8-0439-4c05-91e3-cf5cb290c3d0}
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.4@ MsTscAx Class v4
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.4\CLSID
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.4\CLSID@ {ace575fd-1fcf-4074-9401-ebab990fa9de}
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.5@ MsTscAx Class v5
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.5\CLSID
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.5\CLSID@ {6AE29350-321B-42be-BBE5-12FB5270C0DE}
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.6@ MsTscAx Class v6
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.6\CLSID
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.6\CLSID@ {4eb2f086-c818-447e-b32c-c51ce2b30d31}
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.7@ MsTscAx Class v7
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.7\CLSID
Reg HKLM\SOFTWARE\Classes\MsTscAx.MsTscAx.7\CLSID@ {d2ea46a7-c2bf-426b-af24-e19c44456399}
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.6.0@ XML DOM Document 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.DOMDocument.6.0\CLSID@ {88d96a05-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.6.0@ Free Threaded XML DOM Document 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.FreeThreadedDOMDocument.6.0\CLSID@ {88d96a06-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXHTMLWriter.6.0@ MXHTMLWriter 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXHTMLWriter.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXHTMLWriter.6.0\CLSID@ {88d96a10-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXNamespaceManager.6.0@ MXNamespaceManager 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXNamespaceManager.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXNamespaceManager.6.0\CLSID@ {88d96a11-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.6.0@ MXXMLWriter 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.MXXMLWriter.6.0\CLSID@ {88d96a0f-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.6.0@ SAXAttributes 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXAttributes.6.0\CLSID@ {88d96a0e-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.6.0@ SAX XML Reader 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.SAXXMLReader.6.0\CLSID@ {88d96a0c-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.6.0@ Server XML HTTP 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.ServerXMLHTTP.6.0\CLSID@ {88d96a0b-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.6.0@ XML HTTP 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLHTTP.6.0\CLSID@ {88d96a0a-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.6.0@ XML Schema Cache 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XMLSchemaCache.6.0\CLSID@ {88d96a07-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.6.0@ XSL Template 6.0
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.6.0\CLSID
Reg HKLM\SOFTWARE\Classes\Msxml2.XSLTemplate.6.0\CLSID@ {88d96a08-f192-11d4-a65f-0040963251e5}
Reg HKLM\SOFTWARE\Classes\ppifile@ Microsoft Passport configuration file
Reg HKLM\SOFTWARE\Classes\ppifile\DefaultIcon
Reg HKLM\SOFTWARE\Classes\ppifile\DefaultIcon@ %SystemRoot%\system32\msppcnfg.exe,1
Reg HKLM\SOFTWARE\Classes\ppifile\shell
Reg HKLM\SOFTWARE\Classes\ppifile\shell\open
Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\command
Reg HKLM\SOFTWARE\Classes\ppifile\shell\open\command@ %SystemRoot%\System32\msppcnfg.exe /Config %1
Reg HKLM\SOFTWARE\Classes\WIZARD101GAMELAUNCHER.Wizard101GameLauncherCtrl.1@ Wizard101GameLauncher
Reg HKLM\SOFTWARE\Classes\WIZARD101GAMELAUNCHER.Wizard101GameLauncherCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\WIZARD101GAMELAUNCHER.Wizard101GameLauncherCtrl.1\CLSID@ {75A6AEA3-F26E-4608-AE9B-8DA78C87576E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32E564A0-155B-7C61-9853-97494A074993}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32E564A0-155B-7C61-9853-97494A074993}@bbhfmocclkigpjcmoiefjflagaedajflnbno 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32E564A0-155B-7C61-9853-97494A074993}@abhfmocclkigpjcmoileaeaijnkaoflmma 0x61 0x61 0x00 0x00

---- EOF - GMER 1.0.15 ----

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 04 January 2010 - 08:06 PM

Hi,

The HelpAssistant folder is a sign of a Rootkit known as Mebroot, I would like to see another scan to see if you do indeed have this.

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Double click on mbr.exe to run it.
  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.

unite.jpg


#5 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 04 January 2010 - 08:25 PM

Here it is

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82dbe658
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82a71450
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x094FE9BD
malicious code @ sector 0x094FE9C0 !
PE file found in sector at 0x094FE9D6 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 04 January 2010 - 08:33 PM

It look like you do have a rootkit so you need to be aware of the following information

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


  • Go to Start >> Run then copy and paste the following line into the run box

    "%userprofile%\desktop\mbr.exe" -f

The please post back with the mbr log

unite.jpg


#7 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 04 January 2010 - 08:37 PM

Let's go ahead with cleaning the pc for now. I was actually thinking of reformatting (and I guess reinstalling the OS would have to be an extra step if I can find the CD), but I'm just making sure all users of the comp don't lose anything drastically important before I do.And I supposed the new log overwrote the old log on my desktop, so here it is:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82dbe658
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82a71450
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x094FE9BD
malicious code @ sector 0x094FE9C0 !
PE file found in sector at 0x094FE9D6 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 04 January 2010 - 08:47 PM

Can you tell me if you have tried to uninstall superantispyware at some point?

Also do you recognise the following program?

C:\Program Files\hiddenhackers

Please run mbr.exe again by double clicking on it and post the new log.

Then please update Malwarebytes and run a quick scan and post the log in your next reply.

unite.jpg


#9 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 04 January 2010 - 09:30 PM

I have downloaded and deleted superantispyware several times in the past, and I can assume that I did not do it properly through a proper uninstall and simply right clicked it.

As for the hiddenhackers thing, it happens to be a toolbar that was associated with me and my friend's gaming site we used to run together. We essentially put it together, and I've been meaning to delete it for some time now, but keep forgetting....

Logs:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82dbe658
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82a71450
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x094FE9BD
malicious code @ sector 0x094FE9C0 !
PE file found in sector at 0x094FE9D6 !
Use "Recovery Console" command "fixmbr" to clear infection !


Malwarebytes' Anti-Malware 1.43
Database version: 3495
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/4/2010 9:30:10 PM
mbam-log-2010-01-04 (21-30-10).txt

Scan type: Quick Scan
Objects scanned: 181713
Time elapsed: 31 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 04 January 2010 - 10:00 PM

There are lots of ophaned SAS drivers but it still appears in you programs list that is why I was asking, I will remove the orphaned driver
I will also remove some other bits that have been leftover after uninstalling.


Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    Avgfwdx
    Avgfwfd
    npkcrypt
    白目國中生1
    alvroq0f
    cheetah1
    DADriv1
    EagleNT
    Kaspersky1
    mcdbus
    npkcusb
    sejt1
    toBzM
    uzeil1
    xp1
    spcstb
    SASDIFSV
    SASKUTIL
    SABKUTIL
    SABProcEnum
    SASENUM
    wampapache
    wampmysqld
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DE9C389F-3316-41A7-809B-AA305ED9D922}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"=-
    "AVG9_TRAY"=-
    "UserFaultCheck"=-
    "InvisibleBrowsing"=-
    ""=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    :Files
    C:\Program Files\Alwil Software
    C:\WINDOWS\system32\avgfwdx.dll
    C:\Program Files\AVG
    C:\Documents and Settings\All Users\Application Data\avg9
    C:\Documents and Settings\David\Application Data\AVG8
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Download the HostsXpert
  • Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then please post back here with the following logs:
  • OTM results
  • New Rsit log
Thanks

unite.jpg


#11 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 05 January 2010 - 11:53 AM

I think OTM killed my internet because I can't connect to the internet anymore. I am using a different computer to type this message. I haven't tried a second time after shutting it down, and I'll try again when I get home, but if it doesn't work, what should I do?

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 05 January 2010 - 04:56 PM

If you are still unable to connect to the internet try doing a system restore to the nearest point before you ran OTM.

unite.jpg


#13 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 05 January 2010 - 07:14 PM

I did system restore for yesterday and internet is working again.

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:38 PM

Posted 05 January 2010 - 07:17 PM

Please post a new Rsit log then.

unite.jpg


#15 Kalookakoo

Kalookakoo
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 05 January 2010 - 07:21 PM

Here it is:

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2010-01-05 19:19:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (57%) free of 76 GB
Total RAM: 510 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:53 PM, on 1/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Purple Moon\Hide My IP 2007\SecureSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O1 - Hosts: 80.69.94.166 gameguard.mapleglobal.com
O1 - Hosts: 80.69.94.166 63.251.217.184
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O3 - Toolbar: hiddenhackers Toolbar - {f77173fa-5de1-4bd8-a0a2-d84571421735} - C:\Program Files\hiddenhackers\tbhidd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase2895.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://secure.footprint.net/kingsisle/stat...ameLauncher.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgersho...esPlayer_v5.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DriveHQ FileManagerFun - Drive Headquarter - C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SecureSrv - Unknown owner - C:\Purple Moon\Hide My IP 2007\SecureSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe (file missing)

--
End of file - 13362 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6BEAA73D-E5F8-4A5F-9D1D-6EB19A197DED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-12-18 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77173fa-5de1-4bd8-a0a2-d84571421735}]
hiddenhackers Toolbar - C:\Program Files\hiddenhackers\tbhidd.dll [2008-02-28 1470488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll []
{f77173fa-5de1-4bd8-a0a2-d84571421735} - hiddenhackers Toolbar - C:\Program Files\hiddenhackers\tbhidd.dll [2008-02-28 1470488]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2009-05-06 1279272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"lxddmon.exe"=C:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-05-04 291760]
"lxddamon"=C:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-03-05 20480]
"InvisibleBrowsing"= []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"HostManager"=C:\Program Files\Common Files\AOL\1173843243\ee\AOLSoftware.exe [2006-09-25 50736]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-05-04 312240]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1173843243\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1173843243\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\acs\AOLDial.exe"="C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe"="C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme"="C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront"
"C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Nexon\MapleStory\NewPatcher.exe"="C:\Nexon\MapleStory\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\ijji\ENGLISH\u_skid.exe"="C:\ijji\ENGLISH\u_skid.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\U_KwonHoOnline\KwonHoClient.exe"="C:\ijji\ENGLISH\U_KwonHoOnline\KwonHoClient.exe:*:Enabled:KwonHo"
"C:\Program Files\DriftCity\driftcity.exe"="C:\Program Files\DriftCity\driftcity.exe:*:Enabled:driftcity"
"C:\ijji\ENGLISH\u_gbound.exe"="C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:猥orrent"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark 2500 Series\App4R.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\WINDOWS\system32\lxddcoms.exe"="C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lexmark 2500 Series\app4r.exe"="C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-05 18:56:57 ----D---- C:\Program Files\Alwil Software
2010-01-05 18:56:56 ----D---- C:\Program Files\AVG
2010-01-05 18:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-01-05 18:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-05 18:56:39 ----HD---- C:\WINDOWS\msdownld.tmp
2010-01-04 22:13:23 ----DC---- C:\_OTM
2010-01-04 22:12:03 ----D---- C:\WINDOWS\ERDNT
2010-01-04 22:11:24 ----D---- C:\Program Files\ERUNT
2010-01-04 19:45:57 ----DC---- C:\rsit
2009-12-31 16:51:14 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2009-12-31 16:47:25 ----D---- C:\WINDOWS\Hewlett-Packard
2009-12-30 17:20:36 ----D---- C:\Program Files\Microsoft Security Essentials
2009-12-30 16:28:41 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-12-24 21:23:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-24 20:58:59 ----D---- C:\Program Files\Panda Security
2009-12-23 17:58:35 ----AC---- C:\RootRepeal report 12-23-09 (17-58-34).txt
2009-12-20 21:46:34 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-12-20 21:27:21 ----D---- C:\Documents and Settings\David\Application Data\AVG8
2009-12-20 17:22:30 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-19 23:03:37 ----D---- C:\Program Files\Microsoft Windows OneCare Live(2)
2009-12-19 16:57:26 ----D---- C:\Documents and Settings\David\Application Data\QuickScan
2009-12-19 15:17:27 ----SHD---- C:\found.004
2009-12-18 23:33:36 ----D---- C:\Program Files\Trend Micro
2009-12-18 23:22:58 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-18 23:22:58 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-18 23:22:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-18 23:22:57 ----A---- C:\WINDOWS\system32\java.exe
2009-12-18 20:22:41 ----D---- C:\Documents and Settings\David\Application Data\Malwarebytes
2009-12-18 20:22:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-18 19:07:23 ----D---- C:\Program Files\CCleaner
2009-12-12 16:59:33 ----D---- C:\Program Files\Ask.com

======List of files/folders modified in the last 1 months======

2010-01-05 19:14:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-05 19:12:08 ----D---- C:\WINDOWS\Temp
2010-01-05 19:11:36 ----D---- C:\WINDOWS\Prefetch
2010-01-05 19:05:46 ----SD---- C:\WINDOWS\Tasks
2010-01-05 19:01:27 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-01-05 19:00:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-05 18:58:55 ----D---- C:\WINDOWS\system32\config
2010-01-05 18:58:16 ----D---- C:\WINDOWS\system32\wbem
2010-01-05 18:58:16 ----D---- C:\WINDOWS\Registration
2010-01-05 18:56:58 ----D---- C:\WINDOWS\system32\drivers
2010-01-05 18:56:57 ----D---- C:\WINDOWS\system32
2010-01-05 18:56:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 22:19:41 ----D---- C:\WINDOWS
2010-01-04 22:14:12 ----RD---- C:\Program Files
2010-01-02 14:56:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-01 15:54:57 ----D---- C:\Documents and Settings
2010-01-01 11:58:04 ----A---- C:\WINDOWS\win.ini
2009-12-31 16:51:19 ----SHD---- C:\WINDOWS\Installer
2009-12-31 16:51:19 ----HDC---- C:\Config.Msi
2009-12-31 16:48:06 ----D---- C:\Program Files\HP
2009-12-30 17:21:08 ----HD---- C:\WINDOWS\inf
2009-12-30 17:20:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-30 16:55:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-26 21:48:53 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-12-26 21:46:44 ----D---- C:\Program Files\Shockwave.com
2009-12-25 14:56:56 ----D---- C:\Program Files\SpongeBob SquarePants Krabby Quest
2009-12-24 23:43:00 ----D---- C:\Program Files\Google
2009-12-24 23:41:08 ----D---- C:\Program Files\IrfanView
2009-12-24 23:36:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-24 23:32:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-24 23:32:00 ----D---- C:\WINDOWS\WinSxS
2009-12-24 23:30:55 ----RSD---- C:\WINDOWS\assembly
2009-12-24 23:30:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-24 23:30:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-24 23:30:41 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-12-24 23:30:41 ----D---- C:\Program Files\Common Files
2009-12-24 21:20:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-24 16:12:24 ----ASHC---- C:\boot.ini
2009-12-24 16:12:24 ----A---- C:\WINDOWS\system.ini
2009-12-20 21:41:09 ----SD---- C:\Documents and Settings\David\Application Data\Microsoft
2009-12-20 17:37:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-19 22:25:28 ----D---- C:\Program Files\Java
2009-12-18 20:47:41 ----D---- C:\WINDOWS\PeerNet
2009-12-18 20:16:28 ----D---- C:\Program Files\uTorrent
2009-12-18 19:12:47 ----D---- C:\WINDOWS\system32\LogFiles
2009-12-18 19:12:13 ----D---- C:\WINDOWS\Debug
2009-12-18 19:12:08 ----D---- C:\WINDOWS\Minidump
2009-12-15 18:42:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-15 16:20:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-14 23:06:16 ----D---- C:\Program Files\Internet Explorer
2009-12-10 18:37:23 ----D---- C:\WINDOWS\network diagnostic
2009-12-09 16:14:00 ----D---- C:\WINDOWS\ie8updates
2009-12-09 16:12:45 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-20 30104]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-05-16 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-05-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 白目國中生1;白目國中生1; C:\WINDOWS\system32\drivers\白目國中生1.sys []
S3 ajstbd2v;ajstbd2v; C:\WINDOWS\system32\drivers\ajstbd2v.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-12-20 30104]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cheetah1;cheetah1; C:\WINDOWS\system32\drivers\cheetah1.sys []
S3 DADriv1;DADriv1; C:\WINDOWS\system32\drivers\DADriv1.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-12 15440]
S3 Kaspersky1;Kaspersky1; C:\WINDOWS\system32\drivers\Kaspersky1.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sejt1;sejt1; C:\WINDOWS\system32\drivers\sejt1.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DB CIF Cam; C:\WINDOWS\System32\Drivers\Capt905c.sys [2007-05-18 37760]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 toBzM;toBzM; C:\WINDOWS\system32\drivers\toBzM.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 uzeil1;uzeil1; C:\WINDOWS\system32\drivers\uzeil1.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xp1;xp1; C:\WINDOWS\system32\drivers\xp1.sys []
S4 spcstb;spcstb; C:\WINDOWS\system32\drivers\spcstb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DriveHQ FileManagerFun;DriveHQ FileManagerFun; C:\Program Files\DriveHQ\DriveHQ FileManager\DHQFMSvc.exe [2007-07-11 36864]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-18 153376]
R2 lxdd_device;lxdd_device; C:\WINDOWS\system32\lxddcoms.exe [2007-04-26 537520]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 SecureSrv;SecureSrv; C:\Purple Moon\Hide My IP 2007\SecureSrv.exe [2008-03-13 102704]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-04-26 99248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-10-29 3407292]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -k runservice []
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users