PC desktop warning, popups, trojan warnings...

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

PC desktop warning, popups, trojan warnings..., HJT Log and Error

Options

Orca239 View Member Profile	Oct 12 2008, 10:00 AM Post #1
Authentic Member Group: Authentic Member Posts: 30 Joined: 31-March 07 Member No.: 69,176 Operating System: Windows XP	Problems we're having (that I've noticed): - The background of the desktop has changed to be a warning message with a link to something (haven't clicked it): - Trojan warnings pop up every few minutes, and whatever minor program is open when it happens immediately ends (like Paint and Notepad). - WinPatrol keeps asking if I want to allow a new startup file to run about once a minute. The file is in the system32 directory with a name of "ntos.exe". - About once every two or so minutes, a new browser window or tab is automatically opened and is directed to some page that won't display (I've seen Powered by ZEDO in the name of the page though). - When an internet browser is open, pop-ups come up extremely frequently even on sites that do not normally give pop ups (Maxthon Browser is still able to block them, though). - System Restore gives the error: "Restoration Incomplete Your computer cannot be restored to this point." for any restore point that is selected. Computer: DELL Dimension E510 OS: Windows XP SP2 Security Programs: WinPatrol, Symantec AntiVirus (2006?), SUPERAntiSpyware, COMODO BOClean ----------------------------------------------- My HJT Log: This error occured during the scan: An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load) Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 11:38:28 AM, on 10/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\lxczcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\WINDOWS\stsystra.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\Program Files\Gamevance\gamevance32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\GetModule\GetModule23.exe C:\Program Files\GetPack\GetPack22.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Web Stuff\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll F3 - REG:win.ini: load= F3 - REG:win.ini: run= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe" O4 - HKCU\..\Run: [GetPack22] "C:\Program Files\GetPack\GetPack22.exe" O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199336059359 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe Thanks for any help.

Rorschach112 View Member Profile	Oct 12 2008, 10:05 AM Post #2
SuperMember Group: Visiting Teacher Posts: 2,131 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Hello Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum. Also post a new HJT log

Orca239 View Member Profile	Oct 12 2008, 11:06 AM Post #3
Authentic Member Group: Authentic Member Posts: 30 Joined: 31-March 07 Member No.: 69,176 Operating System: Windows XP	EDIT: This popped up: SDFix: Version 1.234 Run by Owner on Sun 10/12/2008 at 12:32 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Resetting SecurityProviders Value Rebooting Checking Files : Trojan Files Found: C:\Program Files\GetModule\dicik.gz - Deleted C:\Program Files\GetModule\GetModule23.exe - Deleted C:\Program Files\GetModule\kwdik.gz - Deleted C:\Program Files\GetPack\dictame.gz - Deleted C:\Program Files\GetPack\GetPack22.exe - Deleted C:\Program Files\GetPack\trgtame.gz - Deleted C:\Program Files\iCheck\iCheck.exe - Deleted C:\Program Files\iCheck\Uninstall.exe - Deleted C:\WINDOWS\system32\wpv804.cpx - Deleted C:\WINDOWS\system32\wpv804.cpx - Deleted C:\WINDOWS\default.htm - Deleted C:\WINDOWS\system32\getsn32.dll - Deleted C:\WINDOWS\system32\msansspc.dll - Deleted C:\WINDOWS\system32\smwin32.dll - Deleted C:\WINDOWS\system32\ntos.exe - Deleted Folder C:\Program Files\GetModule - Removed Folder C:\Program Files\GetPack - Removed Folder C:\Program Files\iCheck - Removed Folder C:\Program Files\VnrBlock - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 12:50:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Maxthon2\\Maxthon.exe"="C:\\Program Files\\Maxthon2\\Maxthon.exe::Enabled:Maxthon Browser" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\BIOY2ACN\\incredimail_install[1].exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content.IE5\\BIOY2ACN\\incredimail_install[1].exe::Enabled:IncrediMail Installer" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe::Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe::Enabled:IncrediMail" "C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe::Enabled:1200 Series Server" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe::Enabled:Bonjour" "C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin::Enabled:rakion" "C:\\Documents and Settings\\Owner\\My Documents\\Ryan Sealey\\Game Stuff\\Twilight Dreams\\Server\\Server.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Ryan Sealey\\Game Stuff\\Twilight Dreams\\Server\\Server.exe::Enabled:Server" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe"="C:\\Program Files\\Fury\\Binaries\\DiamondWare\\dwTVC.exe::Enabled:Fury VOIP" "C:\\Program Files\\Fury\\Binaries\\Fury.exe"="C:\\Program Files\\Fury\\Binaries\\Fury.exe::Enabled:Fury" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe::Enabled:DNA" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 7 Dec 2006 88 ..SHR --- "C:\old\123\EBE24F0C7F.sys" Thu 7 Dec 2006 3,350 A.SH. --- "C:\old\123\KGyGaAvL.sys" Tue 28 Aug 2007 145,920 ..SHR --- "C:\prog\BillP Studios\WinPatrol\Setup.exe" Thu 3 Jan 2008 145,920 A.SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe" Wed 18 Jan 2006 32,488 A..H. --- "C:\TOOLKIT\SystemTools\FolderSizes\FolderSizes.exe-CommandBars" Thu 3 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 6 Sep 2008 480,688 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2.exe" Sat 25 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL0156.tmp" Sat 25 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1279.tmp" Sat 25 Nov 2006 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1296.tmp" Sat 25 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1373.tmp" Sat 25 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1681.tmp" Sat 25 Nov 2006 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1880.tmp" Sat 25 Nov 2006 27,136 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1893.tmp" Sat 25 Nov 2006 27,648 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL1927.tmp" Sat 25 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL2235.tmp" Sat 25 Nov 2006 28,160 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL2668.tmp" Sat 25 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL3427.tmp" Sat 25 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Word\Twilight Dreams\~WRL3521.tmp" Thu 3 Jan 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Thu 3 Jan 2008 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Finished! This post has been edited by Orca239: Oct 12 2008, 11:09 AM

Rorschach112 View Member Profile	Oct 12 2008, 11:18 AM Post #4
SuperMember Group: Visiting Teacher Posts: 2,131 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Post a new HJT log Accept that change as well

Orca239 View Member Profile	Oct 12 2008, 12:13 PM Post #5
Authentic Member Group: Authentic Member Posts: 30 Joined: 31-March 07 Member No.: 69,176 Operating System: Windows XP	New HJT Log: Error: An unexpected error has occurred at procedure: modMain_CheckOther1Item() Error #5 - Invalid procedure call or argument Please email me at merijn@spywareinfo.com, reporting the following: * What you were trying to fix when the error occurred, if applicable * How you can reproduce the error * A complete HijackThis scan log, if possible Windows version: Windows NT 5.01.2600 MSIE version: 6.0.2900.2180 HijackThis version: 1.99.1 This message has been copied to your clipboard. Click OK to continue the rest of the scan. ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 2:09:50 PM, on 10/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\lxczcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\stsystra.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\Program Files\Gamevance\gamevance32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\Program Files\No-IP\DUC20.exe C:\Program Files\Maxthon2\Maxthon.exe C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Web Stuff\hijackthis\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199336059359 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Rorschach112 View Member Profile	Oct 12 2008, 12:48 PM Post #6
SuperMember Group: Visiting Teacher Posts: 2,131 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Hello Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Orca239

Oct 12 2008, 12:58 PM

Post #7

Authentic Member

Group: Authentic Member
Posts: 30
Joined: 31-March 07
Member No.: 69,176
Operating System: Windows XP

log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-10-12 14:56:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (30%) free of 149 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:06 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Gamevance Text - {7370F91F-6994-4595-9949-601FA2261C8D} - C:\Program Files\Gamevance\gvtl.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199336059359
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7337 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29 468280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370F91F-6994-4595-9949-601FA2261C8D}]
Gamevance Text - C:\Program Files\Gamevance\gvtl.dll [2008-10-10 337408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-07-19 52896]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-10-26 292152]
"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"vptray"=C:\PROGRA~1\SYMANT~1\\vptray.exe [2006-09-27 125168]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"Gamevance"=C:\Program Files\Gamevance\gamevance32.exe [2008-10-10 91648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-26 1576176]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
No-IP DUC.lnk - C:\Program Files\No-IP\DUC20.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-09-26 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-09-27 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-17 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Maxthon2\Maxthon.exe"="C:\Program Files\Maxthon2\Maxthon.exe:*:Enabled:Maxthon Browser"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BIOY2ACN\incredimail_install[1].exe"="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\BIOY2ACN\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\system32\lxczcoms.exe"="C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:1200 Series Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Softnyx\Rakion\Bin\rakion.bin"="C:\Program Files\Softnyx\Rakion\Bin\rakion.bin:*:Enabled:rakion"
"C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Game Stuff\Twilight Dreams\Server\Server.exe"="C:\Documents and Settings\Owner\My Documents\Ryan Sealey\Game Stuff\Twilight Dreams\Server\Server.exe:*:Enabled:Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe"="C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:*:Enabled:Fury VOIP"
"C:\Program Files\Fury\Binaries\Fury.exe"="C:\Program Files\Fury\Binaries\Fury.exe:*:Enabled:Fury"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-12 14:56:46 ----D---- C:\rsit
2008-10-12 14:56:46 ----D---- C:\Program Files\trend micro
2008-10-12 12:23:29 ----D---- C:\WINDOWS\ERUNT
2008-10-12 12:18:59 ----D---- C:\SDFix
2008-10-11 22:05:31 ----SHD---- C:\WINDOWS\system32\wsnpoem
2008-10-11 22:05:20 ----A---- C:\S87ekhV.exe
2008-10-11 21:23:29 ----A---- C:\WINDOWS\system32\fwrzjyfpaamdl.exe
2008-10-11 21:23:04 ----A---- C:\WINDOWS\system32\uesiuqcr.exe
2008-09-27 21:32:18 ----D---- C:\Program Files\AskSearch
2008-09-27 21:32:18 ----D---- C:\Program Files\AskBarDis
2008-09-27 21:32:18 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-09-27 21:31:08 ----D---- C:\Program Files\Gamevance
2008-09-24 17:39:16 ----D---- C:\Program Files\TryMedia
2008-09-18 21:16:59 ----A---- C:\WINDOWS\system32\wmpns.dll

======List of files/folders modified in the last 1 months======

2008-10-12 14:56:50 ----D---- C:\WINDOWS\Prefetch
2008-10-12 14:56:46 ----RD---- C:\Program Files
2008-10-12 13:08:28 ----A---- C:\WINDOWS\BOC427.INI
2008-10-12 13:05:22 ----D---- C:\WINDOWS\Temp
2008-10-12 12:49:50 ----D---- C:\WINDOWS\system32
2008-10-12 12:44:12 ----D---- C:\Program Files\Symantec AntiVirus
2008-10-12 12:42:31 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-12 12:39:49 ----D---- C:\WINDOWS
2008-10-12 12:20:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-12 11:32:16 ----D---- C:\Documents and Settings\Owner\Application Data\MxBoost
2008-10-12 11:23:31 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-11 22:12:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-11 21:23:28 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-11 21:23:26 ----D---- C:\Documents and Settings\All Users\Application Data\BOC427
2008-10-10 17:50:12 ----D---- C:\Program Files\Maxthon2
2008-10-09 15:30:10 ----A---- C:\WINDOWS\lexstat.ini
2008-09-28 12:10:07 ----D---- C:\Downloads
2008-09-26 07:02:02 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-22 15:20:19 ----D---- C:\WINDOWS\security

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-08-07 195776]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081010.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081010.004\navex15.sys []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-02 47360]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-08-07 24768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2008-01-03 29184]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva145;XDva145; \??\C:\WINDOWS\system32\XDva145.sys []
S3 XDva152;XDva152; \??\C:\WINDOWS\system32\XDva152.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-07-19 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-07-19 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-09-27 31472]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]
R2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-04-19 537520]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-09-27 1813232]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-08-07 214720]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []

-----------------EOF-----------------

==============================

info.txt:
info.txt logfile of random's system information tool 1.04 2008-10-12 14:57:08

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{45820070-9BE5-4785-B770-A50F5240250B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 5.1.1.9-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 5\unins000.exe"
Active@ ISO Burner v 1.1-->"C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AGEIA PhysX v7.06.25-->MsiExec.exe /X{45820070-9BE5-4785-B770-A50F5240250B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery® Wizard 2.1 for Microsoft® Office Word 2003-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
BitComet 1.01-->C:\Program Files\BitComet\uninst.exe
BOClean-->C:\WINDOWS\UNBOC.EXE
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Enhancement Browser Tools Bigadnetwork-->C:\WINDOWS\system32\fwrzjyfpaamdl.exe
Fury-->"C:\Program Files\Fury\unins000.exe"
Gamevance-->C:\Program Files\Gamevance\gvun.exe
Google Earth Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Gunbound Revolution-->"c:\ijji\ENGLISH\Gunbound Revolution\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hoyle Classic Games-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\HOYLECG\Uninst.isu
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Install Creator-->C:\Program Files\Install Creator\Uninstal.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
LimeWire 4.18.3-->"C:\Documents and Settings\Owner\My Documents\downloads\New Folder (2)\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Loan calculator 1.0-->"C:\Program Files\Loan calculator\unins000.exe"
Magic ISO Maker v5.3 (build 0221)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MapleStory-->MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Maxthon2 Browser (remove only)-->C:\Program Files\Maxthon2\MaxthonUINST.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{EDE4AA32-ECD4-4FC2-BAD2-E50ED86219E6}
MySQL Server 5.0-->MsiExec.exe /I{1944C6DC-0F0C-472A-8D0F-047297EE7B0A}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rakion International-->"C:\Program Files\Softnyx\RakionIS\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SQLyog Community 6.03-->C:\Program Files\SQLyog Community\uninst.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec AntiVirus-->MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
The Rosetta Stone-->C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinPatrol 2007-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WolfTeam International-->"C:\Program Files\Softnyx\WolfTeam\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Symantec AntiVirus Corporate Edition

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------