Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Runtime error

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Runtime error

Unread postby goddaj » December 22nd, 2008, 1:21 pm

I am getting a Runtime error at startup and I need to fix it, the hijackthis log file is attached

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:12 PM, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\Mbord\winreg32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft.bat
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2324721593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\goddaj\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 15210 bytes
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm
Advertisement
Register to Remove

Re: Runtime error

Unread postby silver » January 1st, 2009, 2:56 am

Hi goddaj,

Please open this page in your browser:
http://www.bleepingcomputer.com/submit- ... channel=32

Fill in the link to topic field with a link to this topic
Copy/paste the following into the Browse to the file you want to submit field:
C:\WINDOWS\system32\Mbord\winreg32.exe
Then press Send File, this will upload the file for analysis

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
dir "C:\WINDOWS\system32\Mbord" /a /s >> results.txt 2>>&1
echo ----- >> results.txt 2>>&1
type "C:\Documents and Settings\All users\Start Menu\Programs\Startup\Microsoft.bat" >> results.txt 2>>&1
echo ----- >> results.txt 2>>&1
dir "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" /a >> results.txt 2>>&1
dir "C:\Program Files\McAfee\VirusScan\McShield.exe" /a >> results.txt 2>>&1
dir "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" /a >> results.txt 2>>&1
del %0

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

------------------------------------------------------------------------

Once complete, please post the results.txt output and both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 1st, 2009, 10:08 am

I am posting the file results as requested
Volume in drive C has no label.
Volume Serial Number is 60DE-FDBD

Directory of C:\WINDOWS\system32\Mbord

01/01/2009 10:00 AM <DIR> .
01/01/2009 10:00 AM <DIR> ..
10/06/2008 08:02 PM 7,761,920 alc.exe
10/06/2008 08:19 PM 95 autorun.bat
09/06/2008 12:36 AM 1,193 botnetop.conf
01/01/2009 10:00 AM 669 cycz.dll
31/12/2008 12:00 AM 669 cycz.dll~bak
19/11/2003 06:55 PM 15,360 cygminires.dll
30/07/2006 11:22 AM 1,875,110 cygwin1.dll
22/08/2005 07:03 PM 66,048 cygz.dll
01/01/2009 10:00 AM 778 cyuz.dll
31/12/2008 12:00 AM 778 cyuz.dll~bak
10/06/2008 05:13 PM 10,769 eggdrop.conf
13/06/2008 07:13 AM <DIR> filesys
09/06/2008 12:38 AM 3,699 gseen.conf
13/06/2008 07:20 AM <DIR> help
13/06/2008 07:20 AM <DIR> language
13/06/2008 07:14 AM <DIR> lib
11/08/2006 05:25 PM 626,176 libtcl8.4.dll
13/06/2008 07:22 AM <DIR> modules
07/08/2008 04:38 PM 5 pid.aadubau
30/12/2008 11:59 PM 5 pid.aaitnld
14/10/2008 10:47 PM 5 pid.adelmmc
19/10/2008 02:11 PM 4 pid.aelffsd
25/07/2008 09:01 AM 4 pid.aeougfk
25/08/2008 06:31 AM 5 pid.afatxlp
20/12/2008 07:28 PM 5 pid.afcwrmp
29/08/2008 04:36 PM 5 pid.afnaqii
11/10/2008 10:43 PM 5 pid.afsehaz
02/11/2008 07:01 PM 4 pid.aguhyay
25/07/2008 02:07 PM 5 pid.agwinif
16/12/2008 04:42 AM 5 pid.ahpbcth
28/10/2008 03:34 PM 4 pid.ailsfox
31/12/2008 06:09 PM 5 pid.altshrj
07/12/2008 08:20 PM 4 pid.amclygc
20/09/2008 07:50 PM 5 pid.amgnbbp
06/08/2008 10:52 PM 5 pid.anyzial
29/12/2008 07:04 AM 4 pid.aoseqap
29/10/2008 05:56 PM 5 pid.aovyjnn
25/06/2008 05:43 AM 5 pid.apgfqjt
15/06/2008 09:52 PM 4 pid.apvjblt
18/10/2008 08:05 AM 5 pid.apzsytq
12/09/2008 04:15 PM 5 pid.arschwc
17/11/2008 07:15 AM 4 pid.aseqqmt
22/08/2008 02:33 PM 5 pid.atlibey
18/09/2008 07:23 AM 5 pid.auohect
17/06/2008 07:46 AM 5 pid.auqlniw
19/12/2008 10:54 AM 4 pid.avmvooh
23/09/2008 02:50 PM 5 pid.awztsbp
29/06/2008 06:58 AM 4 pid.azjukso
15/06/2008 03:48 PM 5 pid.barggrz
22/10/2008 07:38 PM 4 pid.bhjetri
16/10/2008 08:30 PM 5 pid.bhnzqux
23/07/2008 11:36 AM 5 pid.bjpfkph
22/12/2008 02:20 AM 4 pid.bjwonbl
22/09/2008 07:01 AM 5 pid.bkolpmt
02/07/2008 12:37 PM 5 pid.bmmnwlz
22/12/2008 09:54 PM 4 pid.bniqsru
29/07/2008 07:03 PM 5 pid.bokfssy
07/06/2008 11:02 PM 5 pid.bot
14/12/2008 07:31 AM 4 pid.bqamsfp
17/12/2008 11:40 PM 4 pid.bqddimd
24/11/2008 11:46 PM 4 pid.bqltrfr
22/06/2008 08:31 PM 5 pid.bsglbzl
31/12/2008 09:07 PM 5 pid.bsinwlh
23/12/2008 08:59 AM 4 pid.bulsypg
21/10/2008 09:33 PM 4 pid.buraqxh
28/10/2008 09:28 AM 5 pid.buunyro
16/08/2008 08:08 PM 4 pid.bvxifzx
26/12/2008 08:55 AM 4 pid.bwlleub
09/08/2008 10:34 AM 5 pid.bwpacoy
19/09/2008 05:04 PM 5 pid.bxavaib
11/09/2008 04:48 PM 5 pid.bzjdvbh
13/11/2008 09:41 AM 4 pid.caaewic
21/08/2008 01:07 PM 5 pid.cbsxlcc
12/08/2008 06:54 PM 5 pid.cbyrkgq
15/12/2008 02:45 PM 5 pid.cgjbqry
03/08/2008 06:40 PM 5 pid.chuazcz
29/08/2008 04:42 PM 5 pid.ckutjvy
15/12/2008 05:20 PM 5 pid.ckzviri
19/10/2008 05:37 PM 5 pid.cmmxasg
25/07/2008 01:45 PM 5 pid.cmtvprh
08/08/2008 01:51 PM 5 pid.cnstjde
14/06/2008 08:46 PM 5 pid.cszgczx
17/12/2008 09:17 PM 4 pid.cufrfvt
02/11/2008 01:34 PM 4 pid.culnvck
15/09/2008 03:49 PM 5 pid.culyfee
20/11/2008 10:56 PM 4 pid.cvhddeq
02/11/2008 01:29 PM 4 pid.cvnuiry
14/08/2008 11:38 PM 4 pid.cvxkgje
17/11/2008 08:15 PM 4 pid.cwfwitw
25/07/2008 10:07 AM 4 pid.cwxrakf
06/08/2008 05:06 PM 5 pid.cxewghl
02/08/2008 10:48 PM 5 pid.cxgsnhc
20/07/2008 06:04 PM 5 pid.cyawcwc
30/07/2008 11:31 AM 5 pid.czkvloh
13/06/2008 06:11 PM 5 pid.dackfum
04/09/2008 01:20 PM 5 pid.daeoxft
30/09/2008 11:47 AM 5 pid.dbukjeu
22/08/2008 06:40 PM 5 pid.dcrlime
27/10/2008 10:35 AM 4 pid.dcuhqnv
24/09/2008 09:42 AM 5 pid.detdeex
13/06/2008 07:23 AM 5 pid.dhlapat
15/11/2008 11:15 AM 4 pid.dhzihzu
12/11/2008 09:40 AM 4 pid.diyunya
14/12/2008 10:52 PM 4 pid.djqvivk
20/12/2008 12:58 PM 4 pid.dksggxh
13/07/2008 02:09 PM 5 pid.dkwkkop
26/07/2008 07:59 AM 4 pid.dnavvie
08/11/2008 02:33 PM 4 pid.dotgzpe
15/12/2008 09:36 PM 5 pid.dovwjxp
27/10/2008 03:52 PM 5 pid.dtdgxmc
27/07/2008 10:12 PM 4 pid.dvshrwx
14/10/2008 12:00 PM 5 pid.dxbxhfx
11/09/2008 05:02 PM 5 pid.dxexdjv
18/09/2008 02:19 PM 5 pid.dxkvhqh
01/01/2009 09:35 AM 4 pid.dzbkwgz
21/08/2008 04:27 PM 5 pid.dzhtiqh
18/11/2008 10:52 PM 4 pid.ebabmbc
25/09/2008 03:25 PM 5 pid.ecfmeav
14/08/2008 10:21 AM 5 pid.ecvibjc
19/10/2008 08:02 PM 5 pid.edsyflv
09/12/2008 08:04 PM 5 pid.eeapqnh
30/11/2008 11:13 AM 4 pid.eelmdul
21/06/2008 08:21 PM 5 pid.ehimsdm
08/08/2008 10:47 PM 4 pid.ekffzey
03/11/2008 07:55 PM 5 pid.eoxetbu
25/07/2008 11:44 AM 5 pid.epvpbsk
15/08/2008 04:42 PM 5 pid.evrckzt
30/07/2008 11:45 AM 5 pid.exdlwom
30/12/2008 02:09 PM 4 pid.eycqwrh
19/10/2008 07:38 PM 4 pid.ezmgfpd
19/12/2008 08:08 AM 4 pid.favyqtz
02/12/2008 02:20 PM 4 pid.fbrzide
13/09/2008 08:57 AM 5 pid.ffzanom
23/08/2008 06:18 AM 5 pid.fhjrojj
20/11/2008 09:45 AM 4 pid.fibpqyk
24/10/2008 10:23 AM 4 pid.fjdnhjm
30/12/2008 07:54 PM 4 pid.fkfivtv
06/09/2008 07:03 PM 5 pid.fkkqeyj
12/12/2008 07:55 PM 4 pid.foavupi
06/11/2008 11:50 PM 4 pid.fodzery
06/08/2008 11:45 AM 5 pid.foeqcle
01/10/2008 12:19 PM 5 pid.foylvbf
02/11/2008 01:45 PM 4 pid.fqhhtqt
19/10/2008 11:21 AM 4 pid.frrewpc
02/11/2008 09:28 PM 5 pid.fspsvcf
15/09/2008 08:24 AM 5 pid.ftjycre
05/11/2008 01:27 AM 5 pid.fuqegkq
23/10/2008 09:52 PM 4 pid.fuugeph
14/09/2008 01:19 PM 5 pid.fuyxkvu
30/11/2008 02:42 PM 4 pid.fybyuwz
22/06/2008 06:39 AM 5 pid.fyjehvy
25/11/2008 10:19 AM 4 pid.fyyfxwo
17/12/2008 07:27 PM 4 pid.gaehcpc
24/06/2008 07:33 AM 5 pid.ganjzrk
27/11/2008 09:40 PM 5 pid.gaxtymk
09/08/2008 09:08 AM 5 pid.gbdvyzf
31/07/2008 08:41 AM 5 pid.gccqsgr
26/06/2008 05:38 AM 5 pid.gcpaqtx
04/09/2008 05:09 PM 5 pid.gfilycf
11/08/2008 03:48 PM 5 pid.ggjpxhg
01/08/2008 08:30 PM 5 pid.ggmxkbs
16/11/2008 06:41 PM 4 pid.giettst
14/12/2008 06:48 PM 4 pid.gikbgpr
05/11/2008 10:32 PM 5 pid.gjrcmef
20/12/2008 01:23 AM 5 pid.gkllaez
21/10/2008 08:53 PM 4 pid.gkmqwko
23/07/2008 10:28 AM 5 pid.gmgqnpn
04/09/2008 07:43 PM 5 pid.gogjatq
22/07/2008 08:05 PM 5 pid.goydwwi
15/06/2008 10:39 PM 5 pid.gpbibhb
07/08/2008 07:36 PM 5 pid.gpxjumd
03/08/2008 08:57 AM 5 pid.grdypxa
15/06/2008 07:48 PM 4 pid.grmpvjv
02/11/2008 02:45 PM 4 pid.gsxndsr
03/09/2008 07:25 AM 5 pid.gtgdkzb
21/09/2008 10:41 PM 5 pid.gtpndur
01/08/2008 12:28 PM 5 pid.gutzget
13/06/2008 04:21 PM 5 pid.guxbdwh
15/11/2008 02:51 PM 5 pid.gvvaeks
19/08/2008 06:49 PM 5 pid.gvzgxzs
09/11/2008 02:29 PM 5 pid.gwwdsof
25/07/2008 02:09 PM 4 pid.gxdgmgx
04/12/2008 04:07 PM 5 pid.hbgedhv
07/11/2008 07:39 PM 4 pid.hbocxhs
23/12/2008 04:43 AM 5 pid.hbygpsa
22/09/2008 07:00 PM 5 pid.hcssxjf
04/11/2008 12:16 PM 4 pid.hgpokof
25/07/2008 06:21 PM 4 pid.hgvwmba
01/10/2008 07:18 AM 5 pid.hixykmn
14/12/2008 10:49 PM 5 pid.hjplqla
08/09/2008 03:34 PM 5 pid.hkkzkdw
27/06/2008 03:15 PM 5 pid.hmabqkk
12/11/2008 07:10 PM 5 pid.hmqhppp
21/10/2008 09:54 PM 5 pid.hnxpzuw
03/07/2008 01:05 PM 5 pid.hodcscb
17/09/2008 02:24 PM 5 pid.hpfrfai
07/11/2008 08:10 PM 4 pid.hqrgphu
18/10/2008 11:07 PM 5 pid.hqszpsq
18/06/2008 06:33 PM 5 pid.hqyhabw
18/06/2008 07:21 AM 5 pid.hrhlhcm
17/12/2008 11:01 PM 4 pid.hsnnsmb
14/09/2008 02:15 PM 5 pid.htzfgdf
25/06/2008 12:34 PM 5 pid.hwtlhac
15/12/2008 09:46 PM 4 pid.hxrmfqb
23/10/2008 08:24 PM 4 pid.iaeufhu
27/12/2008 01:09 PM 4 pid.ibxtjol
08/11/2008 07:33 AM 5 pid.iczlern
17/06/2008 06:30 AM 5 pid.iczmdqk
24/06/2008 08:40 PM 5 pid.idekihm
24/09/2008 09:12 AM 5 pid.igyhxaj
04/12/2008 06:56 AM 4 pid.iiblbpb
11/09/2008 06:57 PM 5 pid.ikiaxkt
16/06/2008 06:51 PM 5 pid.ikzwxkc
23/08/2008 06:39 PM 5 pid.ilqhfpg
25/06/2008 09:48 PM 5 pid.intrtzw
28/12/2008 09:01 AM 4 pid.ipggsmf
10/07/2008 02:21 PM 5 pid.ipumlof
09/11/2008 05:00 PM 4 pid.irqccjq
10/09/2008 08:53 PM 5 pid.irrgjwe
02/08/2008 01:19 PM 5 pid.isbntyj
28/07/2008 08:19 PM 4 pid.itvlnqs
20/12/2008 11:30 PM 4 pid.itymvfq
27/07/2008 11:58 AM 5 pid.iuzghag
19/07/2008 04:08 PM 5 pid.ivmmuxf
16/11/2008 04:14 PM 4 pid.ivqwyqf
23/07/2008 08:14 AM 5 pid.iwaukge
29/08/2008 04:43 PM 5 pid.iwceyfb
07/12/2008 11:09 PM 4 pid.ixvwroa
11/08/2008 10:21 AM 5 pid.iypxpeb
17/06/2008 07:45 PM 5 pid.izkcwcr
08/08/2008 10:43 PM 5 pid.izmvycf
02/07/2008 06:02 AM 5 pid.jbkumda
11/08/2008 03:51 PM 5 pid.jcazcjd
04/12/2008 09:01 PM 4 pid.jcbmhzt
02/08/2008 10:01 AM 5 pid.jcseqhi
13/06/2008 07:18 AM 5 pid.jeodwus
11/10/2008 10:20 PM 5 pid.jfdvxpn
02/11/2008 02:05 PM 4 pid.jfmxirn
19/11/2008 06:25 PM 5 pid.jgdmqqj
08/11/2008 02:37 PM 4 pid.jhxnktu
22/07/2008 03:01 PM 5 pid.jjlwime
28/06/2008 07:26 AM 4 pid.jkflvdn
19/09/2008 08:22 AM 5 pid.jkieour
24/09/2008 04:52 PM 5 pid.jmzwtqh
18/09/2008 08:56 PM 5 pid.jobvovs
10/09/2008 09:21 AM 4 pid.joouxjj
20/12/2008 04:26 AM 5 pid.jouofsz
06/08/2008 11:06 PM 5 pid.jqnaaww
07/09/2008 01:20 PM 5 pid.jsxdkpi
19/12/2008 03:05 PM 5 pid.juetesf
25/07/2008 10:28 AM 5 pid.jvxccbx
16/12/2008 07:59 PM 4 pid.jvzucxa
06/11/2008 03:53 PM 5 pid.jwovwst
14/10/2008 11:12 PM 5 pid.jwyvseu
21/08/2008 04:29 PM 5 pid.jyawwga
20/12/2008 09:26 AM 5 pid.jyjxdgm
14/12/2008 01:45 PM 4 pid.jzdqklp
21/08/2008 08:11 AM 4 pid.kacglpx
04/12/2008 05:51 PM 4 pid.kaqorwz
22/07/2008 09:53 AM 5 pid.karaopi
18/12/2008 07:58 PM 4 pid.kdlrljk
03/12/2008 05:58 PM 4 pid.ketylih
09/08/2008 06:59 PM 5 pid.kgdpoof
28/07/2008 08:59 AM 4 pid.kicgpyt
19/10/2008 07:36 PM 4 pid.kmuwcrm
25/10/2008 12:30 PM 5 pid.komcdxp
08/11/2008 07:31 AM 4 pid.kooyfkg
31/12/2008 08:40 AM 4 pid.kpdidjm
27/11/2008 11:34 AM 4 pid.kperjwr
26/07/2008 09:21 AM 5 pid.kvgjsvg
24/12/2008 01:47 AM 4 pid.kwccigm
23/12/2008 12:58 PM 4 pid.kzjxmiu
11/12/2008 06:38 PM 5 pid.kztychp
06/08/2008 08:41 PM 5 pid.kzxzpnk
23/08/2008 05:30 PM 5 pid.laxklea
20/08/2008 09:21 AM 5 pid.lbgywim
27/12/2008 06:20 PM 4 pid.lchxgql
22/10/2008 08:48 PM 4 pid.lfhzzmw
23/11/2008 12:19 PM 5 pid.lhqwudl
14/09/2008 05:56 PM 5 pid.lhsadlb
02/11/2008 02:11 PM 4 pid.likiwdq
28/12/2008 11:07 PM 4 pid.liusxcu
09/11/2008 01:04 PM 4 pid.llrnijd
01/07/2008 04:58 PM 5 pid.loaytjq
26/08/2008 02:49 PM 5 pid.locxwip
27/08/2008 09:04 AM 5 pid.loiikqq
31/07/2008 02:55 PM 5 pid.lpicmrs
11/11/2008 11:48 PM 4 pid.lqbsxif
31/08/2008 08:29 AM 5 pid.lqcqykc
20/09/2008 03:01 PM 5 pid.lrgjfld
09/08/2008 08:36 PM 5 pid.lrrncsa
10/08/2008 09:58 AM 5 pid.lsiyfqc
28/07/2008 02:45 PM 5 pid.lstvbsc
21/10/2008 10:04 PM 5 pid.ltamchg
08/11/2008 09:37 AM 4 pid.luaxtpz
19/08/2008 09:20 AM 5 pid.luouufu
31/08/2008 10:14 PM 5 pid.lwnjjvj
04/08/2008 09:11 AM 5 pid.lwptttb
27/12/2008 05:23 PM 4 pid.lyrehge
21/10/2008 04:27 PM 4 pid.lyrzhzr
11/10/2008 04:25 PM 4 pid.lzbknqq
28/08/2008 12:51 PM 5 pid.lzsghky
22/12/2008 11:59 PM 4 pid.mbcsttk
25/07/2008 10:21 AM 5 pid.mbywsty
15/06/2008 12:42 PM 5 pid.mcbfscu
17/09/2008 09:18 PM 5 pid.mcwnjsy
05/12/2008 08:05 PM 4 pid.mexhgse
25/07/2008 05:45 PM 4 pid.mibdplh
22/09/2008 09:39 PM 5 pid.miphcnm
16/12/2008 08:50 AM 4 pid.mjcxkjy
16/08/2008 11:37 AM 5 pid.mjsegjw
30/08/2008 08:28 AM 5 pid.mkttdxf
27/07/2008 01:33 PM 4 pid.mldhhad
30/10/2008 03:11 PM 4 pid.mmlmmtd
29/10/2008 08:37 AM 5 pid.mnjurcn
01/12/2008 08:41 PM 4 pid.mnubwnf
06/08/2008 11:36 PM 5 pid.mquwuhv
08/11/2008 02:41 PM 5 pid.mqvowai
09/09/2008 07:29 PM 5 pid.mranvmx
18/09/2008 10:45 AM 5 pid.mrqkquj
07/08/2008 09:51 PM 4 pid.mshrsmb
08/09/2008 07:29 AM 5 pid.msjidvv
08/12/2008 07:19 PM 5 pid.mvdsmst
23/12/2008 02:08 PM 4 pid.mwfdwaw
30/06/2008 06:41 AM 5 pid.mxewxfl
30/08/2008 06:20 PM 5 pid.myaalrh
16/12/2008 12:47 PM 4 pid.mzaixsg
22/12/2008 12:18 PM 4 pid.nbribql
25/11/2008 10:41 PM 4 pid.ncuhddb
21/06/2008 11:47 AM 5 pid.ncxstwe
18/07/2008 04:49 PM 5 pid.nhdaqvd
28/12/2008 04:28 AM 5 pid.nknrnxq
03/09/2008 08:24 PM 5 pid.nkxuqwp
04/09/2008 09:22 AM 5 pid.nmiulqu
01/08/2008 08:57 PM 5 pid.nnfbzoz
07/08/2008 04:31 PM 5 pid.nngwfdi
25/08/2008 06:33 AM 5 pid.nnvkcxd
18/08/2008 07:07 PM 5 pid.nofzxtz
21/10/2008 07:08 AM 4 pid.npgvpar
24/06/2008 05:41 AM 5 pid.npheybk
07/11/2008 07:30 PM 4 pid.nplqqub
19/11/2008 09:44 PM 4 pid.npnsavu
18/09/2008 04:55 PM 5 pid.npslcdn
06/12/2008 04:37 PM 5 pid.npusrsk
24/06/2008 03:30 PM 5 pid.npxmkty
11/09/2008 10:30 AM 4 pid.nqnnteg
21/06/2008 08:37 PM 5 pid.nqwcsxf
24/09/2008 06:52 PM 5 pid.nrkhjoj
24/11/2008 12:12 PM 4 pid.ntpxdwr
20/09/2008 08:46 AM 5 pid.ntuvvhj
28/08/2008 03:38 PM 5 pid.ntvpncq
22/06/2008 12:28 PM 5 pid.nutbqpn
14/11/2008 08:18 PM 4 pid.nwddyvd
14/12/2008 09:40 PM 4 pid.nwhnovs
05/08/2008 06:31 PM 5 pid.nwioakd
13/12/2008 10:08 PM 4 pid.nxtkzup
19/06/2008 07:43 PM 5 pid.nzdiuws
24/07/2008 11:19 PM 5 pid.oalwkii
02/07/2008 09:23 PM 5 pid.oazyzwc
23/11/2008 10:53 PM 4 pid.ochpaal
21/07/2008 10:13 AM 5 pid.oewesfb
29/07/2008 06:15 AM 5 pid.ogvajwj
19/12/2008 05:57 PM 4 pid.ohbesys
17/11/2008 07:13 AM 4 pid.ojkkurt
20/07/2008 09:09 AM 4 pid.okejzcm
29/12/2008 07:28 PM 5 pid.okiwcmd
19/11/2008 02:30 PM 4 pid.olxeuiv
23/06/2008 05:48 AM 5 pid.onyszzg
21/10/2008 09:22 PM 5 pid.oqbglpp
20/11/2008 08:44 AM 4 pid.ordkwxs
26/12/2008 02:07 PM 4 pid.osfpaff
22/12/2008 08:56 PM 4 pid.oskzzac
18/11/2008 03:40 PM 4 pid.osmcpxq
15/11/2008 10:48 PM 4 pid.oujelpy
20/06/2008 07:01 AM 5 pid.ovdnbil
07/08/2008 03:45 PM 5 pid.ovkktso
19/11/2008 02:33 PM 5 pid.owtmfxo
19/09/2008 08:43 PM 5 pid.oykeetc
19/12/2008 10:46 AM 5 pid.panbtty
17/10/2008 03:02 PM 4 pid.pbxbhhx
18/08/2008 08:35 AM 5 pid.pcaowbq
25/07/2008 01:47 PM 5 pid.pdhsheb
19/10/2008 12:05 PM 5 pid.pdxbbzd
30/10/2008 05:28 PM 5 pid.pejwvck
08/11/2008 10:48 PM 5 pid.pexdikp
08/08/2008 05:21 PM 5 pid.pfbuihu
20/12/2008 02:31 PM 4 pid.phgysfj
11/11/2008 02:33 PM 4 pid.piyquui
21/10/2008 10:16 PM 5 pid.plcqrur
27/10/2008 03:12 PM 5 pid.pmdxqfz
28/08/2008 07:19 PM 5 pid.pnnbtjz
13/09/2008 07:46 PM 5 pid.pnzfakv
18/08/2008 02:27 PM 5 pid.powifyu
30/07/2008 10:06 PM 5 pid.ppfwzxf
22/10/2008 09:13 PM 4 pid.prhhxop
21/12/2008 09:19 PM 5 pid.prokdzc
03/11/2008 01:21 PM 5 pid.prwdsfn
31/07/2008 11:27 PM 5 pid.psahuio
16/06/2008 07:46 PM 5 pid.psamiph
15/12/2008 07:40 AM 4 pid.psmnddm
18/06/2008 11:28 AM 5 pid.ptmrqvy
07/08/2008 04:09 PM 5 pid.ptuqtyz
30/12/2008 09:49 AM 4 pid.ptvhytl
02/12/2008 05:01 PM 4 pid.pxtdjce
07/12/2008 08:14 PM 5 pid.pzbjprn
19/10/2008 05:42 PM 5 pid.qbnhsqi
18/10/2008 12:49 PM 5 pid.qbwwcgq
08/08/2008 11:57 PM 5 pid.qfqmgjb
25/09/2008 06:41 AM 5 pid.qgcubeg
02/07/2008 09:15 PM 5 pid.qhkqnzy
15/12/2008 05:44 AM 4 pid.qhwbzaq
13/11/2008 03:28 PM 4 pid.qidauul
21/07/2008 07:41 AM 5 pid.qikhcgm
19/10/2008 10:52 AM 4 pid.qikvuxc
15/10/2008 10:45 AM 4 pid.qjfwqve
01/12/2008 12:13 PM 4 pid.qjngozx
21/12/2008 10:44 AM 5 pid.qnbcoir
27/11/2008 06:44 AM 4 pid.qodtcls
20/11/2008 05:08 PM 4 pid.qqggoec
14/09/2008 04:59 PM 5 pid.qszawjr
31/08/2008 06:32 PM 5 pid.quolazx
01/09/2008 07:37 AM 5 pid.qupvfuf
28/08/2008 08:20 AM 5 pid.qvtngkz
26/06/2008 03:29 PM 5 pid.qyrhhbn
13/10/2008 09:19 PM 4 pid.qytwzvm
28/06/2008 02:32 PM 5 pid.qznnybz
08/11/2008 02:43 PM 4 pid.raenaaw
27/11/2008 12:27 PM 5 pid.rbafogv
31/12/2008 08:38 AM 4 pid.rbmcclj
05/11/2008 01:29 AM 5 pid.rcrgbhs
16/10/2008 12:10 PM 5 pid.rdqxjdf
04/12/2008 10:17 AM 4 pid.reowsom
28/11/2008 05:27 PM 5 pid.rfxqngq
10/12/2008 12:14 PM 5 pid.rghrmts
11/08/2008 04:59 PM 4 pid.rippnds
01/11/2008 08:48 PM 5 pid.rjhmvav
08/08/2008 11:13 AM 4 pid.rkobldw
04/08/2008 05:52 PM 5 pid.roggazu
27/12/2008 03:21 PM 4 pid.rpuptcs
22/10/2008 07:12 PM 5 pid.rrfgzyp
27/07/2008 07:20 AM 4 pid.rsadfch
03/07/2008 06:21 AM 5 pid.rsfoopu
29/12/2008 04:35 PM 4 pid.rudkyhd
17/09/2008 08:17 PM 5 pid.rutdbvr
20/08/2008 11:10 AM 5 pid.rvibslp
22/06/2008 07:47 AM 5 pid.rvsqxam
06/11/2008 06:24 PM 4 pid.rxouric
20/10/2008 08:54 PM 4 pid.scegbra
17/12/2008 09:15 PM 5 pid.seduyyz
20/10/2008 04:53 PM 4 pid.sfwmrdm
19/11/2008 09:19 PM 4 pid.sgdwiiu
16/12/2008 04:33 PM 4 pid.shsbzzm
29/07/2008 06:51 PM 4 pid.sjcnfuq
31/12/2008 03:00 PM 4 pid.sjirsvt
07/08/2008 11:35 PM 5 pid.skdruaq
30/07/2008 11:09 AM 5 pid.skduirw
18/11/2008 10:54 PM 4 pid.slveeue
18/12/2008 03:46 PM 5 pid.smeibpw
17/08/2008 12:12 PM 5 pid.smrwbyv
23/09/2008 08:23 PM 5 pid.snhpmlf
15/10/2008 04:04 PM 5 pid.sobvapv
22/10/2008 09:01 PM 4 pid.spqjdzi
14/10/2008 08:12 AM 5 pid.sqbfvfg
21/07/2008 01:50 PM 5 pid.svarnvg
13/08/2008 06:25 AM 5 pid.swmxtan
11/12/2008 09:02 PM 4 pid.swshgxq
14/09/2008 08:10 PM 5 pid.swvyspt
21/09/2008 11:33 PM 5 pid.sxxrqji
29/11/2008 07:33 PM 5 pid.sygxfow
17/08/2008 05:08 AM 5 pid.synilve
17/06/2008 09:25 PM 5 pid.tckrwzf
11/08/2008 10:31 PM 5 pid.tfhggkh
24/12/2008 09:24 PM 5 pid.tflgbgb
12/09/2008 01:12 PM 5 pid.thkcxhz
09/09/2008 03:21 PM 5 pid.thsqbrd
24/08/2008 06:35 PM 5 pid.tiohgtu
01/09/2008 08:46 PM 5 pid.tizovab
22/07/2008 08:08 AM 5 pid.tkhhqmb
14/09/2008 10:14 AM 5 pid.tneqhvx
15/06/2008 01:10 PM 5 pid.tpbrjug
21/07/2008 05:51 PM 5 pid.tpmizfk
01/11/2008 08:50 AM 4 pid.trefrdh
15/11/2008 04:48 PM 4 pid.ttulhat
11/08/2008 08:05 PM 5 pid.tvoftfx
19/06/2008 11:10 PM 5 pid.tweddjm
15/06/2008 02:40 PM 5 pid.twubqmu
10/07/2008 03:32 PM 5 pid.txinvpb
08/08/2008 11:45 AM 4 pid.txmykfq
05/09/2008 03:46 PM 5 pid.txyjucx
07/08/2008 08:48 AM 5 pid.uatpuiu
07/08/2008 02:09 PM 5 pid.ubeecmh
23/10/2008 07:24 AM 4 pid.ublgpwe
30/12/2008 06:28 AM 5 pid.ubwioam
16/12/2008 11:06 PM 5 pid.udaeopz
24/07/2008 07:55 AM 4 pid.udzctuf
24/07/2008 06:44 PM 5 pid.uejoehx
06/09/2008 08:50 AM 5 pid.uklgmkp
26/12/2008 05:40 PM 4 pid.ukpinra
01/08/2008 08:58 AM 5 pid.uktzqcf
01/06/2008 01:59 PM 5 pid.umateof
16/08/2008 05:47 PM 5 pid.umrcegw
02/09/2008 03:04 PM 5 pid.uniirqc
09/09/2008 10:19 AM 5 pid.unxxscm
24/10/2008 04:23 PM 4 pid.upaitrw
30/11/2008 09:36 AM 5 pid.upmdxxk
07/09/2008 11:10 AM 5 pid.usemcmn
10/07/2008 12:24 AM 5 pid.usppqxc
11/08/2008 08:01 AM 5 pid.utdvsbp
17/06/2008 04:15 PM 5 pid.uvlqatu
08/11/2008 02:21 PM 5 pid.uvsxvny
16/12/2008 12:27 AM 5 pid.uvvngli
17/12/2008 08:11 PM 5 pid.uwjyiuj
19/12/2008 06:14 PM 4 pid.uzikvci
25/10/2008 02:48 PM 4 pid.vaeikna
06/12/2008 07:35 AM 4 pid.valhxoi
27/06/2008 06:09 AM 5 pid.vbwzcil
26/12/2008 02:06 PM 4 pid.vddvcsn
27/12/2008 04:52 PM 4 pid.vheemlw
27/12/2008 03:23 PM 4 pid.vibszgy
19/07/2008 04:38 PM 5 pid.vidfbck
13/08/2008 04:11 PM 5 pid.vipgiij
12/08/2008 04:49 PM 5 pid.vjylspl
28/11/2008 06:16 AM 4 pid.vkfvugj
08/11/2008 05:57 PM 5 pid.vkgcmni
31/12/2008 12:58 AM 5 pid.vlndfgl
21/12/2008 06:25 PM 4 pid.vntmgin
20/08/2008 01:26 PM 4 pid.vpliici
20/11/2008 05:26 PM 4 pid.vtuebay
04/09/2008 07:41 PM 5 pid.vtwccrs
23/07/2008 03:36 PM 5 pid.vtydpcv
27/08/2008 01:36 PM 5 pid.vuawzlp
15/11/2008 07:47 PM 4 pid.vufjhul
19/06/2008 03:28 PM 5 pid.vvoojkc
19/12/2008 12:34 PM 4 pid.vwgjocx
14/10/2008 10:10 PM 5 pid.vwjzyyv
23/06/2008 03:51 PM 5 pid.vwwavda
01/08/2008 09:29 PM 5 pid.vxsxihw
28/10/2008 04:27 PM 4 pid.vyduihp
25/12/2008 05:04 PM 4 pid.vysyxkg
13/10/2008 04:32 PM 4 pid.waeumwe
02/07/2008 05:44 PM 5 pid.waskecd
21/09/2008 01:00 PM 5 pid.wbozkpq
10/11/2008 08:13 PM 4 pid.wbyzkme
25/09/2008 10:49 AM 5 pid.wccejmz
16/09/2008 11:59 AM 5 pid.wcduoct
15/09/2008 08:50 PM 5 pid.wcjuiwh
17/06/2008 04:02 PM 5 pid.wevsuxh
18/11/2008 01:53 PM 5 pid.whaivmt
31/10/2008 12:26 PM 4 pid.whnmvxc
08/11/2008 02:25 PM 4 pid.wiiwztd
27/08/2008 08:21 PM 5 pid.winfwrn
25/08/2008 12:28 PM 5 pid.wiompwv
17/10/2008 06:59 PM 5 pid.wkfcgzz
16/09/2008 03:32 PM 5 pid.wkuasvz
28/12/2008 02:06 PM 4 pid.wllwgtw
02/08/2008 06:33 AM 5 pid.wmjtkcp
05/09/2008 10:32 AM 5 pid.wnolywy
20/12/2008 12:26 PM 4 pid.wnyumpv
20/11/2008 03:31 PM 4 pid.wofgoyj
22/06/2008 06:26 AM 5 pid.wqskupm
18/11/2008 12:06 AM 4 pid.wqzmrkm
26/07/2008 02:56 PM 5 pid.wrjzrjs
08/08/2008 05:37 PM 5 pid.wrpkprd
12/08/2008 09:14 AM 4 pid.wtlstjr
27/12/2008 06:21 PM 4 pid.wtnkhoo
20/11/2008 10:03 PM 4 pid.wttshur
10/07/2008 03:02 PM 5 pid.wuyiphn
21/10/2008 09:44 PM 5 pid.wvpoayo
25/07/2008 08:49 AM 5 pid.wvwgctm
28/12/2008 09:14 PM 4 pid.wyhdnpc
19/11/2008 09:38 PM 5 pid.wyjemcb
14/09/2008 09:39 AM 5 pid.xccqqsj
13/08/2008 08:42 PM 5 pid.xcnobaq
26/12/2008 03:57 PM 4 pid.xdtulbn
08/08/2008 10:51 PM 5 pid.xgcwmso
28/08/2008 08:14 AM 5 pid.xgmgnlr
04/08/2008 10:15 PM 5 pid.xhnezje
11/10/2008 04:26 PM 5 pid.ximtnkm
18/08/2008 01:45 PM 5 pid.xipstch
02/11/2008 11:24 PM 4 pid.xjuhcym
24/10/2008 07:24 PM 4 pid.xjympch
12/10/2008 02:40 PM 5 pid.xmhpcfy
15/10/2008 07:31 PM 4 pid.xmwnhfw
14/06/2008 11:19 PM 5 pid.xniemef
02/11/2008 03:17 PM 4 pid.xnriyoe
08/12/2008 07:25 PM 4 pid.xogpais
19/06/2008 08:02 AM 5 pid.xosuqru
08/08/2008 11:50 PM 4 pid.xpafacb
14/06/2008 09:11 AM 5 pid.xqbrdyz
15/08/2008 09:45 AM 5 pid.xrfccic
12/08/2008 12:08 PM 5 pid.xtksdnh
10/09/2008 05:37 PM 5 pid.xvedcdk
29/08/2008 08:17 AM 5 pid.xxnpyzh
06/12/2008 10:17 PM 4 pid.xywnwan
10/12/2008 07:36 PM 4 pid.xzjxamw
29/12/2008 03:03 PM 5 pid.ybppnnw
19/10/2008 10:13 PM 4 pid.ybtlksn
22/10/2008 08:33 PM 4 pid.ydrcoes
12/09/2008 11:06 AM 5 pid.ydxhwen
05/08/2008 01:30 PM 5 pid.yephzhu
19/06/2008 03:30 PM 5 pid.yesecod
04/11/2008 12:12 PM 4 pid.yfrjpik
20/06/2008 03:28 PM 5 pid.yfzhdpw
02/12/2008 09:34 PM 4 pid.yhpqzri
28/10/2008 07:15 AM 5 pid.yjgvqgu
24/11/2008 09:52 PM 4 pid.ylofykj
24/12/2008 01:45 AM 5 pid.ylvgzlz
13/10/2008 08:04 AM 5 pid.ymfpbyo
09/12/2008 08:59 PM 4 pid.ymptbos
31/10/2008 11:28 AM 4 pid.ynnqmkh
29/11/2008 12:11 PM 5 pid.yrzzbop
03/11/2008 04:13 PM 4 pid.yslrvyi
30/11/2008 02:45 PM 5 pid.ysqlvlq
30/12/2008 11:58 PM 4 pid.ysqlybg
11/10/2008 04:40 PM 5 pid.ytqlxqn
19/10/2008 07:40 PM 5 pid.yualqio
14/10/2008 04:35 PM 4 pid.yvbcxne
20/11/2008 08:24 PM 4 pid.ywjcrbh
11/07/2008 05:23 AM 4 pid.zbkcvlj
12/11/2008 09:58 PM 5 pid.zcvslsx
22/10/2008 08:53 PM 5 pid.zcxtbwu
26/07/2008 09:02 PM 5 pid.zdypqai
09/09/2008 09:44 PM 5 pid.zejtmmk
01/09/2008 08:24 PM 5 pid.zfhcwoo
15/06/2008 12:11 PM 5 pid.zfomprk
22/10/2008 09:19 PM 4 pid.zftwxrz
28/12/2008 10:17 AM 4 pid.zhfjxxh
19/12/2008 03:28 PM 4 pid.zhoeyof
13/10/2008 01:01 PM 5 pid.zkexavp
28/08/2008 08:58 AM 5 pid.zltwami
16/11/2008 06:02 AM 4 pid.zngrabg
23/07/2008 12:48 PM 5 pid.zorfpmq
21/12/2008 12:11 PM 5 pid.zsabbiz
16/06/2008 02:45 PM 5 pid.zsaylik
28/12/2008 04:21 PM 4 pid.zsufmig
24/08/2008 04:33 PM 5 pid.zuocwba
23/07/2008 01:01 PM 5 pid.zuqcvnw
19/06/2008 06:17 AM 5 pid.zuvvuug
28/12/2008 08:24 PM 4 pid.zvcvkcm
31/10/2008 11:29 AM 5 pid.zwwrupm
27/12/2008 05:27 AM 4 pid.zxtvqrm
27/12/2008 08:56 PM 4 pid.zyggnmx
29/07/2008 07:15 PM 5 pid.zzxcrxr
13/06/2008 07:20 AM <DIR> scripts
09/06/2008 12:40 AM 7,372 stats.conf
13/06/2008 07:20 AM <DIR> text
31/12/2008 09:07 PM <DIR> tmp
11/08/2006 05:11 PM 324,096 winreg32.exe
10/06/2008 03:23 PM 1,075 xaut.dll
641 File(s) 10,698,703 bytes

Directory of C:\WINDOWS\system32\Mbord\filesys

13/06/2008 07:13 AM <DIR> .
13/06/2008 07:13 AM <DIR> ..
13/06/2008 07:13 AM <DIR> incoming
0 File(s) 0 bytes

Directory of C:\WINDOWS\system32\Mbord\filesys\incoming

13/06/2008 07:13 AM <DIR> .
13/06/2008 07:13 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\WINDOWS\system32\Mbord\help

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 941 assoc.help
11/08/2006 05:11 PM 11,317 chaninfo.help
11/08/2006 05:11 PM 13,723 channels.help
11/08/2006 05:11 PM 14,086 cmds1.help
11/08/2006 05:11 PM 20,081 cmds2.help
11/08/2006 05:11 PM 808 cmd_resolve.help
11/08/2006 05:11 PM 403 compress.help
11/08/2006 05:11 PM 565 console.help
11/08/2006 05:11 PM 7,630 core.help
11/08/2006 05:11 PM 351 ctcp.help
11/08/2006 05:11 PM 7,313 filesys.help
11/08/2006 05:11 PM 9,478 irc.help
13/06/2008 07:20 AM <DIR> msg
11/08/2006 05:11 PM 3,048 notes.help
11/08/2006 05:11 PM 452 seen.help
11/08/2006 05:11 PM 2,500 server.help
13/06/2008 07:20 AM <DIR> set
11/08/2006 05:11 PM 1,915 share.help
11/08/2006 05:11 PM 2,533 stats.help
11/08/2006 05:11 PM 352 transfer.help
11/08/2006 05:11 PM 665 uptime.help
11/08/2006 05:11 PM 4,979 userinfo.help
11/08/2006 05:11 PM 191 wire.help
21 File(s) 103,331 bytes

Directory of C:\WINDOWS\system32\Mbord\help\msg

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 3,626 irc.help
11/08/2006 05:11 PM 685 notes.help
11/08/2006 05:11 PM 197 seen.help
11/08/2006 05:11 PM 1,787 userinfo.help
4 File(s) 6,295 bytes

Directory of C:\WINDOWS\system32\Mbord\help\set

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 421 channels.help
11/08/2006 05:11 PM 11,411 cmds1.help
11/08/2006 05:11 PM 367 compress.help
11/08/2006 05:11 PM 534 console.help
11/08/2006 05:11 PM 1,188 ctcp.help
11/08/2006 05:11 PM 2,327 filesys.help
11/08/2006 05:11 PM 3,217 irc.help
11/08/2006 05:11 PM 1,040 notes.help
11/08/2006 05:11 PM 8,564 server.help
11/08/2006 05:11 PM 1,698 share.help
11/08/2006 05:11 PM 4,889 stats.help
11/08/2006 05:11 PM 1,584 transfer.help
12 File(s) 37,240 bytes

Directory of C:\WINDOWS\system32\Mbord\language

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 811 assoc.danish.lang
11/08/2006 05:11 PM 807 assoc.english.lang
11/08/2006 05:11 PM 822 assoc.finnish.lang
11/08/2006 05:11 PM 877 assoc.french.lang
11/08/2006 05:11 PM 889 assoc.german.lang
11/08/2006 05:11 PM 341 console.danish.lang
11/08/2006 05:11 PM 341 console.english.lang
11/08/2006 05:11 PM 351 console.finnish.lang
11/08/2006 05:11 PM 396 console.french.lang
11/08/2006 05:11 PM 375 console.german.lang
11/08/2006 05:11 PM 14,068 core.danish.lang
11/08/2006 05:11 PM 13,510 core.english.lang
11/08/2006 05:11 PM 14,609 core.finnish.lang
11/08/2006 05:11 PM 15,854 core.french.lang
11/08/2006 05:11 PM 17,120 core.german.lang
11/08/2006 05:11 PM 1,876 filesys.danish.lang
11/08/2006 05:11 PM 1,825 filesys.english.lang
11/08/2006 05:11 PM 1,901 filesys.finnish.lang
11/08/2006 05:11 PM 2,219 filesys.french.lang
11/08/2006 05:11 PM 2,132 filesys.german.lang
25/10/2002 11:18 PM 6,380 gseen.de.lang
25/10/2002 11:18 PM 5,374 gseen.en.lang
11/08/2006 05:11 PM 1,826 notes.danish.lang
11/08/2006 05:11 PM 1,653 notes.english.lang
11/08/2006 05:11 PM 1,823 notes.finnish.lang
11/08/2006 05:11 PM 1,945 notes.french.lang
11/08/2006 05:11 PM 2,016 notes.german.lang
26/10/2002 11:48 AM 9,566 stats.ger.lang
26/10/2002 11:48 AM 8,657 stats.lang
11/08/2006 05:11 PM 2,741 transfer.danish.lang
11/08/2006 05:11 PM 2,628 transfer.english.lang
11/08/2006 05:11 PM 2,806 transfer.finnish.lang
11/08/2006 05:11 PM 3,071 transfer.french.lang
11/08/2006 05:11 PM 2,889 transfer.german.lang
11/08/2006 05:11 PM 574 wire.danish.lang
11/08/2006 05:11 PM 474 wire.english.lang
11/08/2006 05:11 PM 461 wire.finnish.lang
11/08/2006 05:11 PM 623 wire.french.lang
11/08/2006 05:11 PM 671 wire.german.lang
39 File(s) 147,302 bytes

Directory of C:\WINDOWS\system32\Mbord\lib

13/06/2008 07:14 AM <DIR> .
13/06/2008 07:14 AM <DIR> ..
13/06/2008 07:20 AM <DIR> tcl8.4
0 File(s) 0 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 20,911 auto.tcl
13/06/2008 07:20 AM <DIR> encoding
11/08/2006 04:53 AM 9,030 history.tcl
13/06/2008 07:20 AM <DIR> http1.0
13/06/2008 07:20 AM <DIR> http2.5
11/08/2006 04:53 AM 22,845 init.tcl
11/08/2006 04:53 AM 2,856 ldAix
11/08/2006 04:53 AM 6,802 ldAout.tcl
13/06/2008 07:20 AM <DIR> msgcat1.3
13/06/2008 07:20 AM <DIR> opt0.4
11/08/2006 04:53 AM 23,894 package.tcl
11/08/2006 04:53 AM 882 parray.tcl
11/08/2006 04:53 AM 27,659 safe.tcl
11/08/2006 04:53 AM 4,864 tclAppInit.c
11/08/2006 04:53 AM 6,097 tclIndex
13/06/2008 07:20 AM <DIR> tcltest2.2
11/08/2006 04:53 AM 4,335 word.tcl
11 File(s) 130,175 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\encoding

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 1,090 ascii.enc
11/08/2006 04:53 AM 92,873 big5.enc
11/08/2006 04:53 AM 1,091 cp1250.enc
11/08/2006 04:53 AM 1,091 cp1251.enc
11/08/2006 04:53 AM 1,091 cp1252.enc
11/08/2006 04:53 AM 1,091 cp1253.enc
11/08/2006 04:53 AM 1,091 cp1254.enc
11/08/2006 04:53 AM 1,091 cp1255.enc
11/08/2006 04:53 AM 1,091 cp1256.enc
11/08/2006 04:53 AM 1,091 cp1257.enc
11/08/2006 04:53 AM 1,091 cp1258.enc
11/08/2006 04:53 AM 1,090 cp437.enc
11/08/2006 04:53 AM 1,090 cp737.enc
11/08/2006 04:53 AM 1,090 cp775.enc
11/08/2006 04:53 AM 1,090 cp850.enc
11/08/2006 04:53 AM 1,090 cp852.enc
11/08/2006 04:53 AM 1,090 cp855.enc
11/08/2006 04:53 AM 1,090 cp857.enc
11/08/2006 04:53 AM 1,090 cp860.enc
11/08/2006 04:53 AM 1,090 cp861.enc
11/08/2006 04:53 AM 1,090 cp862.enc
11/08/2006 04:53 AM 1,090 cp863.enc
11/08/2006 04:53 AM 1,090 cp864.enc
11/08/2006 04:53 AM 1,090 cp865.enc
11/08/2006 04:53 AM 1,090 cp866.enc
11/08/2006 04:53 AM 1,090 cp869.enc
11/08/2006 04:53 AM 1,090 cp874.enc
11/08/2006 04:53 AM 48,207 cp932.enc
11/08/2006 04:53 AM 132,509 cp936.enc
11/08/2006 04:53 AM 130,423 cp949.enc
11/08/2006 04:53 AM 91,831 cp950.enc
11/08/2006 04:53 AM 1,093 dingbats.enc
11/08/2006 04:53 AM 1,054 ebcdic.enc
11/08/2006 04:53 AM 85,574 euc-cn.enc
11/08/2006 04:53 AM 82,537 euc-jp.enc
11/08/2006 04:53 AM 93,918 euc-kr.enc
11/08/2006 04:53 AM 86,619 gb12345.enc
11/08/2006 04:53 AM 1,091 gb1988.enc
11/08/2006 04:53 AM 84,532 gb2312-raw.enc
11/08/2006 04:53 AM 85,574 gb2312.enc
11/08/2006 04:53 AM 192 iso2022-jp.enc
11/08/2006 04:53 AM 115 iso2022-kr.enc
11/08/2006 04:53 AM 226 iso2022.enc
11/08/2006 04:53 AM 1,094 iso8859-1.enc
11/08/2006 04:53 AM 1,095 iso8859-10.enc
11/08/2006 04:53 AM 1,095 iso8859-13.enc
11/08/2006 04:53 AM 1,095 iso8859-14.enc
11/08/2006 04:53 AM 1,095 iso8859-15.enc
11/08/2006 04:53 AM 1,095 iso8859-16.enc
11/08/2006 04:53 AM 1,094 iso8859-2.enc
11/08/2006 04:53 AM 1,094 iso8859-3.enc
11/08/2006 04:53 AM 1,094 iso8859-4.enc
11/08/2006 04:53 AM 1,094 iso8859-5.enc
11/08/2006 04:53 AM 1,094 iso8859-6.enc
11/08/2006 04:53 AM 1,094 iso8859-7.enc
11/08/2006 04:53 AM 1,094 iso8859-8.enc
11/08/2006 04:53 AM 1,094 iso8859-9.enc
11/08/2006 04:53 AM 1,092 jis0201.enc
11/08/2006 04:53 AM 80,459 jis0208.enc
11/08/2006 04:53 AM 70,974 jis0212.enc
11/08/2006 04:53 AM 1,091 koi8-r.enc
11/08/2006 04:53 AM 1,091 koi8-u.enc
11/08/2006 04:53 AM 92,877 ksc5601.enc
11/08/2006 04:53 AM 1,096 macCentEuro.enc
11/08/2006 04:53 AM 1,096 macCroatian.enc
11/08/2006 04:53 AM 1,096 macCyrillic.enc
11/08/2006 04:53 AM 1,096 macDingbats.enc
11/08/2006 04:53 AM 1,093 macGreek.enc
11/08/2006 04:53 AM 1,095 macIceland.enc
11/08/2006 04:53 AM 48,028 macJapan.enc
11/08/2006 04:53 AM 1,093 macRoman.enc
11/08/2006 04:53 AM 1,095 macRomania.enc
11/08/2006 04:53 AM 1,092 macThai.enc
11/08/2006 04:53 AM 1,095 macTurkish.enc
11/08/2006 04:53 AM 1,095 macUkraine.enc
11/08/2006 04:53 AM 41,862 shiftjis.enc
11/08/2006 04:53 AM 1,091 symbol.enc
11/08/2006 04:53 AM 1,091 tis-620.enc
78 File(s) 1,413,736 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\http1.0

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 9,759 http.tcl
11/08/2006 04:53 AM 735 pkgIndex.tcl
2 File(s) 10,494 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\http2.5

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 28,320 http.tcl
11/08/2006 04:53 AM 726 pkgIndex.tcl
2 File(s) 29,046 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\msgcat1.3

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 13,126 msgcat.tcl
11/08/2006 04:53 AM 134 pkgIndex.tcl
2 File(s) 13,260 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\opt0.4

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 33,022 optparse.tcl
11/08/2006 04:53 AM 609 pkgIndex.tcl
2 File(s) 33,631 bytes

Directory of C:\WINDOWS\system32\Mbord\lib\tcl8.4\tcltest2.2

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 04:53 AM 610 pkgIndex.tcl
11/08/2006 04:53 AM 98,763 tcltest.tcl
2 File(s) 99,373 bytes

Directory of C:\WINDOWS\system32\Mbord\modules

13/06/2008 07:22 AM <DIR> .
13/06/2008 07:22 AM <DIR> ..
11/08/2006 05:11 PM 9,728 assoc.dll
11/08/2006 05:11 PM 15,360 blowfish.dll
11/08/2006 05:11 PM 20,992 botnetop.dll
11/08/2006 05:11 PM 114,176 channels.dll
11/08/2006 05:11 PM 10,240 compress.dll
11/08/2006 05:11 PM 10,752 console.dll
11/08/2006 05:11 PM 8,192 ctcp.dll
11/08/2006 05:11 PM 13,312 dns.dll
11/08/2006 05:11 PM 103,424 filesys.dll
11/08/2006 05:11 PM 61,352 gseen.dll
11/08/2006 05:11 PM 139,776 irc.dll
11/08/2006 05:11 PM 29,184 notes.dll
11/08/2006 05:11 PM 13,824 seen.dll
11/08/2006 05:11 PM 62,464 server.dll
11/08/2006 05:11 PM 45,568 share.dll
11/08/2006 05:11 PM 146,944 stats.dll
11/08/2006 05:11 PM 36,864 transfer.dll
11/08/2006 05:11 PM 8,192 uptime.dll
11/08/2006 05:11 PM 13,824 wire.dll
11/08/2006 05:11 PM 5,632 woobie.dll
20 File(s) 869,800 bytes

Directory of C:\WINDOWS\system32\Mbord\scripts

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 819 action.fix.tcl
11/08/2006 05:11 PM 8,562 alltools.tcl
11/08/2006 05:11 PM 9,454 autobotchk
11/08/2006 05:11 PM 2,776 botchk
11/08/2006 05:11 PM 1,337 cmd_resolve.tcl
11/08/2006 05:11 PM 2,124 compat.tcl
11/08/2006 05:11 PM 2,177 CONTENTS
11/08/2006 05:11 PM 10,723 getops.tcl
25/10/2002 11:18 PM 2,143 gseen.selectlang.1.0.0.tcl
11/08/2006 05:11 PM 3,711 klined.tcl
10/06/2008 11:13 AM 243,072 lol.tcl
11/08/2006 05:11 PM 7,223 notes2.tcl
11/08/2006 05:11 PM 13,267 ques5.tcl
11/08/2006 05:11 PM 52,955 sentinel.tcl
11/08/2006 05:11 PM 9,864 userinfo.tcl
11/08/2006 05:11 PM 22,218 weed
02/04/2001 04:53 AM 13,857 winident1.2.tcl
17 File(s) 406,282 bytes

Directory of C:\WINDOWS\system32\Mbord\text

13/06/2008 07:20 AM <DIR> .
13/06/2008 07:20 AM <DIR> ..
11/08/2006 05:11 PM 274 banner
11/08/2006 05:11 PM 800 motd
2 File(s) 1,074 bytes

Directory of C:\WINDOWS\system32\Mbord\tmp

01/01/2009 09:35 AM <DIR> .
01/01/2009 09:35 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
855 File(s) 13,999,742 bytes
56 Dir(s) 237,046,546,432 bytes free
-----
START /D C:\WINDOWS\system32\Mbord\ /B winreg32.exe
-----
The system cannot find the file specified.
The system cannot find the path specified.
The system cannot find the path specified.
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby goddaj » January 1st, 2009, 10:14 am

The generated log files are attached


Logfile of random's system information tool 1.05 (written by random/random)
Run by goddaj at 2009-01-01 10:10:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 226 GB (74%) free of 305 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:17 AM, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\Mbord\winreg32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\CometBird\CometBird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\goddaj\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\goddaj.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft.bat
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2324721593
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\goddaj\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 15806 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1177238915-1801674531-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{431D3F91-E989-4C8C-8F5B-D15AABA81927}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-16 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-07 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-31 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-07-22 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-07 2554944]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-02-16 161352]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-07-22 262144]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-29 8466432]
"nwiz"=nwiz.exe /install []
"ScanSoft OmniPage 15.0-reminder"=C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe -r C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini []
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2006-01-13 188416]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"ScanSoft OmniPage 16-reminder"=C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe [2007-07-20 328992]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-06-10 1447168]
""= []
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"CTSysVol"=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2004-03-10 28672]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"OpAgent"=OpAgent.exe /agent []
"Google Update"=C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1400]
C:\DOCUME~1\goddaj\LOCALS~1\Temp\Setup_ver1.1400.0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\60defd12]
C:\WINDOWS\system32\goydawqc.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares vista]
C:\Program Files\Ares Vista\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2008-10-10 2497336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2008-06-02 587568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-06-03 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63edce8e]
C:\WINDOWS\system32\maiccdjo.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-01 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jigsaw]
C:\DOCUME~1\goddaj\LOCALS~1\Temp\3913574.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-06-29 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpAgent]
OpAgent.exe /agent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpScheduler]
C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Opware15]
C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF3 Registry Controller]
C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe [2005-04-12 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PKWARE Certificate Proxy Client]
C:\PROGRA~1\PKWARE\PKZIPW\pkpcsr.exe [2008-03-28 226640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [2008-03-21 83232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
C:\Program Files\TrojanHunter 5.0\THGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe [2004-08-14 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
I:\Program Files\Winamp\winampa.exe [2007-10-10 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-10-31 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureZIP Attachments Status.lnk]
C:\PROGRA~1\PKWARE\PKZIPM\1210~1.001\PKTray.exe [2008-06-04 197968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
C:\PROGRA~1\TECHSM~1\SNAGIT~1\SnagIt32.exe [2007-02-16 6379080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^goddaj^Start Menu^Programs^Startup^Adobe Media Player.lnk]
C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE [2008-09-07 260096]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-06-04 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqQiIyw
"notification packages"=
:\WINDOWS\system3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\goddaj\Desktop\Ares.exe"="C:\Documents and Settings\goddaj\Desktop\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\WINDOWS\system32\Mbord\winreg32.exe"="C:\WINDOWS\system32\Mbord\winreg32.exe:*:Enabled:winreg32"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA Sports\FIFA 09\FIFA09.exe"="C:\Program Files\EA Sports\FIFA 09\FIFA09.exe:*:Enabled:FIFA09"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f561500-2f59-11dd-86f0-001111899205}]
shell\AutoRun\command - H:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{980ef1cb-2f6e-11dd-9872-001111899205}]
shell\AutoRun\command - H:\setup.exe


======List of files/folders created in the last 1 months======

2009-01-01 10:10:08 ----D---- C:\rsit
2008-12-30 23:58:20 ----D---- C:\VJVod_Cache
2008-12-30 21:11:34 ----D---- C:\WINDOWS\system32\Nagasoft
2008-12-29 21:52:32 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-12-27 22:44:24 ----D---- C:\Documents and Settings\goddaj\Application Data\CometNetwork
2008-12-27 22:44:01 ----D---- C:\Program Files\CometBird
2008-12-22 21:04:59 ----D---- C:\Documents and Settings\goddaj\Application Data\Hamachi
2008-12-22 21:04:29 ----D---- C:\Program Files\Hamachi
2008-12-19 15:37:53 ----D---- C:\Program Files\uTorrent
2008-12-19 15:37:52 ----D---- C:\Documents and Settings\goddaj\Application Data\uTorrent
2008-12-15 23:04:28 ----N---- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK
2008-12-15 22:51:59 ----N---- C:\WINDOWS\Updreg.EXE
2008-12-15 22:51:56 ----N---- C:\WINDOWS\system32\SFCVRT32.DLL
2008-12-15 22:51:56 ----N---- C:\WINDOWS\CTRES.DLL
2008-12-15 22:51:56 ----N---- C:\WINDOWS\CTCCW.DLL
2008-12-15 22:51:56 ----N---- C:\WINDOWS\AC3API.INI
2008-12-15 22:51:55 ----N---- C:\WINDOWS\system32\INETWH32.DLL
2008-12-15 22:51:55 ----N---- C:\WINDOWS\system32\CTWFLT32.DLL
2008-12-15 22:51:55 ----N---- C:\WINDOWS\system32\CTL3D.DLL
2008-12-15 22:50:38 ----A---- C:\WINDOWS\INRES.DLL
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\sfms32.dll
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\sfman32.dll
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\regplib.exe
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\piaproxy.dll
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\killapps.exe
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\kill.ini
2008-12-15 22:50:37 ----A---- C:\WINDOWS\system32\eaxac3.dll
2008-12-15 22:50:37 ----A---- C:\WINDOWS\READREG.EXE
2008-12-15 22:50:37 ----A---- C:\WINDOWS\PSCONV.EXE
2008-12-15 22:50:37 ----A---- C:\WINDOWS\MIDIDEF.EXE
2008-12-15 22:50:37 ----A---- C:\WINDOWS\DEVREG.DLL
2008-12-15 22:50:37 ----A---- C:\WINDOWS\CTDCRES.DLL
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctthxcal.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctspkhlp.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctscal.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctsblfx.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctosuser.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctmmep.dll
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\CtHelper.exe
2008-12-15 22:50:36 ----A---- C:\WINDOWS\system32\ctemupia.dll
2008-12-15 22:50:34 ----A---- C:\WINDOWS\system32\ctdcifce.dll
2008-12-15 22:50:34 ----A---- C:\WINDOWS\system32\ctdc0001.dll
2008-12-15 22:50:34 ----A---- C:\WINDOWS\system32\ctdc0000.dll
2008-12-15 22:50:34 ----A---- C:\WINDOWS\system32\ctaudfx.dll
2008-12-15 22:50:33 ----A---- C:\WINDOWS\system32\ctasio.dll
2008-12-15 22:50:33 ----A---- C:\WINDOWS\system32\ctagent.dll
2008-12-15 22:50:32 ----A---- C:\WINDOWS\system32\commonfx.dll
2008-12-15 22:50:32 ----A---- C:\WINDOWS\system32\ac3api.dll
2008-12-15 22:50:01 ----A---- C:\WINDOWS\system32\ctdvda32.dll
2008-12-15 22:49:53 ----A---- C:\WINDOWS\system32\AHQCpURes.dll
2008-12-15 22:48:46 ----A---- C:\WINDOWS\system32\CTDetres.dll
2008-12-15 22:48:42 ----N---- C:\WINDOWS\system32\CTMEDENG.DLL
2008-12-15 22:48:40 ----A---- C:\WINDOWS\system32\CTMERes.DLL
2008-12-14 07:39:03 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 07:39:03 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 07:39:03 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 07:39:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 20:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-01 10:10:06 ----D---- C:\WINDOWS\Temp
2009-01-01 10:09:37 ----D---- C:\WINDOWS\Prefetch
2009-01-01 10:00:00 ----D---- C:\WINDOWS\system32\Mbord
2009-01-01 09:35:36 ----D---- C:\Program Files\LogMeIn
2008-12-31 22:34:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-31 21:23:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-31 21:08:22 ----D---- C:\Documents and Settings\goddaj\Application Data\U3
2008-12-31 19:41:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 08:40:06 ----D---- C:\WINDOWS
2008-12-30 23:59:21 ----D---- C:\WINDOWS\Minidump
2008-12-30 21:11:34 ----D---- C:\WINDOWS\system32
2008-12-30 21:09:52 ----D---- C:\Downloads
2008-12-30 06:43:25 ----SD---- C:\WINDOWS\Tasks
2008-12-29 21:52:31 ----D---- C:\Program Files\TVUPlayer
2008-12-29 19:40:27 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-29 00:21:54 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 09:25:13 ----D---- C:\Documents and Settings\goddaj\Application Data\LimeWire
2008-12-28 09:18:26 ----D---- C:\Documents and Settings\goddaj\Application Data\Azureus
2008-12-27 22:44:01 ----RD---- C:\Program Files
2008-12-26 09:03:55 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-22 22:33:25 ----D---- C:\WINDOWS\network diagnostic
2008-12-22 21:58:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 21:04:38 ----HD---- C:\WINDOWS\inf
2008-12-22 21:04:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-17 19:35:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 19:35:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-15 22:53:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-15 22:51:59 ----D---- C:\Program Files\Creative
2008-12-15 22:51:59 ----A---- C:\WINDOWS\SBWIN.INI
2008-12-15 22:51:54 ----D---- C:\WINDOWS\system32\Defaults
2008-12-15 22:49:52 ----D---- C:\WINDOWS\Media
2008-12-14 22:16:09 ----D---- C:\Program Files\LimeWire
2008-12-14 07:39:09 ----SHD---- C:\WINDOWS\Installer
2008-12-14 07:39:05 ----D---- C:\Config.Msi
2008-12-14 07:38:45 ----D---- C:\Program Files\Java
2008-12-13 02:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 18:37:52 ----D---- C:\Program Files\Internet Explorer
2008-12-10 20:21:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 20:20:16 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 20:17:32 ----D---- C:\WINDOWS\ie7updates
2008-12-09 20:21:30 ----D---- C:\Documents and Settings\goddaj\Application Data\Canon
2008-12-09 19:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 19:21:31 ----D---- C:\Program Files\Adobe
2008-12-07 20:23:56 ----D---- C:\Documents and Settings\goddaj\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-07-12 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-08-05 366384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2004-07-12 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2004-07-12 130288]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2004-07-12 145488]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-06-10 30728]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-08-12 904752]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-22 25280]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2004-07-12 148432]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-29 6807328]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-07-12 178672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\DOCUME~1\goddaj\LOCALS~1\Temp\catchme.sys []
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2003-11-13 114688]
S3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2004-07-12 585728]
S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2003-11-13 606208]
S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-31 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-29 155716]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-31 654848]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe []
S2 hpdj;hpdj; C:\DOCUME~1\goddaj\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product= []
S2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe []
S2 vvdsvc;VJVodServices; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-06-10 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-01 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-01 10:10:20

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
BitComet 1.05-->C:\Program Files\BitComet\uninst.exe
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Buensoft Spanish Version 3.0.7-->"h:\Program Files\Buensoft Spanish\unins000.exe"
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Classic Menu 3.x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe"
CometBird (3.0.4)-->C:\Program Files\CometBird\uninstall\helper.exe
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EASEUS Data Recovery Wizard Professional 4.3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1965C9BB-9114-4A50-AEC7-E62414BB117B}\setup.exe" -l0x9 -removeonly
Encyclopaedia Britannica 2008 Ultimate Reference Suite-->"C:\Program Files\Britannica 8.0\Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall_Encyclopaedia Britannica 2008 Ultimate Reference Suite\Uninstall Encyclopaedia Britannica 2008 Ultimate Reference Suite.exe"
ESET Smart Security-->MsiExec.exe /I{58E05C78-4785-443D-8A1B-CBFF49C2A84E}
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Flock 1.2-->C:\Program Files\Flock\uninst.exe
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 5600-->msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire PRO 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
LogMeIn-->MsiExec.exe /I{6BF2CCD4-33D1-499D-9055-49E023B5468D}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
MathType 6-->"C:\Program Files\MathType\Setup.exe" -R
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {9037FDA8-8383-4B6F-859D-D49C3C625225}
Microsoft Expression Web Service Pack 1 (SP1)-->msiexec /package {90120000-0026-0409-0000-0000000FF1CE} /uninstall {DA3B8FC6-8B1D-447A-A5EE-B226DCC10662}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mobile PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 3.3-->C:\Program Files\MpcStar\uninst.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Ultra Edition-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
ScanSoft OmniPage 16-->MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
ScanSoft PDF Converter 3.0-->MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create! 4-->MsiExec.exe /I{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}
SecureZIP for Windows 12.10.0012-->MsiExec.exe /I{E24C2613-6453-4EFE-BDF5-5EA1CA22529E}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Visio 2007 (KB947590)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SnagIt 8-->MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
SPVOD Player1.8-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0026-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Lightning - EN-->MsiExec.exe /X{4873CC58-69D8-490D-9E5C-001DC2EE2100}
WordPerfect Lightning - IPM-->MsiExec.exe /X{4873CC58-69D8-490D-9E5C-001DC2EE2020}
WordPerfect Lightning - Messages-->MsiExec.exe /X{4873CC58-69D8-490D-9E5C-001DC2EE2010}
WordPerfect Lightning - MSOM-->MsiExec.exe /X{F6EE49FD-B736-4888-A05A-115F3B1160FA}
WordPerfect Lightning-->MsiExec.exe /X{4873CC58-69D8-490D-9E5C-001DC2EE2000}
WordPerfect Office X4 - Common-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}
WordPerfect Office X4 - Content-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}
WordPerfect Office X4 - EN-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}
WordPerfect Office X4 - Filters-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}
WordPerfect Office X4 - Graphics-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}
WordPerfect Office X4 - ICA-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}
WordPerfect Office X4 - IPM T EN-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}
WordPerfect Office X4 - IPM-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}
WordPerfect Office X4 - MAIL-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}
WordPerfect Office X4 - Migration Manager-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}
WordPerfect Office X4 - PerfectExperts-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}
WordPerfect Office X4 - PR-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}
WordPerfect Office X4 - QP-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}
WordPerfect Office X4 - Skins-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}
WordPerfect Office X4 - System-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}
WordPerfect Office X4 - WP-->MsiExec.exe /I{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}
WordPerfect Office X4-->c:\Program Files\Corel\WordPerfect Office X4\Setup\SetupARP.exe /arp
WordPerfect Office X4-->MsiExec.exe /I{000AB2ED-5741-4C30-A1A4-0FCB8A529000}
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O20 - Winlogon Notify: nnnmlMEX - C:\WINDOWS\SYSTEM32\nnnmlMEX.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O20 - Winlogon Notify: nnnmlMEX - C:\WINDOWS\SYSTEM32\nnnmlMEX.dll
O20 - Winlogon Notify: nnnmlMEX - C:\WINDOWS\SYSTEM32\nnnmlMEX.dll
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

System event log

Computer Name: NIL-567C4D99AD3
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 14574
Source Name: Service Control Manager
Time Written: 20081216124755.000000-240
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: NIL-567C4D99AD3
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 14573
Source Name: Service Control Manager
Time Written: 20081216124755.000000-240
Event Type: information
User:

Computer Name: NIL-567C4D99AD3
Event Code: 7000
Message: The McAfee Real-time Scanner service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 14572
Source Name: Service Control Manager
Time Written: 20081216124742.000000-240
Event Type: error
User:

Computer Name: NIL-567C4D99AD3
Event Code: 7000
Message: The hpdj service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 14571
Source Name: Service Control Manager
Time Written: 20081216124742.000000-240
Event Type: error
User:

Computer Name: NIL-567C4D99AD3
Event Code: 9
Message: Broadcom NetXtreme 57xx Gigabit Controller: Network controller configured for 100Mb full-duplex link.

Record Number: 14570
Source Name: b57w2k
Time Written: 20081216124732.000000-240
Event Type: information
User:

Application event log

Computer Name: NIL-567C4D99AD3
Event Code: 102
Message: msnmsgr (1440) \\.\C:\Documents and Settings\goddaj\Local Settings\Application Data\Microsoft\Messenger\goddaj@hotmail.com\SharingMetadata\Working\database_8660_DF08_60DE_FDBD\dfsr.db: The database engine started a new instance (0).

Record Number: 1406
Source Name: ESENT
Time Written: 20081202215049.000000-240
Event Type: information
User:

Computer Name: NIL-567C4D99AD3
Event Code: 100
Message: msnmsgr (1440) The database engine 5.01.2600.5512 started.

Record Number: 1405
Source Name: ESENT
Time Written: 20081202215049.000000-240
Event Type: information
User:

Computer Name: NIL-567C4D99AD3
Event Code: 101
Message: msnmsgr (1440) The database engine stopped.

Record Number: 1404
Source Name: ESENT
Time Written: 20081202214031.000000-240
Event Type: information
User:

Computer Name: NIL-567C4D99AD3
Event Code: 103
Message: msnmsgr (1440) \\.\C:\Documents and Settings\goddaj\Local Settings\Application Data\Microsoft\Messenger\goddaj@hotmail.com\SharingMetadata\Working\database_8660_DF08_60DE_FDBD\dfsr.db: The database engine stopped the instance (0).

Record Number: 1403
Source Name: ESENT
Time Written: 20081202214031.000000-240
Event Type: information
User:

Computer Name: NIL-567C4D99AD3
Event Code: 302
Message: msnmsgr (1440) \\.\C:\Documents and Settings\goddaj\Local Settings\Application Data\Microsoft\Messenger\goddaj@hotmail.com\SharingMetadata\Working\database_8660_DF08_60DE_FDBD\dfsr.db: The database engine has successfully completed recovery steps.

Record Number: 1402
Source Name: ESENT
Time Written: 20081202213522.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=2.1.5
"SESSIONID"=1210689571868g1u0358c.austin.hp.com-5a02915:11a3953c439:70c8
"COLLECTIONID"=COL7299
"ITEMID"=oj-21918-1
"UPDATEDIR"=C:\DOCUME~1\goddaj\LOCALS~1\Temp\radDDEA5.tmp
"TOOLPATH"=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0

-----------------EOF-----------------
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby silver » January 1st, 2009, 11:13 pm

Hi goddaj,

Are you aware that some sort of IRC bot appears to be installed on your machine? Are you running this purposefully?

Please open Start->Control Panel->Add/Remove Programs, and remove the following:
BitComet 1.05
Java(TM) 6 Update 7
LimeWire PRO 4.18.8
uTorrent
Vuze
The Java installation is out of date and now a security risk, you already have the latest version (version 6 update 11) don't uninstall that one.

The P2P programs need to be removed as site policy is to require users to remove all P2P programs as part of cleaning.

You have Ask Toolbar installed on your system. This program is not malware, but it may report on your surfing behavior and is considered undesirable, see here and here for more information. If you actually use this program, consider a safe alternative such as Google Toolbar.
I recommend you remove this program via Add/Remove Programs

You have Logitech Desktop Messenger installed. This is a background process which can access the internet without your knowledge or consent. Although it can assist in providing software updates for your Logitech hardware, it uses resources on your machine and the fact that it accesses the internet without your approval is potentially dangerous.
Logitech Desktop Messenger can be removed via Add/Remove Programs.

Download the McAfee removal tool to your Desktop:
http://download.mcafee.com/products/lic ... s/MCPR.exe

Double-click MCPR.exe to start the program.
Note: Windows Vista users must right-click MCPR.exe and select Run as Administrator.
Restart your computer after receiving the message CleanUp Successful.

Once complete, please post a new HijackThis log and let me know about the IRC bot.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 3rd, 2009, 11:53 pm

Thanks very much for all the help that you have given to me. I have done all that you suggested and the new hijackthis log file is attached. I am however now getting an Internet Explorer Script Error message.

Line: 2
Char: 30610
Error: 'a' is null or not an object
Code: 0
URL: http://msn.com/es-xl/home.aspx?ver=8.5.1302&did=1


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:30 PM, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\Mbord\winreg32.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ScanSoft OmniPage 15.0-reminder] "C:\Program Files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\goddaj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft.bat
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2324721593
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\goddaj\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 14233 bytes
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby silver » January 4th, 2009, 12:42 am

Before we continue, please let me know about this question from my previous post:

Are you aware that some sort of IRC bot appears to be installed on your machine? Are you running this purposefully?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 4th, 2009, 9:04 am

Sorry, in my haste to send the hijackthis log file i forgot to respond to the IRC bot question. I honestly do not know what IRC bot is and I am not running it intentionally. I will check its meaning as soon as I post this reply.
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby silver » January 4th, 2009, 9:53 pm

Hi goddaj,

Please open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Microsoft.bat
Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Please download Suspicious File Packer to your Desktop.
  • Right-click sfp.zip, choose Extract All... and extract sfp.exe to your Desktop
  • Double-click sfp.exe to start the program
  • Copy and Paste the following file list into the text box of the program:
    C:\WINDOWS\system32\Mbord\*.*
    C:\WINDOWS\system32\Mbord\filesys\*.*
    C:\WINDOWS\system32\Mbord\filesys\incoming\*.*
    C:\WINDOWS\system32\Mbord\help\*.*
    C:\WINDOWS\system32\Mbord\help\msg\*.*
    C:\WINDOWS\system32\Mbord\help\set\*.*
    C:\WINDOWS\system32\Mbord\language\*.*
    C:\WINDOWS\system32\Mbord\lib\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\encoding\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\http1.0\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\http2.5\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\msgcat1.3\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\opt0.4\*.*
    C:\WINDOWS\system32\Mbord\lib\tcl8.4\tcltest2.2\*.*
    C:\WINDOWS\system32\Mbord\modules\*.*
    C:\WINDOWS\system32\Mbord\scripts\*.*
    C:\WINDOWS\system32\Mbord\text\*.*
    C:\WINDOWS\system32\Mbord\tmp\*.*
  • Now press the Continue button
  • A file called requested-files[YYYY-MM-DD_MM_ss].cab will appear on your Desktop.
  • Now open this page in your browser
  • Press Browse and browse to the requested-files[YYYY-MM-DD_MM_ss].cab file on your Desktop, fill in the other fields as appropriate then press Send File

------------------------------------------------------------------------

Backup Your Registry:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

------------------------------------------------------------------------

Please download OTMoveIt3 by OldTimer to your Desktop (right-click the link, select Save Target As…, select your Desktop and press Save)
  • Double-click OTMoveIt3.exe to start the program.
  • Copy the lines in the OTMoveIt script below to the clipboard by highlighting ALL of it and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
    OTMoveIt Script:
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\Mbord\winreg32.exe"=-
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    "C:\Program Files\DNA\btdna.exe"=-
    "C:\Documents and Settings\goddaj\Desktop\Ares.exe"=-
    "C:\Program Files\Vuze\Azureus.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\Internet Explorer\iexplore.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1400]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\60defd12]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares vista]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63edce8e]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jigsaw]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    :Files
    C:\WINDOWS\system32\Mbord
    C:\DOCUME~1\goddaj\LOCALS~1\Temp\Setup_ver1.1400.0.exe
    C:\WINDOWS\system32\goydawqc.dll
    C:\Program Files\BitComet
    C:\Program Files\BitTorrent
    C:\Documents and Settings\goddaj\Application Data\uTorrent
    C:\Documents and Settings\goddaj\Application Data\Azureus
    C:\Documents and Settings\goddaj\Application Data\LimeWire
    C:\Program Files\LimeWire
    C:\Program Files\DNA
    C:\Program Files\uTorrent
    C:\WINDOWS\system32\maiccdjo.dll
    C:\DOCUME~1\goddaj\LOCALS~1\Temp\3913574.exe
    
    
  • Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTMoveIt3

------------------------------------------------------------------------

Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop (right-click, select Extract All... and follow the prompts)
  • Disconnect from the internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If there is no warning, then check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Please do not use your computer during the scan
  • Once the scan is complete, click the Copy button
  • Open Notepad (Click Start->Run, type notepad and Enter) and hit Ctrl+V to paste the log and then save the log to your desktop

------------------------------------------------------------------------

Once complete, please post the OTMoveIt report, the Gmer log file and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby silver » January 7th, 2009, 9:59 pm

How are you getting on?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 8th, 2009, 6:50 am

Thanks for inquiring about the progress I am making with the Malware removal. Your instructions are quite clear, however the file generated is a zip file and when I attempt to send the file it is taking very long for any action to take place. In the end I am just getting an error message: "Unknown error". I just found the other instructions related to the erunt and OTNoveIt3 file downloads and followed them, upon restart, the script error message was not displayed.
p.s. I found out which web page the script error related to by running the URL given in the script error
Once again, thanks very much for your help and continue to do the good work.
Last edited by goddaj on January 8th, 2009, 7:15 am, edited 1 time in total.
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby silver » January 8th, 2009, 7:14 am

Please try uploading it to Rapidshare as follows:
Open this link in your browser:
http://rapidshare.com/

Click the Browse button, browse to and select the .cab file generated by sfp.exe, then press the Upload button.
Please copy and paste both the download link and the delete link in your next response.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 8th, 2009, 7:29 am

goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm

Re: Runtime error

Unread postby silver » January 8th, 2009, 7:54 am

OK I've got the file and deleted it from Rapidshare. Please continue with the instructions and if you have any difficulties let me know.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Runtime error

Unread postby goddaj » January 8th, 2009, 4:18 pm

The gmer log file and the new HijackThis log file are attached. I thought that you got the OTMoveIT3 log file earlier. If not do I have to run this to generate a file?
goddaj
Active Member
 
Posts: 13
Joined: December 22nd, 2008, 12:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware