Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Possible Infection?


  • This topic is locked This topic is locked
24 replies to this topic

#1 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 24 September 2009 - 03:15 AM

Hello there the last few days i have been getting redirected to sites that i dont want either through google search or even sometimes from my favourites. i have downloaded AFT Cleaner ran no problem but when i tryed running MBAM all i keep getting is "Windows cannot access the specified device, path or file you may not have the appropriate permissions to access this item" and i have ran it loads of times before with no problems (and its upto date too), i get the same message trying to run hijack this obviously without this working i cant post the results for you guys to take a look , any suggestions regards Stuart

Edited by stuart1976, 24 September 2009 - 03:21 AM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 September 2009 - 04:55 AM

Hello Stuart

Welcome to the Whatthetech Malware Removal Forum,

All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


Lets take a look and see whats going on.


Please download RootRepeal one of these locations and save it to your desktop
Here
Here
Here
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check just these boxes:
  • Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:, and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 26 September 2009 - 11:22 AM

First of all thanks for helping me Ken heres the report Kindest Regards Stuart Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: 00000081 Image Path: \Driver\00000081 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xED63E000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A9A000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB9E9F000 Size: 49152 File Visible: No Signed: - Status: - Name: win32k.sys:1 Image Path: C:\WINDOWS\win32k.sys:1 Address: 0xF785A000 Size: 20480 File Visible: No Signed: - Status: - Name: win32k.sys:2 Image Path: C:\WINDOWS\win32k.sys:2 Address: 0xED6EE000 Size: 61440 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "sptd.sys" at address 0xf7386b3a #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xf7386c7e #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xf7386ff6 #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xf7386a18 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xf73870c0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xf7386f58 #: 247 Function Name: NtSetValueKey Status: Hooked by "sptd.sys" at address 0xf7387148 ==EOF==

#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 26 September 2009 - 02:45 PM

Hello Stuart,

Your infected with a Rootkit Sometimes they are difficult to remove, we will take this step by step so as not to overwhelm you

Download and run Win32kDiag:

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 28 September 2009 - 06:42 AM

Running from: C:\Documents and Settings\Stuart Wright\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Stuart Wright\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB929969\KB929969 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C2.tmp\ZAP4C2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5A7.tmp\ZAP5A7.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP694.tmp\ZAP694.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAE.tmp\ZAPAE.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CONFLICT.1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\CreateDisc\Components\tables\tables Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\cs\cs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\da\da Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\es\es Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\fi\fi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\no\no Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\pl\pl Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\pt\pt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\ru\ru Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\sv\sv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\tr\tr Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ehome\zh-cht\zh-cht Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE} Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\occache\occache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-10 06:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-14 01:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-14 01:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PLive3U\PLive3U Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-10 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [2] 2004-08-10 06:00:00 55808 C:\WINDOWS\system32\eventlog(3).dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-14 01:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\Temp\TempFolder.aaa\TempFolder.aaa Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished!

#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 September 2009 - 07:30 AM

Hi Stuart,

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
(Make sure you get the entire thing including the quotes and ending with r )

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 28 September 2009 - 10:40 AM

Running from: C:\Documents and Settings\Stuart Wright\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Stuart Wright\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706 Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Found mount point : C:\WINDOWS\$hf_mig$\KB929969\KB929969 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB929969\KB929969 Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C2.tmp\ZAP4C2.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C2.tmp\ZAP4C2.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5A7.tmp\ZAP5A7.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5A7.tmp\ZAP5A7.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP694.tmp\ZAP694.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP694.tmp\ZAP694.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAE.tmp\ZAPAE.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAE.tmp\ZAPAE.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d1\d1 Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d2\d2 Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d3\d3 Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d4\d4 Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d5\d5 Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d6\d6 Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d7\d7 Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d8\d8 Found mount point : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CONFLICT.1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CONFLICT.1 Found mount point : C:\WINDOWS\ehome\CreateDisc\Components\tables\tables Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\CreateDisc\Components\tables\tables Found mount point : C:\WINDOWS\ehome\cs\cs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\cs\cs Found mount point : C:\WINDOWS\ehome\da\da Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\da\da Found mount point : C:\WINDOWS\ehome\es\es Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\es\es Found mount point : C:\WINDOWS\ehome\fi\fi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\fi\fi Found mount point : C:\WINDOWS\ehome\no\no Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\no\no Found mount point : C:\WINDOWS\ehome\pl\pl Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\pl\pl Found mount point : C:\WINDOWS\ehome\pt\pt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\pt\pt Found mount point : C:\WINDOWS\ehome\ru\ru Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\ru\ru Found mount point : C:\WINDOWS\ehome\sv\sv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\sv\sv Found mount point : C:\WINDOWS\ehome\tr\tr Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\tr\tr Found mount point : C:\WINDOWS\ehome\zh-cht\zh-cht Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ehome\zh-cht\zh-cht Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\Installer\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}\{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE} Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Found mount point : C:\WINDOWS\occache\occache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\occache\occache Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PLive3U\PLive3U Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PLive3U\PLive3U Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\setup.pss\setupupd\temp\temp Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Found mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\88a28ec3847c01e056ff4268caaa255d\backup\backup Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-10 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [2] 2004-08-10 06:00:00 55808 C:\WINDOWS\system32\eventlog(3).dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-14 01:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\Temp\TempFolder.aaa\TempFolder.aaa Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\TempFolder.aaa\TempFolder.aaa Found mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64 Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished!

#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 September 2009 - 11:00 AM

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 29 September 2009 - 02:51 AM

exeHelper by Raktor - 09 Build 20090925 Run at 09:51:13 on 09/29/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished--

#10 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 September 2009 - 03:02 AM

Good Morning Stuart,

What we have been doing is chipping away at this rootkit as it disables all or most programs from running, so now we should be able to remove it. We are going to use Combofix, but be sure you follow the instructions and rename it or it may not run.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 29 September 2009 - 03:42 AM

ComboFix 09-09-28.01 - Stuart Wright 29/09/2009 10:16.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.610 [GMT 1:00]
Running from: c:\documents and settings\Stuart Wright\Desktop\CombyFix1.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Stuart Wright\Application Data\NI.GSCNS
c:\documents and settings\Stuart Wright\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Stuart Wright\Application Data\NI.GSCNS\settings.ini
c:\windows\BM5f1c24b1.txt
c:\windows\BM5f1c24b1.xml
c:\windows\fmark2.dat
c:\windows\Installer\16c403a.msi

p.s Ken
Still cant run Hijackthis
c:\windows\Installer\1abd339.msp
c:\windows\Installer\1abd34e.msp
c:\windows\Installer\251d77.msp
c:\windows\Installer\29abf.msp
c:\windows\Installer\39b9eb.msi
c:\windows\Installer\4eb8b9.msp
c:\windows\Installer\4eb8ba.msp
c:\windows\Installer\4eb8bb.msp
c:\windows\Installer\4eb8bc.msp
c:\windows\Installer\4eb8bd.msp
c:\windows\Installer\4eb8be.msp
c:\windows\Installer\4eb8bf.msp
c:\windows\Installer\4eb8c0.msp
c:\windows\Installer\4eb8c1.msp
c:\windows\Installer\4eb8c2.msp
c:\windows\Installer\53bf75.msp
c:\windows\Installer\53bf89.msp
c:\windows\Installer\cfcb5.msp
c:\windows\Installer\de7cd.msi
c:\windows\kb913800.exe
c:\windows\system32\Data
c:\windows\system32\ijkmp.ini2
c:\windows\system32\ijqunytd.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\ststv.ini
c:\windows\system32\ststv.ini2
c:\windows\system32\sX3i19
c:\windows\system32\tmp.reg

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-25 11:56 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-09-25 11:56 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-09-25 11:56 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-09-25 11:56 . 2009-09-25 11:56 -------- d-----w- c:\program files\eRightSoft
2009-09-24 09:53 . 2009-09-24 09:53 -------- d-----w- c:\program files\iPod
2009-09-24 09:53 . 2009-09-24 09:56 -------- d-----w- c:\program files\iTunes
2009-09-24 08:57 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-24 08:57 . 2009-09-24 08:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-24 08:57 . 2009-09-24 08:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 08:57 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-17 10:59 . 2009-09-29 08:42 0 ----a-r- c:\windows\win32k.sys
2009-09-16 19:11 . 2009-09-17 09:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-15 18:41 . 2009-09-15 18:41 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-15 18:30 . 2009-09-15 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 18:26 . 2009-09-15 18:28 -------- d-----w- c:\program files\QuickTime
2009-09-10 14:49 . 2009-09-10 14:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-09-09 16:33 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 19:46 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-09-08 19:46 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-09-08 19:46 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-08 19:46 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-09-08 19:46 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2009-09-08 19:46 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-08 19:46 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-08 19:46 . 2009-09-08 19:48 -------- d-----w- c:\program files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 09:30 . 2009-02-04 16:20 46055456 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-29 09:30 . 2008-02-10 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-29 09:27 . 2009-02-04 16:20 543848 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-29 09:07 . 2006-03-20 20:23 -------- d-----w- c:\program files\PopUp Killer
2009-09-28 19:52 . 2008-11-02 12:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-09-28 16:03 . 2007-11-20 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-28 11:28 . 2006-05-21 16:27 -------- d-----w- c:\program files\Dl_cats
2009-09-26 17:16 . 2006-03-20 20:07 59008 ----a-w- c:\documents and settings\Stuart Wright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 09:53 . 2008-06-25 15:48 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 10:53 . 2008-02-18 15:08 -------- d-----w- c:\documents and settings\Stuart Wright\Application Data\uTorrent
2009-09-15 19:44 . 2007-02-04 20:15 -------- d-----w- c:\documents and settings\Stuart Wright\Application Data\Apple Computer
2009-09-15 18:40 . 2009-01-29 19:27 -------- d-----w- c:\program files\Safari
2009-09-15 14:52 . 2006-05-06 21:38 -------- d-----w- c:\program files\Paint Shop Pro 5
2009-09-15 13:27 . 2009-07-21 11:53 -------- d-----w- c:\program files\Audacity
2009-09-08 19:44 . 2006-03-16 00:39 -------- d-----w- c:\program files\Common Files\Real
2009-09-02 17:20 . 2008-12-23 20:21 -------- d-----w- c:\program files\VirtualDJPortable
2009-08-28 18:42 . 2009-06-18 14:08 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 18:42 . 2008-06-25 15:49 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-24 17:01 . 2009-08-20 15:50 760608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-22 17:50 . 2006-03-23 18:46 -------- d-----w- c:\documents and settings\Stuart Wright\Application Data\AdobeUM
2009-08-20 14:42 . 2009-08-20 14:42 -------- d-----w- c:\program files\fmXML
2009-08-16 15:08 . 2006-10-19 20:05 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-05 09:01 . 2005-08-16 04:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 13:11 . 2009-07-27 13:11 45216 ---ha-w- c:\windows\system32\mlfcache.dat
2009-07-17 19:01 . 2005-08-16 04:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-08-16 04:19 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-08-16 04:18 915456 ----a-w- c:\windows\system32\wininet.dll
2006-07-30 18:45 . 2006-04-22 20:50 104 --sh--r- c:\windows\system32\133339E4A9.sys
2006-05-03 09:06 . 2009-09-25 11:56 163328 --sh--r- c:\windows\system32\flvDX.dll
2006-07-30 18:45 . 2006-04-22 20:50 5278 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2009-09-25 11:56 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-09-25 11:56 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-01-04 1937408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpKiller"="c:\program files\PopUp Killer\popupkiller.EXE" [2002-03-23 108032]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Stuart Wright^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Stuart Wright\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroAntivirus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Co.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dlcccoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Documents and Settings\\Stuart Wright\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2690:TCP"= 2690:TCP:ppLive
"2776:UDP"= 2776:UDP:ppLive
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R3 PAC7302;AGK;c:\windows\system32\drivers\PAC7302.SYS [29/03/2009 09:41 458752]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [28/03/2007 16:03 17149]
S3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [09/12/2008 18:30 107264]
S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys --> c:\windows\system32\drivers\mbamcatchme.sys [?]
S3 Ptserli;PCTEL Serial Device Driver for INTEL;c:\windows\system32\drivers\ptserli.sys [14/02/2007 20:31 128286]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [18/02/2008 17:57 194304]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [31/10/2008 22:31 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [31/10/2008 22:31 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [31/10/2008 22:31 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [31/10/2008 22:31 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [31/10/2008 22:31 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [31/10/2008 22:31 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [31/10/2008 22:31 110120]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [10/05/2007 20:29 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [10/05/2007 20:29 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [10/05/2007 20:29 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [10/05/2007 20:29 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [10/05/2007 20:30 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [10/05/2007 20:29 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [10/05/2007 20:29 90800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-20 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 10:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1128806670-1401086586-2387256340-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5927D483-7E8F-E771-8746-11116D998CE7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajkdoochdnfgpgcdlhd"=hex:6b,61,63,65,61,69,66,6b,6c,6f,67,6f,6e,70,6b,68,68,
66,6e,65,6b,6b,00,00
"iahappecgdocmoembm"=hex:6b,61,6e,64,68,68,61,68,65,6c,67,6b,6c,70,6d,63,64,63,
63,6b,6e,6c,00,00
"hanjbjcdkefmpcek"=hex:61,61,00,00
"hanjbjcddpcbblbj"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3764)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Kontiki\KService.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\pctspk.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-29 10:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 09:39

Pre-Run: 88,077,217,792 bytes free
Post-Run: 88,107,061,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
311 --- E O F --- 2009-09-09 21:35

#12 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 September 2009 - 04:50 AM

MicroAntivirus <-- See if you can remove this program via the Add Remove programs, from what I see its been installed by trojans,

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

How are things running now ??

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#13 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 29 September 2009 - 05:15 AM

Couldnt see micro antivirus in the add remove list

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stuart Wright at 2009-09-29 12:11:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (57%) free of 148 GB
Total RAM: 1022 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:20, on 29/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stuart Wright\Desktop\RSIT.exe
C:\Program Files\trend micro\Stuart Wright.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.mytalktalk.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-24-0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1186342685781
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

--
End of file - 9021 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-11 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-25 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PopUpKiller"=C:\Program Files\PopUp Killer\popupkiller.EXE [2002-03-23 108032]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-02-22 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-12-19 136768]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"DLCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-20 68856]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-09-15 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe [2005-07-22 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-06-10 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-20 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-03-14 3770024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2009-03-22 161776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Stuart Wright^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ehSched"=2
"ehRecvr"=2
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dlcccoms.exe"="C:\WINDOWS\system32\dlcccoms.exe:*:Enabled:Dell 924 Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dlccPSWX.EXE:*:Enabled:Dell 924 Printer Status"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Documents and Settings\Stuart Wright\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Stuart Wright\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2009-09-29 12:11:56 ----D---- C:\rsit
2009-09-29 11:14:59 ----SHD---- C:\RECYCLER
2009-09-29 10:39:23 ----A---- C:\ComboFix.txt
2009-09-29 10:12:01 ----A---- C:\Boot.bak
2009-09-29 10:11:45 ----RASHD---- C:\cmdcons
2009-09-29 10:09:20 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-29 10:09:19 ----A---- C:\WINDOWS\zip.exe
2009-09-29 10:09:19 ----A---- C:\WINDOWS\SWREG.exe
2009-09-29 10:09:19 ----A---- C:\WINDOWS\sed.exe
2009-09-29 10:09:19 ----A---- C:\WINDOWS\PEV.exe
2009-09-29 10:09:19 ----A---- C:\WINDOWS\grep.exe
2009-09-29 10:09:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-29 10:09:18 ----A---- C:\WINDOWS\SWSC.exe
2009-09-29 10:08:48 ----D---- C:\WINDOWS\ERDNT
2009-09-29 10:06:54 ----D---- C:\Qoobox
2009-09-26 18:19:49 ----A---- C:\RootRepeal report 09-26-09 (18-19-49).txt
2009-09-26 18:18:40 ----A---- C:\RootRepeal report 09-26-09 (18-18-40).txt
2009-09-26 18:18:14 ----A---- C:\RootRepeal report 09-26-09 (18-18-14).txt
2009-09-25 12:56:55 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-09-25 12:56:55 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-09-25 12:56:52 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-09-25 12:56:14 ----D---- C:\Program Files\eRightSoft
2009-09-24 10:53:41 ----D---- C:\Program Files\iPod
2009-09-24 10:53:16 ----D---- C:\Program Files\iTunes
2009-09-24 09:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-24 09:57:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-15 19:41:25 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-15 19:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-15 19:26:59 ----D---- C:\Program Files\QuickTime
2009-09-09 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 22:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-09 22:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-09-08 20:46:15 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-08 20:46:15 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-08 20:46:15 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-08 20:46:15 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-09-08 20:46:11 ----A---- C:\WINDOWS\avisplitter.ini
2009-09-08 20:46:09 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-09-08 20:46:09 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-09-08 20:46:08 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-09-08 20:46:08 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-09-08 20:46:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-09-08 20:46:07 ----A---- C:\WINDOWS\system32\divx.dll
2009-09-08 20:46:06 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-09-08 20:46:06 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-09-08 20:46:03 ----D---- C:\Program Files\K-Lite Codec Pack
2009-08-26 21:26:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-23 21:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-23 20:39:55 ----D---- C:\dell
2009-08-20 16:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-20 15:42:22 ----D---- C:\Program Files\fmXML
2009-08-19 21:51:32 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-19 21:51:32 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-19 21:51:32 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-19 21:51:32 ----D---- C:\a836915f9040691a88
2009-08-18 18:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-18 18:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-18 18:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-18 18:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-18 18:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-18 18:51:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-18 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-18 18:51:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-18 18:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-07-21 12:53:15 ----D---- C:\Program Files\Audacity
2009-07-14 23:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 23:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 22:59:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-10 19:45:57 ----D---- C:\Program Files\Pegasys Inc
2009-07-06 20:14:26 ----D---- C:\found.000
2009-07-01 13:42:43 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\ImgBurn
2009-07-01 13:38:27 ----D---- C:\Program Files\ImgBurn

======List of files/folders modified in the last 3 months======

2009-09-29 12:12:20 ----D---- C:\Program Files\Trend Micro
2009-09-29 12:12:11 ----D---- C:\WINDOWS\Prefetch
2009-09-29 12:11:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2009-09-29 11:58:11 ----SD---- C:\WINDOWS\Tasks
2009-09-29 10:39:29 ----D---- C:\WINDOWS\system32\drivers
2009-09-29 10:39:29 ----D---- C:\WINDOWS\system32
2009-09-29 10:39:27 ----D---- C:\WINDOWS\Temp
2009-09-29 10:36:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-29 10:30:50 ----D---- C:\WINDOWS
2009-09-29 10:30:50 ----A---- C:\WINDOWS\system.ini
2009-09-29 10:30:24 ----D---- C:\WINDOWS\Registration
2009-09-29 10:29:29 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2009-09-29 10:26:47 ----D---- C:\WINDOWS\system32\config
2009-09-29 10:26:27 ----D---- C:\WINDOWS\PLive3U
2009-09-29 10:26:26 ----HD---- C:\WINDOWS\msdownld.tmp
2009-09-29 10:26:26 ----D---- C:\WINDOWS\occache
2009-09-29 10:26:25 ----SHD---- C:\WINDOWS\ftpcache
2009-09-29 10:26:24 ----D---- C:\WINDOWS\Connection Wizard
2009-09-29 10:26:24 ----D---- C:\WINDOWS\Config
2009-09-29 10:24:19 ----SHD---- C:\WINDOWS\Installer
2009-09-29 10:21:18 ----D---- C:\WINDOWS\AppPatch
2009-09-29 10:21:08 ----D---- C:\Program Files\Common Files
2009-09-29 10:16:36 ----D---- C:\QUARANTINE
2009-09-29 10:12:01 ----RASH---- C:\boot.ini
2009-09-29 10:10:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-29 10:07:19 ----D---- C:\Program Files\PopUp Killer
2009-09-28 20:52:30 ----AD---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2009-09-28 17:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-09-28 12:28:28 ----D---- C:\Program Files\Dl_cats
2009-09-25 16:17:07 ----RSD---- C:\WINDOWS\Fonts
2009-09-25 12:56:14 ----D---- C:\Program Files
2009-09-24 10:59:14 ----D---- C:\Config.Msi
2009-09-24 10:53:39 ----D---- C:\Program Files\Common Files\Apple
2009-09-20 16:23:24 ----HD---- C:\WINDOWS\inf
2009-09-20 16:23:07 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-09-17 11:53:46 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\uTorrent
2009-09-15 20:44:52 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\Apple Computer
2009-09-15 19:40:20 ----D---- C:\Program Files\Safari
2009-09-15 19:32:08 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-15 19:23:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-15 15:52:13 ----D---- C:\Program Files\Paint Shop Pro 5
2009-09-09 22:32:56 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 22:32:47 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-09 22:32:40 ----D---- C:\WINDOWS\ehome
2009-09-09 22:31:13 ----D---- C:\WINDOWS\ie8updates
2009-09-08 20:44:52 ----D---- C:\Program Files\Common Files\Real
2009-09-08 20:44:22 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\Real
2009-09-07 19:58:15 ----RD---- C:\WINDOWS\Web
2009-09-03 12:43:12 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-02 18:20:15 ----D---- C:\Program Files\VirtualDJPortable
2009-08-28 22:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 19:42:52 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-08-26 20:45:11 ----D---- C:\WINDOWS\ShellNew
2009-08-24 13:49:09 ----D---- C:\WINDOWS\Help
2009-08-22 18:50:13 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\AdobeUM
2009-08-21 15:42:10 ----D---- C:\Documents and Settings\Stuart Wright\Application Data\Adobe
2009-08-20 18:07:55 ----RSD---- C:\WINDOWS\assembly
2009-08-20 16:50:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-19 21:56:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 21:56:06 ----D---- C:\WINDOWS\WinSxS
2009-08-19 21:52:20 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-19 21:52:17 ----D---- C:\WINDOWS\system32\en-US
2009-08-19 21:51:48 ----D---- C:\WINDOWS\system32\spool
2009-08-19 21:49:09 ----D---- C:\Program Files\Internet Explorer
2009-08-18 18:51:24 ----D---- C:\Program Files\Outlook Express
2009-08-16 16:08:36 ----A---- C:\WINDOWS\system32\unrar.dll
2009-08-05 10:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 14:18:59 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 20:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 12:03:14 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-03 18:09:28 ----N---- C:\WINDOWS\system32\wininet.dll
2009-07-03 18:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 18:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 18:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 18:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 18:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 18:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 18:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 18:09:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 12:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-30 12:39:05 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2007-09-06 26624]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-09-06 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-09 21035]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2007-09-06 94416]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
R3 catchme;catchme; \??\C:\CombyFix1\catchme.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-11 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-02-22 170408]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-11 106496]
R3 PAC7302;AGK; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-11-08 458752]
R3 sigfilt;sigfilt; C:\WINDOWS\system32\drivers\sigfilt.sys [2005-03-25 1350272]
R3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-06-06 180736]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-09-06 23152]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 EC168BDA;EC168BDA service; C:\WINDOWS\system32\DRIVERS\EC168BDA.sys [2007-10-05 107264]
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 MBAMCatchMe;MBAMCatchMe; \??\C:\WINDOWS\system32\drivers\mbamcatchme.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Ptserli;PCTEL Serial Device Driver for INTEL; C:\WINDOWS\system32\DRIVERS\ptserli.sys [2001-08-17 128286]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-02-06 194304]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 se44bus;Sony Ericsson Device 068 driver (WDM); C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS); C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM); C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM); C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS); C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM); C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-09-22 223128]
S3 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-12-19 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2007-02-22 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2007-02-22 54872]
R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [2001-08-17 86016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-25 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-03-16 69632]
S3 dlcc_device;dlcc_device; C:\WINDOWS\system32\dlcccoms.exe [2005-06-21 491520]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.06 2009-09-29 12:12:33

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32-->MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AGK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}\setup.exe" -l0x9 -removeonly
AltoMP3 Gold 5.20-->C:\Program Files\AltoMP3 Gold\uninst.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\Setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Photo AIO Printer 924-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
Dell Resource CD-->MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Doremi FLV to MP3 Converter 1.6-->C:\Program Files\Doremisoft\DoremiSoft Flv to MP3 Converter\uninst.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
exPressit S.E. 3.0-->"C:\Program Files\exPressit S.E. 3.0\UninstallerData\Uninstall exPressit S.E. 3.0.exe"
fmXML version 0.3-->"C:\Program Files\fmXML\unins000.exe"
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Mega Codec Pack 5.1.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
Paint Shop Pro 5.0-->C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG
PopUp Killer-->C:\WINDOWS\iun6002.exe "C:\Program Files\PopUp Killer\irunin.ini"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sky Anytime-->MsiExec.exe /X{DD30C2FD-F485-46A8-8153-88EC2650BC79}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SL-6640 Black Widow Flightstick-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{10D4F38B-5436-4673-B861-F301929B373B}
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
SopCore 1.1.2-->C:\Program Files\SopCast\uninst.exe
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synacast Plug-in 1.1.0.7-->C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe
TMPGEnc DVD Author 1.6-->MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VP-EYE-->C:\Program Files\InstallShield Installation Information\{BA524348-59A6-437A-A4FB-25080BDEFCD6}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: McAfee VirusScan Enterprise

======System event log======

Computer Name: HOMEPC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
szkg

Record Number: 13
Source Name: Service Control Manager
Time Written: 20090918060823.000000+060
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 7022
Message: The KService service hung on starting.

Record Number: 12
Source Name: Service Control Manager
Time Written: 20090918060823.000000+060
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 7000
Message: The avast! iAVS4 Control Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 10
Source Name: Service Control Manager
Time Written: 20090918060657.000000+060
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 7000
Message: The General Purpose USB Driver (adildr.sys) service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 9
Source Name: Service Control Manager
Time Written: 20090918060657.000000+060
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 1002
Message: The IP address lease 192.168.0.2 for the Network Card with network address 00123FCB973C has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 8
Source Name: Dhcp
Time Written: 20090918060521.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: HOMEPC
Event Code: 1517
Message: Windows saved user HOMEPC\Stuart Wright registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11803
Source Name: Userenv
Time Written: 20090507173235.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 1517
Message: Windows saved user HOMEPC\Stuart Wright registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11790
Source Name: Userenv
Time Written: 20090507124255.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 1517
Message: Windows saved user HOMEPC\Stuart Wright registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11765
Source Name: Userenv
Time Written: 20090506124354.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 1517
Message: Windows saved user HOMEPC\Stuart Wright registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 11750
Source Name: Userenv
Time Written: 20090504213850.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 258
Message: The update failed; see event log.

Record Number: 11749
Source Name: McLogEvent
Time Written: 20090504195337.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\STOPzilla!;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#14 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 29 September 2009 - 05:25 AM

If you set these or an administrator set them then leave them be otherwise lets fix them.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present



Your logs look fine but as a final check lets run this free online virus scanner.

Please run this free online virus scanner from ESET
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How is your system behaving now ??

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#15 stuart1976

stuart1976

    Authentic Member

  • Authentic Member
  • PipPip
  • 64 posts

Posted 29 September 2009 - 05:58 AM

Hiya Ken The link to the virus scanner doesnt seem to work regards Stuart

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users