Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE Popups, Taskbar doesn't work, Task Manager Disabled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby andres1 » April 21st, 2008, 11:28 pm

Hi everyone,

I get IE popups. The task manager is disabled. And the bottom right taskbar is unable to be used.
The computer seems fine, however it runs quite slowly, and I get popups every few minutes like "ZEDO" or some phone book directory or travel to Asia,

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 20:52:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
25: 2008-04-22 00:53:28 UTC - RP138 - Deckard's System Scanner Restore Point
24: 2008-04-21 04:02:42 UTC - RP137 - Software Distribution Service 3.0
23: 2008-04-21 04:01:21 UTC - RP136 - Installed Windows Internet Explorer 7.
22: 2008-04-21 03:59:49 UTC - RP135 - Installed Windows IDNMitigationAPIs.
21: 2008-04-21 03:59:16 UTC - RP134 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2008-04-20 22:23:54 UTC - RP114 - Microsoft OneCare Protection Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:48 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wapp.verizon.net/bookmarks/bmred ... bm=wl_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D428C81-C7B2-4F49-A33D-D50AAF60259C} - C:\WINDOWS\system32\yayyXrRH.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gooochi browser optimizer - {dd2d73b2-c84e-f597-0459-28ae2acc3dd6} - C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Owner\svchost.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll" DllInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Surround - {82DE9632-7BBB-4E86-AB98-78066C3FA880} - http://wapp.verizon.net/bookmarks/bmred ... l_surround (file missing) (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... gctlcm.cab
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - https://vmodlms.widerthanam.com/compone ... anager.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol.com/mce/new/ServiceMgr.CAB
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.kudosbar.com/kudos/images/home/home-logo.gif

--
End of file - 10154 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 imapii - c:\windows\system32\drivers\imapii.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 mqdmbus (Motorola DM Composite Driver (WDM)) - c:\windows\system32\drivers\mqdmbus.sys (file missing)
S3 mqdmmdfl (Motorola USB Modem (Filter)) - c:\windows\system32\drivers\mqdmmdfl.sys (file missing)
S3 mqdmmdm (Motorola USB Modem) - c:\windows\system32\drivers\mqdmmdm.sys (file missing)
S3 mqdmserd (Motorola USB Diag) - c:\windows\system32\drivers\mqdmserd.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 20:38:03 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-19 17:53:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-18 18:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-21 15:07:01 0 d-------- C:\WINDOWS\LastGood
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 19:56:34 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:33:31 419763 --ahs---- C:\WINDOWS\system32\HRrXyyay.ini2
2008-04-19 21:31:43 862 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:30:02 0 d--hs---- C:\WINDOWS\IA
2008-04-19 21:29:56 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-04-19 21:29:47 1773568 ---hs---- C:\Documents and Settings\Owner\svchost.exe
2008-04-19 21:29:00 86144 --a------ C:\WINDOWS\system32\drivers\imapii.sys
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\Vb1
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\trcTMP
2008-04-19 21:28:46 0 d-------- C:\WINDOWS\system32\slNew
2008-04-19 21:28:45 0 d-------- C:\WINDOWS\system32\iTmp
2008-04-19 21:28:19 0 d-------- C:\WINDOWS\system32\xcsDd05
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-07 12:27:56 328704 --a------ C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-21 14:58:22 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 00:21:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:51:45 0 d-------- C:\Program Files\Common Files
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- End of Deckard's System Scanner: finished at 2008-04-21 20:59:48 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 89%
Physical Memory (total/avail): 501.77 MiB / 50.79 MiB
Pagefile Memory (total/avail): 1225.55 MiB / 402.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.25 MiB

C: is Fixed (NTFS) - 228.64 GiB total, 198.22 GiB free.
D: is Fixed (FAT32) - 4.23 GiB total, 0 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-22HBC0 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 228.64 GiB - C:
\PARTITION1 - Unknown - 4.24 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Windows Live OneCare Firewall v1.0.0 (Microsoft Corporation)
AV: Windows Live OneCare v1.0.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

Unable to get environment variables; The process cannot access the file because it is being used by another process.
ComSpec: C:\WINDOWS\system32\cmd.exe


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Tati
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

18 Wheels of Steel: Haulin' (remove only) --> "C:\Program Files\18 Wheels of Steel Haulin\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Canon PIXMA iP1500 --> C:\WINDOWS\system32\CNMCP5y.exe "-PRINTERNAMECanon PIXMA iP1500" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1500 Installer\Inst2\cnmi0409.dll"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{16cfbf49-69bb-4bfb-01bf-ec430cac37b5}.dll-uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Windows XP Hotfix - KB834707 -->
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282 -->
Windows XP Hotfix - KB873333 -->
Windows XP Hotfix - KB873339 -->
Windows XP Hotfix - KB885250 -->
Windows XP Hotfix - KB885835 -->
Windows XP Hotfix - KB885836 -->
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113 -->
Windows XP Hotfix - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 -->
Hotfix for Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890047 -->
Windows XP Hotfix - KB890175 -->
Windows XP Media Center Edition 2005 KB890629 -->
Windows XP Media Center Edition 2005 KB890760 -->
Windows XP Hotfix - KB890859 -->
Windows XP Hotfix - KB890923 -->
Hotfix for Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 -->
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows XP Hotfix - KB893066 -->
Windows XP Hotfix - KB893086 -->
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) -->
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB895198 -->
Windows XP Media Center Edition 2005 KB895678 -->
Hotfix for Windows XP (KB895961) --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344) --> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157) --> "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024) --> "C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Update for Windows XP (KB914882) --> "C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Update for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Update for Windows XP (KB923845) --> "C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Update for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Update for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494) --> "C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533) --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.0 --> c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Live OneCare --> "C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
MSN Encarta Plus Support Files --> MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Microsoft .NET Framework 3.0 --> MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Recovery Software Suite Gateway --> MsiExec.exe /I{15377C3E-9655-400F-B441-E69F0A6BEAFE}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Microsoft Windows OneCare Live v2.0.2500.22 Idcrl Install --> MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Microsoft Windows Live OneCare Resources v2.0.2500.22 --> MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Logitech ImageStudio --> MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
PX Engine --> MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
GTOneCare --> MsiExec.exe /X{72690A58-4C2A-4CDE-928C-DF925B125F43}
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Microsoft Protection Service --> MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" anything
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Microsoft Office PowerPoint Viewer 2007 (English) --> MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Windows OneCare Live v2.0.2500.22 --> MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Microsoft Office Outlook Connector for MSN --> MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Windows OneCare Live AntiSpyware and AntiVirus --> MsiExec.exe /I{E6A31482-989E-4E3C-B0C0-1ED4DBD5BC83}
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2204 / Error
Event Submitted/Written: 04/21/2008 08:53:21 PM / 04/21/2008 08:53:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2199 / Success
Event Submitted/Written: 04/21/2008 08:15:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2198 / Error
Event Submitted/Written: 04/21/2008 06:48:41 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application FinePixViewer.exe, version 5.1.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2186 / Warning
Event Submitted/Written: 04/21/2008 00:32:42 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type2167 / Warning
Event Submitted/Written: 04/20/2008 11:42:18 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5520 / Warning
Event Submitted/Written: 04/21/2008 07:13:34 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5516 / Warning
Event Submitted/Written: 04/21/2008 04:46:51 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type5510 / Warning
Event Submitted/Written: 04/21/2008 02:58:00 PM
Event ID/Source: 20192 / RemoteAccess
Event Description:
A certificate could not be found. Connections that use the L2TP protocol over IPSec
require the installation of a machine certificate, also known as a computer
certificate. No L2TP calls will be accepted.

Event Record #/Type5509 / Error
Event Submitted/Written: 04/21/2008 02:58:00 PM
Event ID/Source: 20106 / RemoteAccess
Event Description:
Unable to add the interface {A5969219-71E0-4507-AC7B-E0ED12DF23C4} with the Router Manager for the IP protocol. The
following error occurred: Cannot complete this function.

Event Record #/Type5469 / Error
Event Submitted/Written: 04/20/2008 10:18:54 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {00BF57EF-C57F-47D4-9119-1F31FAD912C8} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-04-21 20:59:48 ------------

Any help on what to do to fix my problem is greatly appreciated.
Thank you very much for your help.
andres1
Active Member
 
Posts: 2
Joined: April 21st, 2008, 11:26 pm
Advertisement
Register to Remove

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby peku006 » April 23rd, 2008, 2:50 am

Welcome to the MWR forums. My name is peku006. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby peku006 » April 23rd, 2008, 4:53 am

Hello andres1

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free, for personal use, anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player's components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
This is the item to fix in HijackThis.

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

If you wish to keep them, please do not use them until your computer is cleaned.

-------------------------------------------------------------------------------

1 - Scan With ComboFix

Please visit >this webpage< at Bleeping Computer and follow the instructions for downloading and running ComboFix.

IMPORTANT !!! combofix.exe MUST be on your Desktop for us to proceed.

2 - Status Check
Please reply with

1. the ComboFix log
2. a fresh HijackThis log
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby andres1 » April 23rd, 2008, 11:16 pm

ComboFix 08-04-22.5 - Owner 2008-04-23 22:35:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.138 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\imapii.sys
C:\WINDOWS\system32\HRrXyyay.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPII
-------\Legacy_NETWORK_MONITOR
-------\Service_imapii


((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 22:13 . 2008-04-23 22:13 <DIR> d-------- C:\_OTMoveIt
2008-04-22 15:30 . 2008-04-22 15:30 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:37 . 2008-04-23 22:44 9,569 --a------ C:\WINDOWS\system32\Config.MPF
2008-04-21 22:36 . 2008-04-23 18:39 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36 . 2008-04-21 23:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36 . 2008-04-22 00:00 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36 . 2008-04-21 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:34 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-04-21 22:33 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-04-21 22:33 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-04-21 22:33 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-04-21 22:33 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-04-21 22:33 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-04-21 22:32 . 2008-04-21 22:33 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-21 22:32 . 2008-04-22 14:23 <DIR> d-------- C:\Program Files\McAfee
2008-04-21 22:32 . 2008-04-21 22:33 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-21 21:17 . 2008-04-21 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16 . 2008-04-21 21:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:51 . 2008-04-21 20:51 <DIR> d-------- C:\Deckard
2008-04-21 20:29 . 2008-04-21 20:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 23:38 . 2008-04-20 23:51 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 23:07 . 2008-04-20 23:07 <DIR> d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44 . 2008-04-20 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32 . 2008-04-20 22:32 171 --a------ C:\KillUnin.bat
2008-04-20 20:37 . 2008-04-20 20:37 4,432 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-04-20 19:32 . 2008-04-20 20:22 7,570 --a------ C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
2008-04-20 15:11 . 2008-04-20 15:40 1,540,653 --ahs---- C:\WINDOWS\system32\oyeeslkb.ini
2008-04-20 15:10 . 2008-04-20 15:36 109,788 --a------ C:\WINDOWS\BMeffcb530.xml
2008-04-20 01:35 . 2008-04-20 01:35 <DIR> d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22 . 2008-04-20 01:22 399,926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50 . 2008-04-19 22:50 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-19 22:49 . 2007-03-29 08:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-19 22:49 . 2007-03-29 08:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-19 22:49 . 2007-03-29 08:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-19 22:49 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-04-19 21:31 . 2008-04-19 22:20 <DIR> d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30 . 2008-04-19 21:30 88,961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 21:29 . 2008-04-19 21:29 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-04-19 21:28 . 2008-04-19 21:29 <DIR> d-------- C:\temp\berDrv11
2008-04-17 11:29 . 2008-04-17 11:29 <DIR> d-------- C:\Program Files\Stardock
2008-04-16 13:17 . 2008-04-20 18:59 <DIR> d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46 . 2008-04-19 13:18 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33 . 2008-04-19 17:39 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-15 11:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-15 11:47 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-04-15 11:45 . 2004-08-03 23:08 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2008-04-15 11:45 . 2004-08-03 23:08 36,224 --a--c--- C:\WINDOWS\system32\dllcache\hidclass.sys
2008-04-15 11:45 . 2004-08-03 23:08 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2008-04-15 11:45 . 2004-08-03 23:08 24,960 --a--c--- C:\WINDOWS\system32\dllcache\hidparse.sys
2008-04-15 11:45 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-15 11:45 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-14 23:37 . 2008-04-16 12:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04 . 2008-04-14 18:04 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04 . 2008-04-14 18:04 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01 . 2008-04-14 14:03 <DIR> d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:44 . 2008-04-14 13:44 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:23 . 2005-04-13 14:17 <DIR> d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23 . 2008-03-03 03:26 <DIR> d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23 . 2008-04-19 21:06 <DIR> d-------- C:\Documents and Settings\Tati
2008-04-14 13:23 . 2008-04-23 22:45 1,024 --ah----- C:\Documents and Settings\Tati\ntuser.dat.LOG
2008-04-14 12:37 . 2008-04-14 12:37 <DIR> d-------- C:\Program Files\PIXELA
2008-04-14 12:37 . 2002-04-07 13:26 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2008-04-14 12:37 . 2004-03-08 12:55 13,567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-04-14 12:36 . 2008-04-21 18:48 <DIR> d-------- C:\Program Files\FinePixViewer
2008-04-14 12:36 . 2008-04-14 12:49 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36 . 2003-09-03 07:45 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2008-04-14 12:36 . 2004-07-24 12:28 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2008-04-14 12:36 . 2001-11-25 07:11 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2008-04-14 12:35 . 2008-04-14 12:35 <DIR> d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35 . 2002-02-05 12:33 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2008-04-14 12:35 . 2002-02-27 07:27 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2008-04-14 12:35 . 2002-06-25 10:06 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2008-04-14 12:35 . 2002-02-13 06:00 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
2008-04-13 19:00 . 2008-04-20 18:47 9,514 --a------ C:\logfile
2008-04-13 18:55 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-13 18:55 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-13 18:55 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-13 18:55 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-13 18:54 . 2008-04-20 19:08 <DIR> d-------- C:\Program Files\Kodak
2008-04-13 18:51 . 2008-04-20 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-13 18:45 . 2008-04-13 18:45 16 --a------ C:\s5no.1
2008-04-10 18:20 . 2008-04-10 18:20 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35 . 2008-04-10 15:35 <DIR> d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34 . 2008-04-20 19:02 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:34 . 2008-04-10 15:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:19 . 2008-04-10 15:19 0 --a------ C:\Debug.QC6
2008-04-10 15:14 . 2008-04-20 22:32 <DIR> d-------- C:\Program Files\WinImage
2008-04-10 15:14 . 2005-10-16 08:00 12,928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2008-04-10 14:55 . 2008-04-10 15:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-09 18:46 . 2008-04-09 18:46 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-09 18:45 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-09 18:45 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-04-09 18:45 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-09 18:45 . 2007-02-27 14:31 17,792 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-04-09 18:45 . 2007-01-23 19:03 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-04-09 18:45 . 2006-12-06 17:33 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-04-09 18:26 . 2008-04-09 18:26 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25 . 2008-04-09 18:25 92,064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys
2008-04-09 18:25 . 2008-04-09 18:25 79,328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys
2008-04-09 18:25 . 2008-04-09 18:25 66,656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys
2008-04-09 18:25 . 2008-04-09 18:25 9,232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys
2008-04-09 18:25 . 2008-04-09 18:25 6,208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys
2008-04-09 18:25 . 2008-04-09 18:25 6,208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys
2008-04-09 18:25 . 2008-04-09 18:25 5,936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys
2008-04-09 18:25 . 2008-04-09 18:25 5,936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys
2008-04-09 18:25 . 2008-04-09 18:25 4,048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys
2008-04-09 17:45 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-09 17:45 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-09 17:45 . 2003-12-26 05:22 24,192 -ra------ C:\WINDOWS\system32\drivers\OLD26D.tmp
2008-04-09 17:43 . 2008-04-09 18:25 25,600 --a------ C:\Documents and Settings\Owner\usbsermptxp.sys
2008-04-09 17:43 . 2008-04-09 18:25 22,768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys
2008-04-07 22:08 . 2008-04-07 22:10 <DIR> d-------- C:\Program Files\DivX
2008-04-07 17:51 . 2008-04-07 17:51 54,356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16 . 2008-04-07 17:16 <DIR> d-------- C:\Program Files\MSBuild
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11 . 2008-04-07 17:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10 . 2008-04-07 17:10 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-07 17:10 . 2008-04-07 17:10 <DIR> d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 18:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-22 02:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-21 04:21 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-21 03:06 --------- d-----w C:\Program Files\Java
2008-04-21 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-21 00:22 --------- d-----w C:\Program Files\Symantec
2008-04-20 23:04 --------- d-----w C:\Program Files\Real
2008-04-20 23:03 --------- d-----w C:\Program Files\Common Files\Real
2008-04-20 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-19 01:15 --------- d-----w C:\Program Files\Microsoft Picture It! 10
2008-04-19 00:01 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2008-04-09 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 21:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-07 20:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-04-01 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-01 04:53 446 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2008-03-29 00:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-27 16:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 00:09 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-03-16 17:39 --------- d-----w C:\Documents and Settings\Guest\Application Data\Leadertech
2008-03-16 17:36 --------- d-----w C:\Program Files\MSN Encarta Plus
2008-03-16 17:36 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 22:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-12 22:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-12 01:02 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-09 03:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-03-09 02:40 --------- d-----w C:\Program Files\Common Files\Digi506
2008-03-08 22:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 21:29 --------- d-----w C:\Program Files\Napster
2008-03-08 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-03-08 21:28 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-03-08 21:28 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-08 02:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\InstallShield Installation Information
2008-03-08 02:00 --------- d-----w C:\Documents and Settings\Guest\Application Data\InstallShield
2008-03-06 21:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 05:02 --------- d-----w C:\Program Files\Logitech
2008-03-06 05:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-06 04:58 --------- d-----w C:\Program Files\Windows Media Components
2008-03-05 05:16 --------- d-----w C:\Program Files\America Online 9.0
2008-03-05 05:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-05 03:56 --------- d-----w C:\Program Files\18 Wheels of Steel Haulin
2008-03-05 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-05 03:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-05 00:28 --------- d-----w C:\Documents and Settings\Guest\Application Data\acccore
2008-03-04 21:11 --------- d-----w C:\Program Files\MSECache
2008-03-04 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-04 16:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-04 03:47 --------- d-----w C:\Documents and Settings\Guest\Application Data\Template
2008-03-04 02:33 --------- d-----w C:\Program Files\Canon
2008-03-04 01:36 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-04 01:35 --------- d-----w C:\Program Files\Design Science
2008-03-04 00:16 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 00:16 --------- d-----w C:\Program Files\Windows Live
2008-03-03 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-03 21:25 --------- d-----w C:\Program Files\Apple Software Update
2008-03-03 21:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-03 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-03 21:13 --------- d-----w C:\Program Files\Yahoo!
2008-03-03 21:12 --------- d-----w C:\Program Files\Google
2008-03-03 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-03 20:32 --------- d-----w C:\Program Files\AIM6
2008-03-03 20:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 20:31 --------- d-----w C:\Program Files\Viewpoint
2008-03-03 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-03 19:41 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-03-03 07:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Guest\Application Data\SampleView
2008-03-03 07:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SampleView
2008-03-03 07:24 --------- d-----w C:\Program Files\Realtek
2008-03-03 07:24 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-03-03 07:24 --------- d-----w C:\Program Files\CyberLink
2008-03-03 07:23 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-03 07:20 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee
2008-03-03 07:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-03 07:19 --------- d-----w C:\Program Files\BigFix
2008-03-03 07:19 --------- d-----w C:\Program Files\Ahead
2008-03-03 07:18 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-03-03 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-03-03 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-03-03 07:17 --------- d-----w C:\Program Files\Intel
2008-03-03 07:15 --------- d-----w C:\Program Files\Digital Media Reader
2008-03-03 07:14 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-03-03 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-03-03 07:12 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-03-03 07:10 --------- d-----w C:\Program Files\CONEXANT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
C:\WINDOWS\system32\yayyXrRH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-23 18:36 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 22:23 369664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 16:00 155648]
"ShowWnd"="ShowWnd.exe" [2003-09-19 13:09 36864 C:\WINDOWS\ShowWnd.exe]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 19:31 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:50 155648]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 22:44 2744832 C:\WINDOWS\ALCWZRD.EXE]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"CHotkey"="zHotkey.exe" [2004-05-17 22:30 543232 C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 135168]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 18:54 127022]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 21:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 19:32 155648]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 17:57 36640]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 17:37 936960]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 19:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 15:55 126976]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 18:34:48 3746856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2008-03-03 03:19:37 1742384]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2008-04-14 12:36:39 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-02-27 14:31]
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys []
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys []
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys []
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
\Shell\AutoRun\command - L:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 21:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-24 02:38:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-04-22 02:33:20 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-22 02:33:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-18 22:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 22:50:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 70

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-04-23 22:58:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 02:58:38

Pre-Run: 213,365,403,648 bytes free
Post-Run: 214,719,369,216 bytes free

380 --- E O F --- 2008-04-22 07:01:34

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-23 23:17:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 502 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:44 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {0D428C81-C7B2-4F49-A33D-D50AAF60259C} - C:\WINDOWS\system32\yayyXrRH.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8610 bytes

-- Files created between 2008-03-23 and 2008-04-23 -----------------------------

2008-04-23 22:33:28 68096 --a------ C:\WINDOWS\zip.exe
2008-04-23 22:33:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-23 22:33:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-23 22:33:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-23 22:33:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-23 22:33:28 98816 --a------ C:\WINDOWS\sed.exe
2008-04-23 22:33:28 80412 --a------ C:\WINDOWS\grep.exe
2008-04-23 22:33:28 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-22 15:30:41 0 d-------- C:\Documents and Settings\Tati\Application Data\SiteAdvisor
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-21 22:36:34 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Program Files\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2008-04-21 22:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-21 22:32:53 0 d-------- C:\Program Files\McAfee.com
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-21 22:32:17 0 d-------- C:\Program Files\McAfee
2008-04-21 21:17:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 21:16:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:29:42 0 d-------- C:\Program Files\Trend Micro
2008-04-20 23:38:58 0 d-------- C:\Program Files\LimeWire
2008-04-20 23:07:05 0 d-------- C:\Program Files\Three Rings Design
2008-04-20 22:44:22 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-04-20 22:32:40 171 --a------ C:\KillUnin.bat
2008-04-20 01:35:40 0 d-------- C:\81fb2ccf914e86d7bba8
2008-04-20 01:22:12 399926 --a------ C:\WINDOWS\system32\g80.exe
2008-04-19 22:50:23 0 d-------- C:\WINDOWS\system32\bits
2008-04-19 22:33:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-19 22:33:12 0 d---s---- C:\Documents and Settings\LocalService\Favorites
2008-04-19 21:31:00 0 d--hs---- C:\Documents and Settings\Owner\!
2008-04-19 21:30:38 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-04-19 16:08:19 0 d-------- C:\Documents and Settings\Tati\Application Data\Google
2008-04-18 20:00:00 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-04-17 15:49:30 0 d-------- C:\Documents and Settings\Tati\Application Data\Real
2008-04-17 11:46:57 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-17 11:29:44 0 d-------- C:\Program Files\Stardock
2008-04-16 13:17:51 0 d-------- C:\Program Files\Frets on Fire
2008-04-15 15:46:59 0 d-------- C:\Documents and Settings\Tati\Application Data\Apple Computer
2008-04-15 15:33:53 0 d-------- C:\Documents and Settings\Tati\Application Data\LimeWire
2008-04-14 23:37:51 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Tati\Application Data\FUJIFILM
2008-04-14 18:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\FUJIFILM
2008-04-14 14:01:54 0 d-------- C:\Documents and Settings\Tati\Contacts
2008-04-14 13:55:50 0 d-------- C:\Documents and Settings\Tati\Application Data\Macromedia
2008-04-14 13:55:08 0 d-------- C:\Documents and Settings\Tati\Application Data\Mozilla
2008-04-14 13:44:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Motive
2008-04-14 13:29:16 0 d-------- C:\Documents and Settings\Tati\Application Data\Adobe
2008-04-14 13:23:07 0 d-------- C:\Documents and Settings\Tati\Application Data\Identities
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\NetHood
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\My Documents
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Local Settings
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Favorites
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Desktop
2008-04-14 13:23:06 0 d--hs---- C:\Documents and Settings\Tati\Cookies
2008-04-14 13:23:06 0 d--h----- C:\Documents and Settings\Tati\Application Data
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\Sun
2008-04-14 13:23:06 0 d-------- C:\Documents and Settings\Tati\Application Data\SampleView
2008-04-14 13:23:06 0 d---s---- C:\Documents and Settings\Tati\Application Data\Microsoft
2008-04-14 13:23:05 0 d-------- C:\Documents and Settings\Tati\WINDOWS
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\Templates
2008-04-14 13:23:05 0 dr------- C:\Documents and Settings\Tati\Start Menu
2008-04-14 13:23:05 0 dr-h----- C:\Documents and Settings\Tati\SendTo
2008-04-14 13:23:05 0 d--hs---- C:\Documents and Settings\Tati\Recent
2008-04-14 13:23:05 0 d--h----- C:\Documents and Settings\Tati\PrintHood
2008-04-14 13:23:05 2621440 --ah----- C:\Documents and Settings\Tati\NTUSER.DAT
2008-04-14 12:37:52 13567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
2008-04-14 12:37:49 0 d-------- C:\Program Files\PIXELA
2008-04-14 12:37:16 106496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FPXS2Pro.dll>
2008-04-14 12:36:51 0 d-------- C:\Documents and Settings\Owner\Application Data\FUJIFILM
2008-04-14 12:36:19 274432 --a------ C:\WINDOWS\system32\FFTIFF16.dll <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM TIFF Image Library>
2008-04-14 12:36:19 155648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL <Not Verified; FUJI PHOTO FILM CO., LTD.; FUJIFILM CCD-RAW LIBRARY>
2008-04-14 12:36:19 0 d-------- C:\Program Files\FinePixViewer
2008-04-14 12:35:58 45056 --a------ C:\WINDOWS\system32\FINFCOPY.dll <Not Verified; FUJIFILM; FUJIFILM FINFCOPY>
2008-04-14 12:35:58 65536 --a------ C:\WINDOWS\system32\FINFCHECK.dll <Not Verified; FUJIFILM; FUJIFILM FINFCHECK>
2008-04-14 12:35:58 0 d-------- C:\Program Files\REGSHAVE
2008-04-14 12:35:56 69632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL <Not Verified; FUJIFILM; FUJIFILM Fregshave>
2008-04-14 12:35:56 45056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL <Not Verified; FUJIFILM; FUJIFILM FCLKBTN>
2008-04-13 19:00:15 9514 --a------ C:\logfile
2008-04-13 18:54:15 0 d-------- C:\Program Files\Kodak
2008-04-13 18:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-10 18:20:23 0 d-------- C:\Documents and Settings\Guest\Application Data\DivX
2008-04-10 15:35:09 0 d-------- C:\Documents and Settings\Owner\AbiSuite
2008-04-10 15:34:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-04-10 15:34:09 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-10 15:14:14 12928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
2008-04-10 15:14:07 0 d-------- C:\Program Files\WinImage
2008-04-10 14:55:46 0 d-------- C:\Documents and Settings\Owner\Application Data\InfraRecorder
2008-04-09 18:26:30 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-09 18:25:15 5936 --a------ C:\WINDOWS\system32\drivers\mqdmwh.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 6208 --a------ C:\WINDOWS\system32\drivers\mqdmcm.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 5936 --a------ C:\Documents and Settings\Owner\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:15 79328 --a------ C:\Documents and Settings\Owner\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2008-04-09 18:25:15 92064 --a------ C:\Documents and Settings\Owner\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2008-04-09 18:25:15 9232 --a------ C:\Documents and Settings\Owner\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2008-04-09 18:25:15 4048 --a------ C:\Documents and Settings\Owner\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 6208 --a------ C:\Documents and Settings\Owner\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2008-04-09 18:25:15 66656 --a------ C:\Documents and Settings\Owner\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2008-04-09 18:25:14 6947 --a------ C:\Documents and Settings\Owner\1207779914-(null)
2008-04-09 17:43:44 22768 --a------ C:\Documents and Settings\Owner\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-07 22:08:22 0 d-------- C:\Program Files\DivX
2008-04-07 17:51:27 54356 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-07 17:16:03 0 d-------- C:\Program Files\MSBuild
2008-04-07 17:11:44 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-07 17:11:12 0 d-------- C:\Program Files\Reference Assemblies
2008-04-07 17:10:12 0 d-------- C:\6d56f5267322cc7720fc22c557fc
2008-04-07 17:10:09 0 d-------- C:\Program Files\MSXML 6.0
2008-04-07 16:36:35 55039 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-04-07 16:33:42 6114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-07 16:33:19 0 d-------- C:\WINDOWS\BricoPacks
2008-04-07 16:22:12 0 d-------- C:\Program Files\Safari
2008-04-07 16:20:22 0 d-------- C:\Program Files\iPod
2008-04-07 16:20:09 0 d-------- C:\Program Files\iTunes
2008-04-07 16:18:53 0 d-------- C:\Program Files\QuickTime
2008-04-03 19:01:49 0 d-------- C:\Program Files\MSXML 4.0
2008-04-03 19:00:08 0 d-------- C:\Program Files\Microsoft Games
2008-03-31 20:41:26 0 d-------- C:\temp
2008-03-31 20:37:34 0 d-------- C:\Program Files\Sony
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-30 21:33:42 0 d-------- C:\Program Files\MSN Messenger
2008-03-30 18:11:11 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 20:03:50 0 d-------- C:\WINDOWS\Cache
2008-03-28 20:03:20 159744 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-03-28 20:03:20 552960 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-03-28 20:03:20 8704 --a------ C:\WINDOWS\system32\vidccleaner.exe <Not Verified; ; vidccleaner Application>
2008-03-28 20:03:02 217088 --a------ C:\WINDOWS\system32\skjpeg40.dll <Not Verified; STOIK Software; STOIK Software skjpeg>
2008-03-28 20:03:01 83968 --a------ C:\WINDOWS\system32\Skbase40.dll <Not Verified; STOIK Software Ltd.; STOIK Software Ltd. skbase>
2008-03-28 20:03:00 0 d-------- C:\Program Files\Samsung
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSNInstaller
2008-03-28 00:28:34 0 d-------- C:\Documents and Settings\Guest\Application Data\MSN6
2008-03-28 00:04:55 0 d-------- C:\Documents and Settings\Guest\Application Data\Motive
2008-03-27 12:45:06 0 d-------- C:\Documents and Settings\Owner\Application Data\Motive
2008-03-27 12:31:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-27 12:31:12 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-27 11:55:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-03-27 11:55:49 0 d-------- C:\Program Files\Common Files\Motive
2008-03-27 11:55:30 0 d-------- C:\Program Files\Verizon
2008-03-25 23:48:38 0 d-------- C:\Documents and Settings\Guest\Application Data\alot
2008-03-24 19:22:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-03-24 19:22:56 448 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat


-- Find3M Report ---------------------------------------------------------------

2008-04-22 14:27:17 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-04-21 22:42:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-21 22:32:44 0 d-------- C:\Program Files\Common Files
2008-04-21 00:21:22 0 d-------- C:\Program Files\Norton Security Scan
2008-04-20 23:33:11 0 d-------- C:\Program Files\Movie Maker
2008-04-20 23:06:43 0 d-------- C:\Program Files\Java
2008-04-20 20:22:08 0 d-------- C:\Program Files\Symantec
2008-04-20 19:04:22 0 d-------- C:\Program Files\Real
2008-04-20 19:03:23 0 d-------- C:\Program Files\Common Files\Real
2008-04-20 19:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 21:15:17 0 d-------- C:\Program Files\Microsoft Picture It! 10
2008-04-10 15:34:23 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-07 17:31:20 67376 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-04-07 17:09:01 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 16:36:35 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-07 16:22:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-03-28 20:02:17 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-27 12:54:06 0 d-------- C:\Documents and Settings\Owner\Application Data\MSN6
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 20:09:55 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-16 21:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-03-16 13:36:56 0 d-------- C:\Program Files\MSN Encarta Plus
2008-03-16 13:36:55 0 d-------- C:\Program Files\Messenger
2008-03-16 13:36:54 0 d-------- C:\Program Files\Microsoft Works
2008-03-12 18:39:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-12 18:33:44 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-03-11 21:02:04 0 d-------- C:\Program Files\Microsoft.NET
2008-03-11 21:02:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-10 21:03:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-03-08 22:40:43 0 d-------- C:\Program Files\Common Files\Digi506
2008-03-08 18:45:47 0 d-------- C:\Documents and Settings\Owner\Application Data\MSNInstaller
2008-03-08 18:23:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-03-08 17:29:36 0 d-------- C:\Program Files\Napster
2008-03-08 17:28:32 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-08 17:28:30 0 d-------- C:\Program Files\Common Files\AOL
2008-03-06 17:17:46 0 d-------- C:\Documents and Settings\Owner\Application Data\Roxio
2008-03-06 01:02:15 0 d-------- C:\Program Files\Common Files\Logitech
2008-03-06 01:02:13 0 d-------- C:\Program Files\Logitech
2008-03-06 00:58:28 0 d-------- C:\Program Files\Windows Media Components
2008-03-05 01:16:23 0 d-------- C:\Program Files\America Online 9.0
2008-03-04 23:56:02 0 d-------- C:\Program Files\18 Wheels of Steel Haulin
2008-03-04 23:11:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2008-03-04 17:11:32 0 d-------- C:\Program Files\MSECache
2008-03-04 12:00:30 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 22:33:20 0 d-------- C:\Program Files\Canon
2008-03-03 21:36:20 0 d-------- C:\Program Files\Microsoft Office Outlook Connector for MSN
2008-03-03 21:35:56 0 d-------- C:\Program Files\Design Science
2008-03-03 20:16:39 0 d-------- C:\Program Files\Windows Live
2008-03-03 20:16:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 17:25:04 0 d-------- C:\Program Files\Apple Software Update
2008-03-03 17:24:44 0 d-------- C:\Program Files\Common Files\Apple
2008-03-03 17:13:57 0 d-------- C:\Program Files\Yahoo!
2008-03-03 17:12:00 0 d-------- C:\Program Files\Google
2008-03-03 16:32:59 0 d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-03-03 16:32:32 0 d-------- C:\Program Files\AIM6
2008-03-03 16:31:15 0 d-------- C:\Program Files\Viewpoint
2008-03-03 15:41:27 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-03-03 03:26:12 0 d-------- C:\Documents and Settings\Owner\Application Data\SampleView
2008-03-03 03:24:58 0 d-------- C:\Program Files\Realtek
2008-03-03 03:24:28 0 d-------- C:\Program Files\CyberLink
2008-03-03 03:24:20 0 d-------- C:\Program Files\Microsoft Money 2005
2008-03-03 03:23:28 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-03 03:19:37 0 d-------- C:\Program Files\BigFix
2008-03-03 03:19:26 0 d-------- C:\Program Files\Ahead
2008-03-03 03:19:01 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-03 03:17:45 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-03 03:17:15 0 d-------- C:\Program Files\Intel
2008-03-03 03:15:28 0 d-------- C:\Program Files\Digital Media Reader
2008-03-03 03:14:52 0 d-------- C:\Program Files\Common Files\New Boundary
2008-03-03 03:11:49 2 -r-hs---- C:\USER
2008-03-03 03:10:06 0 d-------- C:\Program Files\CONEXANT
2008-03-03 03:07:30 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]
C:\WINDOWS\system32\yayyXrRH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [11/10/2003 10:23 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [12/01/2004 04:00 PM]
"ShowWnd"="ShowWnd.exe" [09/19/2003 01:09 PM C:\WINDOWS\ShowWnd.exe]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/2002 07:31 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 03:50 PM]
"AlcWzrd"="ALCWZRD.EXE" [10/21/2004 10:44 PM C:\WINDOWS\ALCWZRD.EXE]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 02:56 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"CHotkey"="zHotkey.exe" [05/17/2004 10:30 PM C:\WINDOWS\zHotkey.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [11/15/2004 07:04 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/2002 06:54 PM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [08/12/2004 09:45 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/2002 07:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [08/24/2007 05:57 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 05:37 PM]
"SoundMan"="SOUNDMAN.EXE" [10/21/2004 07:20 PM C:\WINDOWS\SOUNDMAN.EXE]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [12/01/2004 03:55 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03/18/2004 10:33 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 10:32 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 12:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 03:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/23/2008 06:36 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [12/11/2007 6:34:48 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [3/3/2008 3:19:37 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [4/14/2008 12:36:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18642bf6-ec8f-11dc-9cb2-0013204f03da}]
AutoRun\command- L:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-04-23 23:18:36 ------------


So far no popups. I'm keeping my fingers crossed that they are gone for good!
Thanks!!
andres1
Active Member
 
Posts: 2
Joined: April 21st, 2008, 11:26 pm

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby peku006 » April 24th, 2008, 4:18 am

Hello andres1
It looks like you have some components of McAfee and some from a Norton/Symantec product installed.
Are you still using Norton/Symantec software ?

1 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
C:\KillUnin.bat
C:\WINDOWS\system32\oyeeslkb.ini
C:\WINDOWS\BMeffcb530.xml
C:\WINDOWS\system32\spmsg2.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
Folder::
C:\81fb2ccf914e86d7bba8
C:\temp
C:\6d56f5267322cc7720fc22c557fc
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D428C81-C7B2-4F49-A33D-D50AAF60259C}]



Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

2 - Clean temp files:

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

3 - Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

4 - Check on status
After you have completed the above, please reboot and post:

the Combofix.txt
the Malwarebytes log
a new HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby peku006 » April 30th, 2008, 3:15 am

Hello!

Do you still need help

It has been few days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE Popups, Taskbar doesn't work, Task Manager Disabled

Unread postby NonSuch » May 5th, 2008, 8:00 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware