Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan, Malware Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 mountainair

mountainair

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 07 March 2010 - 01:36 PM

Contracted a virus on 2-02-10 from a trusted customer: Trend PC found:
Spammer Win32/Tedroo.A, Trojan Downloader: Win32/RenosKF, Exploit Java/Gimish.A, Exploit Java?CVE-2008-5353-C, bg-stryTools.png, googleads.g.doublLEAK
2-12-10 Downloaded a routine Microsoft Security Patch: KB977/65, rendered my computer unbootable...found a forum online to remove that patch to get up and running again. The blue screen message I got after applying that patch was: 0X0000007E (0X00000ID, 0X80537008, 0XBA4C33B8, 0XBA4C30B4)
When I use any search engine on the web, I am redirected to a page that has nothing to do with what I searched for
I am unable to start my computer in "safe mode" I get the blue screen of death..I did not write down the code sadly but the verbiage was STOP
I installed the latest version of Trend MIcro Internet Security a couple of days ago and have gotten the blue screen randomly
I know I have some problems and thought I had cleaned everything not only with my previous version of Trend, but also with Microsoft Security Essentials
When running GMER, my final message was "GMER has found system modification caused by ROOTKIT activity"
Help!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Suz at 16:22:24.44 on Sat 03/06/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1481 [GMT -8:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Suz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://safesearch.cyberdefender.com/smallsearch.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=Userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/24.16/uploader2.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/vista/prog/CLVistaGenie.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.163.155,93.188.161.59
TCP: {D9C8AE01-B43E-45C4-9B1A-857DCB8A0B1C} = 93.188.163.155,93.188.161.59
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb}: evacuative
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\suz\applic~1\mozilla\firefox\profiles\oiyuf4o5.default\
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-9 207792]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-2-1 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-2-1 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-9 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-1 112592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-5 36368]
R3 SaiK8018;SaiK8018;c:\windows\system32\drivers\SaiK8018.sys [2008-7-29 106496]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-5 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-5 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-5 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-5 689416]
S2 CE841B380021FB04;CE841B380021FB04;\??\c:\documents and settings\suz\desktop\ce841b380021fb04\ce841b380021fb04 --> c:\documents and settings\suz\desktop\ce841b380021fb04\CE841B380021FB04 [?]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2007-5-14 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2007-5-14 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2007-5-14 179328]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-8-9 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-30 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-11-30 1141712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-2-1 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S4 Nissyseri;Nissyseri; [x]

=============== Created Last 30 ================

2010-03-07 00:15:49 0 ----a-w- c:\documents and settings\suz\defogger_reenable
2010-03-06 01:42:01 0 d-----w- c:\program files\TrendMicro
2010-03-05 23:30:00 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2010-03-05 23:12:54 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-05 23:12:54 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-05 23:12:54 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-05 23:12:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-05 23:10:51 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-03-05 23:10:47 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-05 23:10:47 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-03-05 23:10:47 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-03-05 23:10:47 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-03-05 23:10:47 1220120 ----a-w- c:\windows\system32\drivers\VsapiNT.sys
2010-02-10 17:08:10 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 17:08:10 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 17:08:10 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 17:08:09 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 17:08:09 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 17:08:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-08 18:56:03 0 d-----w- c:\program files\iPod

==================== Find3M ====================

3427-09-26 06:40:30 117028 ----a-w- c:\windows\fonts\Arial Black.TTF
2010-03-04 11:10:54 229760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 18:44:00 338200 ----a-w- c:\docume~1\suz\applic~1\GDIPFONTCACHEV1.DAT
2010-01-21 23:21:07 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21:07 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 23:21:06 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21:05 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-14 23:38:36 87608 ----a-w- c:\docume~1\suz\applic~1\inst.exe
2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:39:34 87608 ----a-w- c:\docume~1\suz\applic~1\ezpinst.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-12-22 05:21:03 627712 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-12-22 05:21:02 1509888 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:21:00 3071488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2007-03-07 17:53:37 104 --sh--r- c:\windows\system32\2EA4C28475.sys

============= FINISH: 16:23:17.11 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 10 March 2010 - 01:59 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt

Thanks

unite.jpg


#3 mountainair

mountainair
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 12 March 2010 - 06:47 PM

Hello Syler,
Please let me thank you for taking the time to help me with this multi-pronged problem.
Of interest perhaps:
1. After numerous failed attempts in Safari to link to the Malwarebytes' Anti-Malware link, I had to run a google search and then find a link I could cut and paste into the url..I hope I got a legitimate one.
2. In trying to find an update once I downloaded Malwarebytes, I kept receiving an error message. I ran the scan anyway and here are the logs:

MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/12/2010 3:21:49 PM
mbam-log-2010-03-12 (15-21-49).txt

Scan type: Quick Scan
Objects scanned: 135071
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\setupxv[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Suz\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.


Here is the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Suz at 2010-03-12 15:27:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 191 GB (64%) free of 300 GB
Total RAM: 2045 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:47 PM, on 3/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Documents and Settings\Suz\Desktop\RSIT.exe
C:\Program Files\trend micro\Suz.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2061014
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/24.16/uploader2.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9C8AE01-B43E-45C4-9B1A-857DCB8A0B1C}: NameServer = 93.188.163.155,93.188.161.59
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.155,93.188.161.59
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.155,93.188.161.59
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.163.155,93.188.161.59
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.155,93.188.161.59
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: evacuative - {4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb} - (no file)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 10546 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-12-18 320928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-12-18 320928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-11-08 18944]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-11-08 16384]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2010-03-05 1020248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"CurseClient"=C:\Program Files\Curse\CurseClient.exe [2010-01-22 1845248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2009-12-18 624056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnvTrgr]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-06-26 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-08-11 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2005-04-08 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTraySD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Program Files\Creative\Volume Panel\VolPanel.exe [2005-10-14 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2005-11-09 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
evacuative - {4d5b7736-a3bc-4e5b-9fa2-1bcc3e587abb}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [2003-03-31 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe"="C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe:*:Enabled:Winsock FTP Client"
"F:\World of Warcraft\Repair.exe"="F:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Documents and Settings\Suz\Local Settings\Temp\Rar$EX04.063\Repair.exe"="C:\Documents and Settings\Suz\Local Settings\Temp\Rar$EX04.063\Repair.exe:*:Enabled:Blizzard Repair Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Spyware Doctor\pctsGui.exe"="C:\Program Files\Spyware Doctor\pctsGui.exe:*:Enabled:Spyware Doctor"
"C:\Documents and Settings\Suz\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Suz\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"G:\World of Warcraft\Launcher.exe"="G:\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe"="C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe:*:Enabled:World of Warcraft - Uninstall"
"C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe"="C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe:*:Enabled:Adobe Bridge CS3"
"C:\Program Files\Adobe\Adobe Device Central CS3\DeviceCentral.exe"="C:\Program Files\Adobe\Adobe Device Central CS3\DeviceCentral.exe:*:Enabled:Adobe Device Central CS3"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe"="C:\Program Files\Adobe\Adobe Utilities\ExtendScript Toolkit 2\ExtendScript Toolkit 2.exe:*:Enabled:Adobe ExtendScript Toolkit 2"
"C:\Program Files\Adobe\Adobe Extension Manager\Extension Manager.exe"="C:\Program Files\Adobe\Adobe Extension Manager\Extension Manager.exe:*:Enabled:Adobe Extension Manager CS3"
"C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe"="C:\Program Files\Adobe\Adobe Flash CS3\Flash.exe:*:Enabled:Adobe Flash CS3 Professional"
"C:\Program Files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe"="C:\Program Files\Adobe\Adobe Flash CS3 Video Encoder\Flash Video Encoder.exe:*:Enabled:Adobe Flash CS3 Video Encoder"
"C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"="C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe:*:Enabled:Adobe Illustrator CS3"
"C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe"="C:\Program Files\Adobe\Adobe InDesign CS3\InDesign.exe:*:Enabled:Adobe InDesign CS3"
"C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe"="C:\Program Files\Adobe\Acrobat 8.0\Designer 8.0\FormDesigner.exe:*:Enabled:Adobe LiveCycle Designer 8.0"
"C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe"="C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe:*:Enabled:Adobe Photoshop CS3"
"C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe"="C:\Program Files\Adobe\Adobe Stock Photos CS3\Adobe Stock Photos CS3.exe:*:Enabled:Adobe Stock Photos CS3"
"C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe"="C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe:*:Enabled:Trend Micro Support Diagnostic Toolkit"
"C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe"="C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsole.exe:*:Enabled:- Play Games -"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{055f4a3a-a043-11dc-97d9-00188b185d6e}]
shell\AutoRun\command - G:\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{474dd743-6f0e-11dc-978e-00188b185d6e}]
shell\AutoRun\command - J:\magicJack\autorun.exe
shell\phone\command - J:\magicJack\autorun.exe


======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.js - open -
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-03-12 15:27:27 ----D---- C:\rsit
2010-03-12 15:08:49 ----D---- C:\Documents and Settings\Suz\Application Data\Malwarebytes
2010-03-12 15:08:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-12 15:08:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-06 20:20:58 ----D---- C:\WINDOWS\system32\Service
2010-03-05 17:42:01 ----D---- C:\Program Files\TrendMicro
2010-03-05 15:12:22 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro

======List of files/folders modified in the last 1 months======

2010-03-12 15:27:47 ----D---- C:\Program Files\Trend Micro
2010-03-12 15:27:17 ----D---- C:\WINDOWS\Prefetch
2010-03-12 15:24:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-12 15:23:55 ----D---- C:\WINDOWS\Temp
2010-03-12 15:23:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-03-12 15:23:14 ----D---- C:\WINDOWS\system32\drivers
2010-03-12 15:22:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-12 15:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923694$
2010-03-12 15:08:45 ----D---- C:\Program Files
2010-03-12 14:54:40 ----D---- C:\Program Files\Mozilla Firefox
2010-03-12 14:35:34 ----D---- C:\WINDOWS
2010-03-12 11:23:00 ----D---- C:\PERFORM
2010-03-12 10:35:24 ----D---- C:\WINDOWS\system32
2010-03-10 11:30:18 ----D---- C:\Program Files\Safari
2010-03-05 17:42:03 ----SHD---- C:\WINDOWS\Installer
2010-03-05 17:42:02 ----D---- C:\Config.Msi
2010-03-05 15:14:45 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-05 15:13:00 ----HD---- C:\WINDOWS\inf
2010-03-05 14:57:39 ----N---- C:\WINDOWS\win.ini
2010-03-05 14:57:39 ----N---- C:\WINDOWS\system.ini
2010-03-05 14:57:39 ----ASH---- C:\boot.ini
2010-03-05 14:55:44 ----D---- C:\Program Files\Registry Mechanic
2010-03-05 14:46:20 ----SD---- C:\WINDOWS\Tasks
2010-03-02 12:57:18 ----RSD---- C:\WINDOWS\Fonts
2010-02-22 17:14:47 ----A---- C:\WINDOWS\imsins.BAK
2010-02-22 17:14:25 ----D---- C:\Program Files\Online Services

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2010-03-05 89872]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-21 1220120]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-04 143872]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-11-08 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-11-08 439680]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-11-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-11-08 143360]
R3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
R3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2001-10-22 17600]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-11-08 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2005-11-08 1095680]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-11-08 114688]
R3 SaiK8018;SaiK8018; C:\WINDOWS\system32\DRIVERS\SaiK8018.sys [2008-07-29 106496]
R3 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2010-03-05 339984]
R3 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 nvport;NVIDIA PORT IO Control Driver; \??\C:\WINDOWS\system32\Drivers\nvport.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-09-06 6144]
S3 P1370Aud;Creative WebCam Audio Control; \??\C:\WINDOWS\system32\Drivers\P1370Aud.sys []
S3 P1370Aul;PD1370 Lower Filter Driver; \??\C:\WINDOWS\system32\Drivers\P1370Aul.sys []
S3 P1370VID;Live! Cam Voice; C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-04-10 179328]
S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-08-11 515456]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\hpzipm12.exe [2007-08-08 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2010-03-05 715368]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-01-30 45056]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2010-03-05 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2010-03-05 497008]
R3 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-03-05 689416]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-04-16 68096]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2009-11-12 70928]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


...and the info.txt

info.txt logfile of random's system information tool 1.06 2010-03-12 15:27:53

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\PROGRA~1\GLOBAL~1\CuteHTML\UNWISE32.EXE C:\PROGRA~1\GLOBAL~1\CuteHTML\INSTALL2.LOG
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACT!-->C:\WINDOWS\IsUninstAct.exe -f"C:\Program Files\ACT\Uninst6.isu" -c"C:\Program Files\ACT\UNINSTAL.DLL"
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.2.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Creative 3DMIDI Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
Creative Karaoke Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
Creative Live! Cam Doodling-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5549DC52-211C-44BE-8347-0C22812DEB31}\setup.exe" -l0x9 /remove
Creative Live! Cam FX Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe" -l0x9 /remove
Creative Live! Cam Voice Driver (1.01.02.0410)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD1370.uns -unsext NT -plugin P1370Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Voice User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Voice\Creative Live! Cam Voice User's Guide\English\CTManual.isu"
Creative MediaSource DVD-Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Smart Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative SoundFont Bank Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
Creative Speaker Connection Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Vienna SoundFont Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
Creative Volume Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
CuteFTP-->C:\PROGRA~1\GlobalSCAPE\CuteFTP\UNWISE32.EXE C:\PROGRA~1\GlobalSCAPE\CuteFTP\INSTALL.LOG
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Diner Dash-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6293BC00-4EB8-4C65-8548-53E2FC3BF937\Uninstall.exe"
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel-->C:\Program Files\EPSON\Smart Panel\SPUninst.exe
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\SETUP.EXE" -l0x9 UNINSTALL
Eudora-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Qualcomm\Eudora\Uninst.isu" -c"C:\Program Files\Qualcomm\Eudora\EudUnInst.dll"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Color Inkjet CP1700 Uninstaller-->C:\Program Files\Hewlett-Packard\HP Color Inkjet CP1700\Uninstall\setup.exe ciuninst.ini
hp LaserJet all-in-one-->msiexec /x{1C32666E-3F65-4A9A-BC4D-FE293015FE7B}
hp LaserJet-all-in-one-->C:\Program Files\hp\Digital Imaging\{1B4B2D13-BA87-4c7c-8B67-0EE7CE698415}\setup\hpzscr01.exe -datfile hpbscr01.dat
HP Photo & Imaging 3.1-->C:\Program Files\hp\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\hp\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LaserAIO-->MsiExec.exe /I{DD23CAA4-8872-4B95-B263-EA46FD82CF19}
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Pinnacle Instant DVD Recorder-->MsiExec.exe /X{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pinnacle Video Driver-->MsiExec.exe /X{6DE721A5-5E89-4D74-994C-652BB3C0672E}
PodUtil 3.0.3-->"C:\Program Files\PodUtil\unins000.exe"
Polar Bowler-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\Uninstall.exe"
Privacy Guardian 4.1-->"C:\Program Files\Privacy Guardian\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SilverFast TWAIN-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Twain_32\LaserSoft\SilverFast\Uninstall\Uninst.isu
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins001.exe /LOG
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tales of Monkey Island - Launch of the Screaming Narwhal-->C:\Program Files\Telltale Games\Tales of Monkey Island\UNINSTALL_MonkeyIsland101.exe
THX Setup Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPefect Document Converter-->"C:\Program Files\wpcvtr\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: DELLXPS
Event Code: 9
Message: The device, , did not respond within the timeout period.

Record Number: 51640
Source Name: sbp2port
Time Written: 20100203083328.000000-480
Event Type: error
User:

Computer Name: DELLXPS
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 51635
Source Name: Disk
Time Written: 20100203012748.000000-480
Event Type: warning
User:

Computer Name: DELLXPS
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 51634
Source Name: Fastfat
Time Written: 20100203012748.000000-480
Event Type: warning
User:

Computer Name: DELLXPS
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 51633
Source Name: Fastfat
Time Written: 20100203012748.000000-480
Event Type: warning
User:

Computer Name: DELLXPS
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 51632
Source Name: Disk
Time Written: 20100203012748.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: DELLXPS
Event Code: 1002
Message: Hanging application MagicDVDCopier.exe, version 4.9.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13
Source Name: Application Hang
Time Written: 20100114175740.000000-480
Event Type: error
User:

Computer Name: DELLXPS
Event Code: 1001
Message: Fault bucket 1103299665.

Record Number: 12
Source Name: Application Hang
Time Written: 20100114175730.000000-480
Event Type: error
User:

Computer Name: DELLXPS
Event Code: 1002
Message: Hanging application MagicDVDCopier.exe, version 4.9.2.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 11
Source Name: Application Hang
Time Written: 20100114175726.000000-480
Event Type: error
User:

Computer Name: DELLXPS
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 6
Source Name: Microsoft Fax
Time Written: 20100114172706.000000-480
Event Type: warning
User:

Computer Name: DELLXPS
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 5
Source Name: Microsoft Fax
Time Written: 20100114172706.000000-480
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\;C:\Program Files\QuickTime\QTSystem\
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


I look forward to hearing back from you.

Again,

Thank you so much...

Mountainair







#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 13 March 2010 - 04:16 PM

Hi mountainair,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 mountainair

mountainair
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 15 March 2010 - 04:27 PM

Hi Syler!

Ok, I have completed the ComboFix instructions. Here is the log:

ComboFix 10-03-14.06 - Suz 03/15/2010 13:03:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1605 [GMT -7:00]
Running from: c:\documents and settings\Suz\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\ACT! 2005
c:\documents and settings\Suz\Application Data\inst.exe
C:\LOG.TXT
c:\windows\eSellerateEngine.dll
c:\windows\system\msvbvm60.dll
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXG061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXG061 .MRK
c:\windows\system32\reboot.txt
c:\windows\system32\service
c:\windows\system32\service\06032010_TIS17_SfFniAU.log
c:\windows\system32\service\12032010_TIS17_SfFniAU.log
c:\windows\system32\service\15032010_TIS17_SfFniAU.log
c:\windows\system32\VB6KO.DLL
G:\autorun.inf

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

Infected copy of c:\windows\system32\DRIVERS\nvgts.sys was found and disinfected
Restored copy from - c:\windows\system32\drivers\nvgts.sys
.
((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 20:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-03-15 20:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-03-12 23:27 . 2010-03-12 23:27 -------- d-----w- C:\rsit
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\documents and settings\Suz\Application Data\Malwarebytes
2010-03-12 23:08 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-12 23:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 01:42 . 2010-03-06 01:42 -------- d-----w- c:\program files\TrendMicro
2010-03-05 23:30 . 2009-05-22 07:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2010-03-05 23:12 . 2010-03-05 23:10 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-05 23:12 . 2010-03-05 23:10 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-05 23:12 . 2010-03-05 23:10 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-05 23:12 . 2010-03-05 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-03-05 23:10 . 2010-03-05 23:10 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-05 23:10 . 2010-03-05 23:10 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-03-05 23:10 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-03-05 23:10 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-03-05 23:10 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\VsapiNT.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 19:23 . 2008-11-30 21:44 -------- d-----w- c:\program files\Spyware Doctor
2010-03-15 19:22 . 2007-03-10 10:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-12 23:27 . 2006-10-14 18:54 -------- d-----w- c:\program files\Trend Micro
2010-03-10 19:30 . 2009-04-06 21:31 -------- d-----w- c:\program files\Safari
2010-03-04 11:10 . 2008-08-14 16:33 229760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-02 20:57 . 2006-11-12 02:29 341224 ----a-w- c:\documents and settings\Suz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-08 18:56 . 2008-12-18 20:39 -------- d-----w- c:\program files\iTunes
2010-02-08 18:56 . 2010-02-08 18:56 -------- d-----w- c:\program files\iPod
2010-02-08 18:55 . 2008-04-09 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-02-08 18:52 . 2007-03-24 16:28 -------- d-----w- c:\program files\QuickTime
2010-02-02 19:48 . 2009-08-13 22:21 -------- d-----w- c:\program files\Common Files\Nero
2010-02-02 19:48 . 2009-08-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-02 19:47 . 2008-12-03 16:41 -------- d-----w- c:\program files\Nero
2010-01-28 03:39 . 2010-01-28 03:37 -------- d-----w- c:\documents and settings\Suz\Application Data\Nero
2010-01-27 21:20 . 2006-11-27 00:24 -------- d-----w- c:\documents and settings\Suz\Application Data\Sonic
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-01-27 17:57 . 2008-09-29 16:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-24 01:03 . 2006-10-14 18:50 -------- d-----w- c:\program files\Dell
2010-01-23 06:43 . 2010-01-23 06:43 -------- d-----w- c:\program files\DVD Decrypter
2010-01-23 06:41 . 2010-01-23 06:41 -------- d-----w- c:\program files\DVD Shrink
2010-01-22 21:55 . 2008-10-18 03:42 -------- d-----w- c:\program files\Curse
2010-01-21 18:09 . 2009-01-26 03:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 09:56 . 2010-01-15 09:56 -------- d-----w- c:\program files\MSBuild
2010-01-15 09:56 . 2010-01-15 09:56 -------- d-----w- c:\program files\Reference Assemblies
2010-01-14 19:12 . 2010-02-02 17:04 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:39 . 2008-12-03 03:48 87608 ----a-w- c:\documents and settings\Suz\Application Data\ezpinst.exe
2009-12-31 16:50 . 2009-01-03 10:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2005-08-16 09:18 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-03-07 17:53 . 2007-02-01 23:28 104 --sh--r- c:\windows\system32\2EA4C28475.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-01-22 1845248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-08 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-03-05 1020248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2003-03-31 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnvTrgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTraySD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-18 10:38 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 16:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 11:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-06-27 01:50 212992 ----a-w- c:\program files\hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-08-11 08:07 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 21:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 21:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 21:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2005-04-08 16:18 151552 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2008-05-16 21:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 20:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2005-10-14 18:01 122880 ------w- c:\program files\Creative\Volume Panel\VolPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft\\Uninstall.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS3\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager\\Extension Manager.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3 Video Encoder\\Flash Video Encoder.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Designer 8.0\\FormDesigner.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Adobe Stock Photos CS3\\Adobe Stock Photos CS3.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TISTOOL.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2010 4:10 PM 36368]
R3 SaiK8018;SaiK8018;c:\windows\system32\drivers\SaiK8018.sys [7/29/2008 4:04 PM 106496]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/5/2010 4:10 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/5/2010 4:12 PM 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/5/2010 4:13 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/5/2010 4:13 PM 689416]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 CE841B380021FB04;CE841B380021FB04;\??\c:\documents and settings\Suz\Desktop\CE841B380021FB04\CE841B380021FB04 --> c:\documents and settings\Suz\Desktop\CE841B380021FB04\CE841B380021FB04 [?]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [5/14/2007 8:07 PM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [5/14/2007 8:07 PM 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [5/14/2007 8:07 PM 179328]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 Nissyseri;Nissyseri; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/vista/prog/CLVistaGenie.cab
FF - ProfilePath - c:\documents and settings\Suz\Application Data\Mozilla\Firefox\Profiles\oiyuf4o5.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-pccguide - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 13:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"=hex(ffffffea):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CE841B380021FB04]
"ImagePath"="\??\c:\documents and settings\Suz\Desktop\CE841B380021FB04\CE841B380021FB04"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"=hex(ffffffea):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2081642549-1373902606-2744017242-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96CBD262-2A15-D7C7-016C-A32DED6B7E62}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oacicmlceehkoncidigeidpakpefmi"=hex:6a,61,70,6e,6f,64,68,68,6e,70,6b,6b,65,61,
6a,6f,6f,6b,62,68,00,f8
"naaienfgpjakjpolppiimkfocppo"=hex:6a,61,6f,6e,63,66,6c,62,6a,63,6a,65,69,63,
63,6c,65,65,6d,64,00,f8
"oacicmlceehkoncidigeidpanmdfnk"=hex:6a,61,70,6e,67,68,6f,65,6b,6c,69,64,6d,62,
70,70,69,69,70,6d,00,6f
"naaienfgpjakjpolppiimkeodoad"=hex:6a,61,63,6e,62,66,65,6c,66,63,66,70,61,68,
6d,63,6f,69,6e,66,00,6f

[HKEY_USERS\S-1-5-21-2081642549-1373902606-2744017242-1005\Software\SecuROM\License information*]
"datasecu"=hex:51,80,1b,74,ca,ee,bb,b6,7e,a8,67,77,5e,4b,2b,e2,45,e8,62,33,03,
c6,f6,f1,00,01,ca,63,91,8b,49,6d,cc,44,bb,0d,bf,d3,d3,50,10,63,9e,0b,2a,c2,\
"rkeysecu"=hex:e5,3f,a2,d4,1d,d4,66,3b,0e,cd,5b,05,f8,78,5e,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Trend Micro\Internet Security\UfUpdUi.exe
.
**************************************************************************
.
Completion time: 2010-03-15 14:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-15 21:10

Pre-Run: 199,648,247,808 bytes free
Post-Run: 200,226,816,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - F40484BDD5F6610E2F6C6F6D6D725D5D


Let me know what, if any, the next step is.

Again, thank you so very very much for your all of your time and dedication.

mountainair

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 15 March 2010 - 07:53 PM

Hello mountainair,

Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\drivers\SaiK8018.sys

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Driver::
CE841B380021FB04
Nissyseri
RegNull::
[HKEY_USERS\S-1-5-21-2081642549-1373902606-2744017242-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96CBD262-2A15-D7C7-016C-A32DED6B7E62}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#7 mountainair

mountainair
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 15 March 2010 - 10:18 PM

Hello Syler,
Here is the Virustotal result:

Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File SaiK8018.sys received on 2010.03.16 02:28:52 (UTC)
Current status: finished

Result: 0/42 (0.00%)
Compact Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.16 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.15 -
Antiy-AVL 2.0.3.7 2010.03.15 -
Authentium 5.2.0.5 2010.03.16 -
Avast 4.8.1351.0 2010.03.15 -
Avast5 5.0.332.0 2010.03.15 -
AVG 9.0.0.787 2010.03.15 -
BitDefender 7.2 2010.03.16 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.16 -
Comodo 4278 2010.03.16 -
DrWeb 5.0.1.12222 2010.03.16 -
eSafe 7.0.17.0 2010.03.15 -
eTrust-Vet 35.2.7364 2010.03.15 -
F-Prot 4.5.1.85 2010.03.15 -
F-Secure 9.0.15370.0 2010.03.15 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.16 -
Ikarus T3.1.1.80.0 2010.03.16 -
Jiangmin 13.0.900 2010.03.15 -
K7AntiVirus 7.10.998 2010.03.15 -
Kaspersky 7.0.0.125 2010.03.16 -
McAfee 5921 2010.03.15 -
McAfee+Artemis 5921 2010.03.15 -
McAfee-GW-Edition 6.8.5 2010.03.15 -
Microsoft 1.5605 2010.03.15 -
NOD32 4947 2010.03.15 -
Norman 6.04.08 2010.03.15 -
nProtect 2009.1.8.0 2010.03.15 -
Panda 10.0.2.2 2010.03.15 -
PCTools 7.0.3.5 2010.03.15 -
Prevx 3.0 2010.03.16 -
Rising 22.39.01.01 2010.03.16 -
Sophos 4.51.0 2010.03.16 -
Sunbelt 5907 2010.03.16 -
Symantec 20091.2.0.41 2010.03.16 -
TheHacker 6.5.2.0.233 2010.03.15 -
TrendMicro 9.120.0.1004 2010.03.15 -
VBA32 3.12.12.2 2010.03.14 -
ViRobot 2010.3.15.2228 2010.03.15 -
VirusBuster 5.0.27.0 2010.03.15 -
Additional information
File size: 106496 bytes
MD5 : d2400515259ffae22a2ea008baf161a1
SHA1 : 8c1b8827e34d38866bad1179cb01414479c23144
SHA256: f40243db076f3b7b0b57018e7763e37e3c2568a0084d982d0d38b62d7ec5dac4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27E8
timedatestamp.....: 0x488EFB79 (Tue Jul 29 13:14:01 2008)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x147AA 0x14800 6.34 80c1c385f24622a7ec33b44b1beb0a18
.rdata 0x16000 0x1F34 0x2000 4.40 c8b57b40ea7c09c53f09cc3385d2f7b4
.data 0x18000 0xBD4 0x400 2.98 28050a12465f3515b9a4b21579d1c348
PAGE 0x19000 0xB0B 0xC00 6.18 7bbc9a00a38d117a33c1c340c778497d
INIT 0x1A000 0x658 0x800 4.94 4d503631bf0035afcd69c3f6498aead9
.rsrc 0x1B000 0x3D0 0x400 3.24 bcb5596e7e91ad3e5c9503be160b0f7c
.reloc 0x1C000 0x164C 0x1800 5.85 2dd9720fa4038b1be39141f25efe2f93

( 0 imports )


( 0 exports )

TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 1536:zcGvuv6BcIfbnqfCEAocjNFz0rbpDIAYysztCeO8wsFrc11G91BYX2BIi:zkvUcqbnqNAlj7gSrHO1k6X2ei
sigcheck: publisher....: Saitek
copyright....: Copyright © Saitek plc 2007
product......: Configuration Software
description..: Saitek Hid Driver
original name: SaiHid.sys
internal name: SaiHid.sys
file version.: 6.5.1.17
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
RDS : NSRL Reference Data Set
-


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy






Here is the ComboFix file

ComboFix 10-03-15.04 - Suz 03/15/2010 19:36:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1367 [GMT -7:00]
Running from: c:\documents and settings\Suz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Suz\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CE841B380021FB04
-------\Service_Nissyseri


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-15 23:05 . 2010-03-15 23:05 -------- d-----w- c:\program files\Saitek
2010-03-15 23:04 . 2010-03-15 23:05 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-15 20:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-03-15 20:22 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-03-12 23:27 . 2010-03-12 23:27 -------- d-----w- C:\rsit
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\documents and settings\Suz\Application Data\Malwarebytes
2010-03-12 23:08 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 23:08 . 2010-03-12 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-12 23:08 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 01:42 . 2010-03-06 01:42 -------- d-----w- c:\program files\TrendMicro
2010-03-05 23:30 . 2009-05-22 07:58 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2010-03-05 23:12 . 2010-03-05 23:10 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-05 23:12 . 2010-03-05 23:10 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-05 23:12 . 2010-03-05 23:10 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-05 23:12 . 2010-03-05 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-03-05 23:10 . 2010-03-05 23:10 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-05 23:10 . 2010-03-05 23:10 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-03-05 23:10 . 2009-05-22 08:02 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-03-05 23:10 . 2009-05-22 08:00 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-03-05 23:10 . 2009-05-22 07:45 1220120 ----a-w- c:\windows\system32\drivers\VsapiNT.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 19:23 . 2008-11-30 21:44 -------- d-----w- c:\program files\Spyware Doctor
2010-03-15 19:22 . 2007-03-10 10:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-12 23:27 . 2006-10-14 18:54 -------- d-----w- c:\program files\Trend Micro
2010-03-10 19:30 . 2009-04-06 21:31 -------- d-----w- c:\program files\Safari
2010-03-04 11:10 . 2008-08-14 16:33 229760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-02 20:57 . 2006-11-12 02:29 341224 ----a-w- c:\documents and settings\Suz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-08 18:56 . 2008-12-18 20:39 -------- d-----w- c:\program files\iTunes
2010-02-08 18:56 . 2010-02-08 18:56 -------- d-----w- c:\program files\iPod
2010-02-08 18:55 . 2008-04-09 17:22 -------- d-----w- c:\program files\Common Files\Apple
2010-02-08 18:52 . 2007-03-24 16:28 -------- d-----w- c:\program files\QuickTime
2010-02-02 19:48 . 2009-08-13 22:21 -------- d-----w- c:\program files\Common Files\Nero
2010-02-02 19:48 . 2009-08-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-02 19:47 . 2008-12-03 16:41 -------- d-----w- c:\program files\Nero
2010-01-28 03:39 . 2010-01-28 03:37 -------- d-----w- c:\documents and settings\Suz\Application Data\Nero
2010-01-27 21:20 . 2006-11-27 00:24 -------- d-----w- c:\documents and settings\Suz\Application Data\Sonic
2010-01-27 17:58 . 2010-01-27 17:58 -------- d-----w- c:\program files\Common Files\TiVo Shared
2010-01-27 17:57 . 2008-09-29 16:10 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-24 01:03 . 2006-10-14 18:50 -------- d-----w- c:\program files\Dell
2010-01-23 06:43 . 2010-01-23 06:43 -------- d-----w- c:\program files\DVD Decrypter
2010-01-23 06:41 . 2010-01-23 06:41 -------- d-----w- c:\program files\DVD Shrink
2010-01-22 21:55 . 2008-10-18 03:42 -------- d-----w- c:\program files\Curse
2010-01-21 18:09 . 2009-01-26 03:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-15 09:56 . 2010-01-15 09:56 -------- d-----w- c:\program files\MSBuild
2010-01-15 09:56 . 2010-01-15 09:56 -------- d-----w- c:\program files\Reference Assemblies
2010-01-14 19:12 . 2010-02-02 17:04 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:39 . 2008-12-03 03:48 87608 ----a-w- c:\documents and settings\Suz\Application Data\ezpinst.exe
2009-12-31 16:50 . 2009-01-03 10:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2005-08-16 09:18 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2005-08-16 09:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2005-08-16 09:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2007-03-07 17:53 . 2007-02-01 23:28 104 --sh--r- c:\windows\system32\2EA4C28475.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-01-22 1845248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-11-08 18944]
"CTHelper"="CTHELPER.EXE" [2005-11-08 16384]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-03-05 1020248]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-07-29 126976]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2003-03-31 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ SDEarlyDelete \??\c:\program files\SpywareDetector\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-12-18 10:38 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 16:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-11-07 13:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 11:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-06-27 01:50 212992 ----a-w- c:\program files\hp\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-08-11 08:07 188416 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 21:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 21:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 21:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2005-04-08 16:18 151552 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2008-05-16 21:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 20:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2005-10-14 18:01 122880 ------w- c:\program files\Creative\Volume Panel\VolPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP\\cutftp32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft\\Uninstall.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS3\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS3\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager\\Extension Manager.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS3 Video Encoder\\Flash Video Encoder.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS3\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS3\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Designer 8.0\\FormDesigner.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Adobe Stock Photos CS3\\Adobe Stock Photos CS3.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TISTOOL.exe"=
"c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/5/2010 4:10 PM 36368]
R3 SaiK8018;SaiK8018;c:\windows\system32\drivers\SaiK8018.sys [7/29/2008 4:04 PM 106496]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/5/2010 4:10 PM 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/5/2010 4:12 PM 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/5/2010 4:13 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/5/2010 4:13 PM 689416]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [5/14/2007 8:07 PM 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [5/14/2007 8:07 PM 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [5/14/2007 8:07 PM 179328]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/vista/prog/CLVistaGenie.cab
FF - ProfilePath - c:\documents and settings\Suz\Application Data\Mozilla\Firefox\Profiles\oiyuf4o5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 19:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"=hex(ffffffea):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"=hex(ffffffea):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2081642549-1373902606-2744017242-1005\Software\SecuROM\License information*]
"datasecu"=hex:51,80,1b,74,ca,ee,bb,b6,7e,a8,67,77,5e,4b,2b,e2,45,e8,62,33,03,
c6,f6,f1,00,01,ca,63,91,8b,49,6d,cc,44,bb,0d,bf,d3,d3,50,10,63,9e,0b,2a,c2,\
"rkeysecu"=hex:e5,3f,a2,d4,1d,d4,66,3b,0e,cd,5b,05,f8,78,5e,28
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\UTSCSI.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
.
**************************************************************************
.
Completion time: 2010-03-15 20:00:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-16 02:59
ComboFix2.txt 2010-03-15 21:11

Pre-Run: 199,888,924,672 bytes free
Post-Run: 200,010,448,896 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 6F7D9E3BF65FBEE3C38F0359CEB3EF55


Thank you,

mountainair


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 15 March 2010 - 10:33 PM

That's looking ok, can you tell me how the computer is running and if you are having any more problems?

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#9 mountainair

mountainair
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 16 March 2010 - 09:22 AM

Good Morning Syler,

Here are the Eset, DDS, and Attach logs. I know you didn't request a second Attach log, but since one was generated, I thought I would include it. My computer seems to running more smoothly. My google searches seem to go straight to the link without a detour. I will be away from my computer until tomorrow and will try to do more diagnostic functions, including booting in safe mode since I couldn't do that before we started all of this.

Again, thank you for all of your help!

mountainair

Esetscan:

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP9\A0006345.exe multiple threats


DDS2:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Suz at 7:13:46.68 on Tue 03/16/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1594 [GMT -7:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
G:\World of Warcraft\BackgroundDownloader.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Suz\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SaiVolume] c:\program files\saitek\cyborgkeyboard\SaiVolume.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/24.16/uploader2.cab
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/vista/prog/CLVistaGenie.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\suz\applic~1\mozilla\firefox\profiles\oiyuf4o5.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-3-5 36368]
R3 SaiK8018;SaiK8018;c:\windows\system32\drivers\SaiK8018.sys [2008-7-29 106496]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-3-5 339984]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2007-5-14 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2007-5-14 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2007-5-14 179328]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-3-5 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-3-5 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-3-5 689416]

=============== Created Last 30 ================

2010-03-16 04:36:08 0 d-----w- c:\program files\ESET
2010-03-15 23:05:11 0 d-----w- c:\program files\Saitek
2010-03-15 20:22:00 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-03-15 20:22:00 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-03-15 19:54:25 0 d-sha-r- C:\cmdcons
2010-03-15 19:26:28 98816 ----a-w- c:\windows\sed.exe
2010-03-15 19:26:28 77312 ----a-w- c:\windows\MBR.exe
2010-03-15 19:26:28 261632 ----a-w- c:\windows\PEV.exe
2010-03-15 19:26:28 161792 ----a-w- c:\windows\SWREG.exe
2010-03-12 23:08:49 0 d-----w- c:\docume~1\suz\applic~1\Malwarebytes
2010-03-12 23:08:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 23:08:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 23:08:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 23:08:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-07 00:15:49 0 ----a-w- c:\documents and settings\suz\defogger_reenable
2010-03-06 01:42:01 0 d-----w- c:\program files\TrendMicro
2010-03-05 23:30:00 287608 ----a-w- c:\windows\system32\drivers\Tmfilter.sys
2010-03-05 23:12:54 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-03-05 23:12:54 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-03-05 23:12:54 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-05 23:12:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-03-05 23:10:51 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-03-05 23:10:47 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-03-05 23:10:47 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-03-05 23:10:47 339984 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2010-03-05 23:10:47 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-03-05 23:10:47 1220120 ----a-w- c:\windows\system32\drivers\VsapiNT.sys

==================== Find3M ====================

3427-09-26 06:40:30 117028 ----a-w- c:\windows\fonts\Arial Black.TTF
2010-03-04 11:10:54 229760 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-25 18:44:00 338200 ----a-w- c:\docume~1\suz\applic~1\GDIPFONTCACHEV1.DAT
2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:39:34 87608 ----a-w- c:\docume~1\suz\applic~1\ezpinst.exe
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\dllcache\wininet.dll
2009-12-22 05:21:05 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:21:03 627712 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2009-12-22 05:21:02 1509888 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:21:00 3071488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-12-22 05:20:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2007-03-07 17:53:37 104 --sh--r- c:\windows\system32\2EA4C28475.sys

============= FINISH: 7:14:37.90 ===============


Attach2:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/8/2006 6:06:45 PM
System Uptime: 3/15/2010 9:32:05 PM (10 hours ago)

Motherboard: Dell Inc. | | 0YF432
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 293 GiB total, 187.109 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is FIXED (FAT32) - 112 GiB total, 1.769 GiB free.
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/25/2010 10:24:58 PM - System Checkpoint
RP2: 1/27/2010 8:28:41 AM - System Checkpoint
RP3: 1/27/2010 7:36:38 PM - Installed Nero 9 Lite 4.4.9.0
RP4: 1/28/2010 8:21:26 PM - System Checkpoint
RP5: 1/29/2010 9:07:57 PM - System Checkpoint
RP6: 1/30/2010 9:40:11 PM - System Checkpoint
RP7: 2/1/2010 11:35:15 AM - System Checkpoint
RP8: 2/2/2010 12:24:54 AM - Restore Operation
RP9: 2/2/2010 12:30:03 AM - Restore Operation
RP10: 2/2/2010 8:58:48 AM - Software Distribution Service 3.0
RP11: 2/2/2010 9:04:51 AM - Software Distribution Service 3.0
RP12: 2/2/2010 9:18:11 AM - Microsoft Antimalware Checkpoint
RP13: 2/2/2010 11:46:49 AM - Removed Ask Toolbar.
RP14: 2/2/2010 11:47:30 AM - Removed Nero 9 Lite 4.4.9.0
RP15: 2/3/2010 2:40:47 PM - Microsoft Antimalware Checkpoint
RP16: 2/4/2010 10:59:36 AM - Software Distribution Service 3.0
RP17: 2/5/2010 12:21:17 PM - Software Distribution Service 3.0
RP18: 2/6/2010 1:41:31 PM - System Checkpoint
RP19: 2/7/2010 2:17:35 PM - System Checkpoint
RP20: 2/8/2010 4:00:58 PM - System Checkpoint
RP21: 2/9/2010 8:03:10 AM - Software Distribution Service 3.0
RP22: 2/10/2010 8:41:25 AM - Software Distribution Service 3.0
RP23: 2/10/2010 9:07:54 AM - Software Distribution Service 3.0
RP24: 2/11/2010 10:03:06 AM - Software Distribution Service 3.0
RP25: 2/12/2010 10:34:28 AM - System Checkpoint
RP26: 2/13/2010 10:35:50 AM - System Checkpoint
RP27: 2/14/2010 10:25:03 AM - Software Distribution Service 3.0
RP28: 2/15/2010 11:05:56 AM - System Checkpoint
RP29: 2/16/2010 10:04:59 AM - Software Distribution Service 3.0
RP30: 2/17/2010 10:31:01 AM - System Checkpoint
RP31: 2/17/2010 12:22:03 PM - Software Distribution Service 3.0
RP32: 2/18/2010 12:47:24 PM - System Checkpoint
RP33: 2/19/2010 10:29:09 AM - Software Distribution Service 3.0
RP34: 2/20/2010 10:46:54 AM - Software Distribution Service 3.0
RP35: 2/21/2010 11:11:10 AM - System Checkpoint
RP36: 2/21/2010 6:21:00 PM - Software Distribution Service 3.0
RP37: 2/22/2010 7:49:11 AM - Microsoft Antimalware Checkpoint
RP38: 2/23/2010 10:53:42 AM - System Checkpoint
RP39: 2/24/2010 11:55:10 AM - System Checkpoint
RP40: 2/25/2010 12:26:24 PM - System Checkpoint
RP41: 2/26/2010 2:24:14 PM - System Checkpoint
RP42: 2/27/2010 2:57:41 PM - System Checkpoint
RP43: 2/28/2010 6:31:03 PM - System Checkpoint
RP44: 3/1/2010 7:01:18 PM - System Checkpoint
RP45: 3/2/2010 8:01:39 PM - System Checkpoint
RP46: 3/3/2010 8:02:14 PM - System Checkpoint
RP47: 3/4/2010 8:04:17 PM - System Checkpoint
RP48: 3/5/2010 2:47:33 PM - Removed Trend Micro PC-cillin Internet Security 12
RP49: 3/5/2010 2:48:22 PM - Removed TMASOEDL
RP50: 3/5/2010 2:48:30 PM - Removed TMASOLDL
RP51: 3/5/2010 3:12:03 PM - Installed Trend Micro Internet Security
RP52: 3/5/2010 5:42:00 PM - Installed HiJackThis
RP53: 3/6/2010 6:56:27 PM - System Checkpoint
RP54: 3/7/2010 7:12:59 PM - System Checkpoint
RP55: 3/8/2010 7:59:04 PM - System Checkpoint
RP56: 3/9/2010 8:01:55 PM - System Checkpoint
RP57: 3/10/2010 8:37:10 PM - System Checkpoint
RP58: 3/11/2010 9:15:34 PM - System Checkpoint
RP59: 3/13/2010 12:22:20 PM - System Checkpoint
RP60: 3/14/2010 2:16:04 PM - System Checkpoint
RP61: 3/15/2010 5:49:39 PM - System Checkpoint

==== Installed Programs ======================

ACT!
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.2.0 - CPSID_52074
Adobe Acrobat 8.2.0 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.2.0
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet_App
Applet_Copy
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Photoshop
Applet_Web
Bonjour
Broadcom Advanced Control Suite
Copy
Creative 3DMIDI Player
Creative Audio Console
Creative Diagnostics
Creative Karaoke Player
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Voice Driver (1.01.02.0410)
Creative Live! Cam Voice User's Guide (English)
Creative MediaSource
Creative MediaSource DVD-Audio Player
Creative Smart Recorder
Creative Software AutoUpdate
Creative SoundFont Bank Manager
Creative Speaker Connection Wizard
Creative System Information
Creative Vienna SoundFont Studio
Creative Volume Panel
Creative WebCam Center
CreativeProjects
Curse Client
CuteFTP
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Resource CD
Dell System Restore
Digital Content Portal
Diner Dash
Director
DocProc
Documentation & Support Launcher
Driver Detective
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EducateU
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
ESET Online Scanner v3
Eudora
Fax
Games, Music, & Photos Launcher
Get Yahoo! Messenger
Google Earth
High Definition Audio Driver Package - KB835221
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Color Inkjet CP1700 Uninstaller
hp LaserJet-all-in-one
hp LaserJet all-in-one
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HPSystemDiagnostics
ImagXpress
InstantShare
Internet Service Offers Launcher
iTunes
LaserAIO
Last.fm 1.5.4.24567
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.2)
neroxml
Nikon Message Center
NVIDIA Drivers
Overland
Paint.NET v3.10
PDF Settings
PhotoGallery
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Video Driver
PodUtil 3.0.3
Polar Bowler
PrintScreen
Privacy Guardian 4.1
QFolder
QuickProjects
QuickTime
Readme
Registry Mechanic 6.0
Roxio CinePlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Saitek Cyborg Keyboard Volume 6.5.1.17
Scan
ScanToWeb
SearchAssist
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SilverFast TWAIN
SkinsHP1
SkinsHP2
Skype 3.0
Skype Plugin Manager
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 8
SureThing CD Labeler 4 SE
System Requirements Lab
Tales of Monkey Island - Launch of the Screaming Narwhal
THX Setup Console
TrayApp
Trend Micro Internet Security
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WordPefect Document Converter
World of Warcraft

==== Event Viewer Messages From Past Week ========

3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Trend Micro Personal Firewall service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The CLCV0 service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
3/15/2010 9:29:55 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/15/2010 4:20:16 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\hidclass.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/15/2010 12:57:29 PM, error: nvgts_2 [4] -
3/15/2010 12:24:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport TfFsMon TfSysMon
3/12/2010 3:51:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvport
3/12/2010 3:51:52 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
3/12/2010 3:23:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvport nvraid nvrd32
3/12/2010 3:23:42 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
3/12/2010 10:23:35 AM, error: sbp2port [9] - The device, , did not respond within the timeout period.

==== End Of File ===========================




#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 17 March 2010 - 09:24 AM

Hello mountainair,

Your logs look fine to me now smile.gif

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of protection.
You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't have active protection,
unless you have a paid version, so in that case you can have more than one installed for scanning purposes but you also don't
want to bloat your computer with these programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that, what you are doing
will not make a permenant changes to your system, unless you allow it too. So you can be surfing the web inside Sandboxie then if you
happen to stumble upon a bad site and get infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be
considered 100% secure as no program can be, but it can be a great help and is an excellent program. You can find a download link and
more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and install
some addons that will make the browser even safer. You can download the latest version of Firefox here, if you already
have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:40 PM

Posted 18 March 2010 - 01:33 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users