Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IUSER_ADMIN? and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IUSER_ADMIN? and other problems

Unread postby shadow6463 » October 25th, 2008, 3:51 pm

Hello. I recently had some IUSER_ADMIN user popup as one of the users in my welcome page for windows xp. This all happened after I had was attacked by a lot of spyware (which has subdued now). There are some other weird problems with my computer. Whenever I press Turn Off Computer in the start menu my computer takes a really long time just to have the options (turn off, restart, standby) show up. Also, drag and drop with my mouse is really spotty. Sometimes it works, sometimes it doesn't. I don't know if that has anything to do with my problem though. Also of note, I'm using SP2, and Firefox and Opera as my browsers. IE DOES NOT work. No matter what I do, could be a symptom. And, to the right of my desktop, theres some sort a dead zone. Like my mouse won't go off the side when I go up, down or left. But when I go right, it disappears, and some times windows get lost out there. (Like if I accidentally drag My Documents out there)

EDIT: I recently read of your no P2P policy. I have posted a new HJT log with my P2P programs removed.
EDIT2: I had some free time and did a massive update for the computer. Updated graphics card and a lot of windows stuff.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:55 PM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4145442328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7823469687
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

--
End of file - 5670 bytes
shadow6463
Active Member
 
Posts: 6
Joined: October 25th, 2008, 3:41 pm
Advertisement
Register to Remove

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » October 29th, 2008, 8:17 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

I am currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » October 29th, 2008, 11:25 am

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Double click on mbam-setup.exe to install it.
  2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  5. Leave the default options as it is and click on Start Scan.
  6. When done, you will be prompted. Click OK, then click on Show Results.
  7. Checked (ticked) all items and click on Remove Selected.
  8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Next,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the following:
  1. The Malwarebyte's Anti-Malware log
  2. The contents of log.txt
  3. The contents of info.txt
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby shadow6463 » October 29th, 2008, 6:05 pm

Malwarebytes' Anti-Malware 1.30
Database version: 1337
Windows 5.1.2600 Service Pack 2

10/29/2008 6:02:45 PM
mbam-log-2008-10-29 (18-02-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164519
Time elapsed: 1 hour(s), 1 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.04 (written by random/random)
Run by Sharon Clark at 2008-10-29 18:03:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 104 GB (70%) free of 149 GB
Total RAM: 510 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:15 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Sharon Clark\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sharon Clark.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\Embarq TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4145442328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7823469687
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe

--
End of file - 6084 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]
ElnkBhoGuard Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]
ElnkScamBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-30 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-07-19 78008]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"Dell Photo AIO Printer 922"=C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [2004-06-18 290816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-12 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\Embarq TotalAccess\TaskPanl.exe [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Earthlink Protection Control Center]
C:\Program Files\EarthLink\EarthLink Protection Control Center\BIN\elnk_pcc2.exe [2007-01-19 67352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-04-11 24184360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-30 1829712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\Sandisk\Common\Bin\WINCIN~1.EXE [2006-09-26 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
C:\PROGRA~1\FinePixViewer\QuickDCF2.exe [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-01-30 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharon Clark^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasMan"=3
"RasAuto"=3
"ElnkFWPPService"=3
"gusvc"=3
"ioloDMV"=2
"ERSvc"=3
"ADSService"=3
"WMPNetworkSvc"=2
"ELNKUpdateService"=2
"EarthLinkSafeConnectAgent"=3
"Viewpoint Manager Service"=2
"ProtectionService"=2
"NVSvc"=2
"MDM"=2
"AVGEMS"=2
"wsldoekd"=2
"tdxdowkc"=2
"sobicyt"=2
"roxtctm"=2
"noxtcyr"=2
"macidwe"=2
"Creative Service for CDROM Access"=2
"sotpeca"=2
"afisicx"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DontDisplayLastUserName"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"BackupNoCDBurning"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Common Files\AOL\1154907051\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1154907051\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Documents and Settings\Sharon Clark\My Documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\Sharon Clark\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Setup.exe"="D:\Setup.exe:*:Enabled:Setup"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1156184931\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1156184931\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Documents and Settings\Kat Loves Coco\LimeWire\LimeWire.exe"="C:\Documents and Settings\Kat Loves Coco\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Sharon Clark\Desktop\LimeWire\LimeWire.exe"="C:\Documents and Settings\Sharon Clark\Desktop\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe"="C:\Program Files\The Creative Assembly\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Trash\Trash.exe"="C:\Program Files\Trash\Trash.exe:*:Enabled:Trash"
"C:\Program Files\Python\pythonw.exe"="C:\Program Files\Python\pythonw.exe:*:Enabled:pythonw"
"C:\Program Files\Zune\Zune.exe"="C:\Program Files\Zune\Zune.exe:*:Enabled:Zune"
"C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\EA Games\Command and Conquer Generals\game.dat"="C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Documents and Settings\Kat Loves Coco\My Documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\Kat Loves Coco\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Messenger"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Documents and Settings\Sharon Clark\Desktop\Empire Earth\Empire Earth.exe"="C:\Documents and Settings\Sharon Clark\Desktop\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1154907051\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1154907051\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1cf4d3e-9fa2-11dd-83e5-00111162940c}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4989c62-1e8c-11db-9f1d-806d6172696f}]
shell\AutoRun\command - D:\Setup.EXE


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2008-10-29 18:03:51 ----DC---- C:\rsit
2008-10-27 20:58:29 ----RA---- C:\WINDOWS\system32\dlbtsnls.dll
2008-10-27 20:58:29 ----RA---- C:\WINDOWS\system32\dlbtcoin.dll
2008-10-27 20:57:29 ----A---- C:\WINDOWS\system32\dlbtpmui.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtvs.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtusb1.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtpplc.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtlmpm.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtih.exe
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtcomm.dll
2008-10-27 20:57:28 ----A---- C:\WINDOWS\system32\dlbtcfg.exe
2008-10-27 20:57:27 ----A---- C:\WINDOWS\system32\dlbtserv.dll
2008-10-27 20:57:27 ----A---- C:\WINDOWS\system32\dlbtprox.dll
2008-10-27 20:57:27 ----A---- C:\WINDOWS\system32\dlbthbn1.dll
2008-10-27 20:57:27 ----A---- C:\WINDOWS\system32\dlbtcoms.exe
2008-10-27 20:57:27 ----A---- C:\WINDOWS\system32\dlbtcomc.dll
2008-10-27 20:57:26 ----A---- C:\WINDOWS\system32\dlbtcur.dll
2008-10-27 20:57:26 ----A---- C:\WINDOWS\system32\dlbtcu.dll
2008-10-27 20:57:22 ----A---- C:\WINDOWS\system32\dlbtjswr.dll
2008-10-27 20:57:16 ----A---- C:\WINDOWS\system32\dlbtutil.dll
2008-10-27 20:57:16 ----A---- C:\WINDOWS\system32\dlbtgf.dll
2008-10-27 20:57:15 ----D---- C:\Program Files\Dell Photo AIO Printer 922
2008-10-27 17:42:24 ----DC---- C:\spoolerlogs
2008-10-27 17:38:33 ----DC---- C:\Dell922
2008-10-26 13:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-26 13:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-26 13:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-26 13:28:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-26 13:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-26 13:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-26 13:23:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-26 13:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-26 13:21:09 ----D---- C:\Program Files\Windows Desktop Search
2008-10-26 13:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2008-10-26 12:57:58 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-25 15:44:17 ----D---- C:\Program Files\Trend Micro
2008-10-21 15:01:36 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\U3
2008-10-18 14:23:43 ----D---- C:\Program Files\Counter-Strike 1.6
2008-10-12 09:55:47 ----SHD---- C:\found.003
2008-09-30 22:32:48 ----D---- C:\Program Files\AoA Audio Extractor
2008-09-30 18:21:24 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\Spore

======List of files/folders modified in the last 1 months======

2008-10-29 16:57:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 16:57:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 16:16:35 ----D---- C:\WINDOWS\Temp
2008-10-29 16:06:40 ----D---- C:\Program Files\Mozilla Firefox
2008-10-29 15:35:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 15:35:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 15:35:12 ----HD---- C:\WINDOWS\inf
2008-10-29 01:42:39 ----DC---- C:\PrintSpool
2008-10-29 01:42:29 ----AC---- C:\WINDOWS\dellstat.ini
2008-10-28 14:33:37 ----D---- C:\WINDOWS
2008-10-27 20:58:29 ----D---- C:\WINDOWS\system32
2008-10-27 20:57:15 ----RD---- C:\Program Files
2008-10-27 20:51:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-27 19:51:24 ----DC---- C:\DELL
2008-10-27 17:51:07 ----ASHC---- C:\boot.ini
2008-10-27 17:51:07 ----AC---- C:\WINDOWS\win.ini
2008-10-27 17:51:07 ----AC---- C:\WINDOWS\system.ini
2008-10-26 14:15:09 ----SHDC---- C:\Config.Msi
2008-10-26 14:15:09 ----SHD---- C:\WINDOWS\Installer
2008-10-26 13:59:20 ----D---- C:\WINDOWS\nview
2008-10-26 13:57:01 ----D---- C:\WINDOWS\Help
2008-10-26 13:56:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-26 13:47:35 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\SystemRequirementsLab
2008-10-26 13:43:23 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-26 13:42:24 ----D---- C:\WINDOWS\system32\wbem
2008-10-26 13:42:24 ----D---- C:\WINDOWS\system32\en-US
2008-10-26 13:30:02 ----A---- C:\WINDOWS\imsins.BAK
2008-10-26 13:29:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-26 13:23:46 ----D---- C:\WINDOWS\WinSxS
2008-10-26 13:21:22 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-26 13:21:15 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-26 12:57:58 ----D---- C:\WINDOWS\Debug
2008-10-25 16:59:28 ----D---- C:\Program Files\Best Buy Rhapsody
2008-10-23 17:46:27 ----D---- C:\Program Files\Opera
2008-10-22 21:17:24 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\LimeWire
2008-10-21 00:00:40 ----D---- C:\Program Files\Riva
2008-10-19 19:35:46 ----D---- C:\Program Files\FinePixViewer
2008-10-18 19:28:01 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\uTorrent
2008-10-18 11:24:32 ----D---- C:\Program Files\SystemRequirementsLab
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 23:49:16 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 23:32:17 ----SD---- C:\Documents and Settings\Sharon Clark\Application Data\Microsoft
2008-10-07 12:19:42 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-04 20:17:49 ----D---- C:\Documents and Settings\Sharon Clark\Application Data\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-12 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2006-06-05 829008]
R2 GRTdiMon;GR TDI Mon; C:\WINDOWS\System32\Drivers\GRTdiMon.sys [2006-11-10 42040]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-04-07 8413]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-12 26624]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 Ca533av;Polaroid Digital Cam Video; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-20 515803]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [2006-11-20 56728]
S3 ADSMonitor;ADSMonitor - (EarthLink Monitor Driver); C:\WINDOWS\system32\drivers\ADSMonitor.sys [2006-11-20 35352]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DrvFltIp;DrvFltIp; \??\C:\Program Files\BulletProofSoft.com\AdvancedPersonalFirewall\DrvFltIp.sys []
S3 EarthLinkSafeConnectDriver;EarthLinkSafeConnectDriver; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectDriver.sys []
S3 EarthLinkSafeConnectShim;EarthLinkSafeConnectShim; \??\C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Driver\platform_XP\SafeConnectShim.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2007-03-20 28672]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-12 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-05 287360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-24 10986]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WlanUIG;2Wire 802.11g USB Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 347648]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-17 52352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2006-06-05 147728]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 dlbt_device;dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [2004-03-16 421888]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 ADSService;ADSService; C:\Program Files\Common Files\ADS\ADSService.exe [2006-11-20 96024]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S4 EarthLinkSafeConnectAgent;EarthLinkSafeConnectAgent; C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin\SanaAgent.exe [2006-10-16 4664344]
S4 ELNKUpdateService;ELNK Update Service; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\UpdateService.exe [2007-01-19 38680]
S4 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
S4 ProtectionService;ProtectionService; C:\Program Files\EarthLink\EarthLink Protection Control Center\bin\ProtectionService.exe [2007-01-19 116504]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-10-29 18:04:20

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->"C:\Program Files\Creative\Sound Blaster Live! 24-bit\Program\Ctzapxx.EXE" /X /U /S
-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x0009/cont -removeonly
-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
AoA Audio Extractor 1.0-->"C:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Authentium FW SDK-->MsiExec.exe /I{C683356A-3C1A-49D7-BC37-3DBA6683C879}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Chutes and Ladders-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Chutes\DeIsL1.isu"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo AIO Printer 922-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUNST.EXE -NOLICENSE
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EarthLink Software-->"C:\Program Files\Embarq TotalAccess\uninstll.exe" /W
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.5-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB933547)-->"C:\WINDOWS\$NtUninstallKB933547$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Mall Of America Tycoon-->C:\WINDOWS\unvise32.exe C:\Program Files\Mall Of America Tycoon\uninstal.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Tool Web Package : EXCTRLST.EXE-->MsiExec.exe /X{B0650E3D-FDCA-4908-B74B-0CC1731BDB93}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Cutter 1.2-->"C:\Program Files\MP3 Cutter\unins000.exe"
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.61-->MsiExec.exe /X{92271486-E286-4CF1-AE6D-F889F83CBF84}
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Polaroid Digital Cam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBF18108-DDC2-11D5-BEBF-00606733A9BE}\setup.exe"
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Riva FLV Player-->"C:\Program Files\Riva\Riva FLV Player\unins000.exe"
RollerCoaster Tycoon 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Rome - Total War-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype 3.2-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\SETUP.EXE" -l0x9
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Support 2005 Michigan-->C:\WINDOWS\uninst.exe -f"C:\Program Files\MarginSoft\Support 2005Mi\DeIsL1.isu" -c"C:\Program Files\MarginSoft\Support 2005Mi\_ISREG32.DLL"
Support 2007 Michigan-->"C:\Program Files\Marginsoft\Support 2007Mi\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WinASO Registry Optimizer 4.0-->"C:\Program Files\WinASO\Registry Optimizer 4.0\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WM Converter 2.0-->C:\Program Files\WM Converter\Uninstal.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

======Security center information======

AV: Authentium Antivirus
AV: avast! antivirus 4.8.1229 [VPS 081029-0]
AV: EarthLink Antivirus
FW: EarthLink Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\ADS;C:\Program Files\EarthLink\EarthLink Protection Control Center\Sana\Bin;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0304
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------



HJT Uninstall List

Sansa Media Converter
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
AoA Audio Extractor 1.0
Apple Software Update
Audacity 1.2.6
Authentium FW SDK
avast! Antivirus
CDDRV_Installer
Chutes and Ladders
Command & Conquer Generals
Counter-Strike 1.6
Creative MediaSource
Dell Media Experience
Dell Photo AIO Printer 922
Dell ResourceCD
EarthLink Software
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
FoxyTunes for Firefox
Frets On Fire
Google Earth
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB933547)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
KhalSetup
Logitech QuickCam Software
Logitech SetPoint
Logitech® Camera Driver
Mall Of America Tycoon
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Bootvis
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Tool Web Package : EXCTRLST.EXE
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.0.3)
MP3 Cutter 1.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
neroxml
NVIDIA Drivers
Opera 9.61
Picture Package Music Transfer
Polaroid Digital Cam
QuickTime
Rhapsody Player Engine
Riva FLV Player
RollerCoaster Tycoon 3
Rome - Total War
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Skype 3.2
Skype Plugin Manager
Sony Picture Utility
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Support 2005 Michigan
Support 2007 Michigan
System Requirements Lab
Update for Windows XP (KB920342)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB933360)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB943729)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
VCRedistSetup
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WinASO Registry Optimizer 4.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WM Converter 2.0
shadow6463
Active Member
 
Posts: 6
Joined: October 25th, 2008, 3:41 pm

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » October 30th, 2008, 3:32 pm

Hello,

I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall the following programs:
    EarthLink Software
    Authentium FW SDK

------------------------------------------------------------------------

I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.
It's preferable to install one of the suggested firewalls.

FREE FIREWALLS

Tutorial about Firewalls can be found here

------------------------------------------------------------------------

Registry Cleaners

I notice the presence of WinASO Registry Optimizer Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

------------------------------------------------------------------------

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: ElnkBhoGuard Class - {00000000-0000-0000-0000-000000000002} - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

------------------------------------------------------------------------

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log and a description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby shadow6463 » October 30th, 2008, 9:41 pm

I can't thank you enough for what your doing right now!!!!
Overall the compuer feels the same as before. I installed ZoneAlarm as my firewall. I'm thinking the spoty mouse and "dead zone" to the right of desktop are just general computer problems.

Note: I couldn't find "Authentium FW SDK" in Add/Remove programs and I couldn't find "R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)" when I ran HJT again.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 30, 2008 20:42:47
Records in database: 1362103
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 96604
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:54:28


File name / Threat name / Threats count
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X1LFZOFQ\msjdk[1].bin Infected: Trojan.Win32.Agent.agnu 1
C:\WINDOWS\system32\tmp0_834450166931.bk.old Infected: Trojan.Win32.DNSChanger.jdk 1
C:\WINDOWS\system32\udxfytw.sys Infected: Trojan.Win32.Agent.agec 1

The selected area was scanned.


----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:33 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4145442328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7823469687
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5449 bytes
shadow6463
Active Member
 
Posts: 6
Joined: October 25th, 2008, 3:41 pm

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » November 2nd, 2008, 1:52 pm

Hi,

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\WINDOWS\system32\tmp0_834450166931.bk.old
C:\WINDOWS\system32\udxfytw.sys


:commands
[emptytemp]
    

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Download and Install IE7

Please download IE7 from HERE. Save it to your desktop and double-click the program to install IE7.


Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.


Please post the following:
  • The OTMoveIt log
  • A fresh HijackThis log
  • Let me know if IE7 works after you download and install the program. Also tell me if there is any change in how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby shadow6463 » November 2nd, 2008, 6:41 pm

No I couldn't install IE7. I have IE Tab add-on for firefox if you need me to use IE. Didn't notice any change in computer behavior. Also, I fixed the screen and the mouse, so no worries there! I hope you had a happy halloween.

========== FILES ==========
C:\WINDOWS\system32\tmp0_834450166931.bk.old moved successfully.
C:\WINDOWS\system32\udxfytw.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SHARON~1\LOCALS~1\Temp\~DF27FF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1cc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01e33.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01e40.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0006\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sharon Clark\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_151435


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:48 PM, on 11/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Embarq TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4145442328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7823469687
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5118 bytes
shadow6463
Active Member
 
Posts: 6
Joined: October 25th, 2008, 3:41 pm

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » November 5th, 2008, 8:58 am

Hello,

Some files were scheduled to be deleted by OTMoveIt when you reboot your computer. If you have not done so already, please reboot your computer now.


Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.


The problems you are having with Internet Explorer are not due to malware, see below forums for general troubleshooting of computers, and post there for help.

http://forums.whatthetech.com/forums.html
http://www.techguy.org/
http://www.bleepingcomputer.com/forums/


This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please delete RSIT.exe from your computer.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Clean Up with OTMoveIt
  • Double click OTMoveIt3.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • When finished exit out of OTMoveIt
  • The tool will delete itself once it finishes, if not delete it by yourself.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once,and not on a regular basis


  • Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check Display content of system folders
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Continue to use a firewall with outbound protection
    The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

  • After you resolve the problems with Internet Explorer, Make It More Secure
    Please follow the recommendations at this SITE


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.

  • Malwarebytes' Anti-Malware
    Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.

  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK


  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby shadow6463 » November 5th, 2008, 6:28 pm

Thank you so much!!! Quick question: If I get WinPatrol and SpyBlaser, won't that violate the whole 1 firewall/1 antivirus program at a time thing?
shadow6463
Active Member
 
Posts: 6
Joined: October 25th, 2008, 3:41 pm

Re: IUSER_ADMIN? and other problems

Unread postby Carolyn » November 6th, 2008, 11:54 am

shadow6463 wrote:Thank you so much!!! Quick question: If I get WinPatrol and SpyBlaser, won't that violate the whole 1 firewall/1 antivirus program at a time thing?


I'm sorry... I somehow missed your reply. :oops:

That's a very good question. :) Every computer should have one anti-virus program with up-to-date definitions, a two-way firewall, at least one anti-malware program that offers real-time protection without installing a second anti-virus "engine", and a program that monitors for possible unwanted changes to the registry and startups. Think of it is a multi-layered defense. In a nut-shell, those recommended programs work differently than do firewalls and antivirus programs, so they do not violate the 1 firewall/1 antivirus rule.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: IUSER_ADMIN? and other problems

Unread postby NonSuch » November 14th, 2008, 11:21 pm

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware