Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem deleting registry file, KEEPS COMING BACK

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 16th, 2009, 3:40 pm

Last week, I clicked on a setup file and Spyware Guard 2008 came up and tried to scan my computer. I could instantly tell something wasn't right. I did numerous scans with Malware Bytes, Spybot and Registry Mechanic. Within a few hours, I had the program disabled and removed. I haven't had any major problems with my computer since. However, I have noticed a program is always checked in msconfig-startup. I uncheck it every time I start my computer, and the delete it from the registry. Sometimes I leave it checked on startup and delete it from the registry in case that would work. I've also tried to delete it from the registry in safe mode. The thing is, it will almost instantly come back. If I close regedit and reopen it and search, it will be right there in the same spot. I've also used Hijack This to remove the file twice, and on subsequent searches it came right back in Hijack This' search list. The name of the file that I've been talking about is:

Tzaka

Its command in msconfig is:

rundll32.exe "C:\WINDOWS\Tzaka.dll",e

Located in:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The file is also associated, or in the "folder" of something called:

Obotinexil

This is the folder that has all the registry values to allow it to startup every time Windows runs (or at least that's what I'm guessing).

Sometimes there are two entries of Tzaka in msconfig, one near the top of the list is always checked, while the one near the bottom isn't. Usually, just the one checked file is listed in msconfig.

Just to recap:

I can't remove this file, I've deleted it about 50 times, and I've ran numerous scans. I believe it to possibly be associated with Spyware Guard 2008 which got on my computer last week, but my computer is running okay since I got rid of everything or most everything associated with Spyware Guard 2008, just the reoccurrence of the Tzaka file in the registry and msconfig-startup concerns me.

Below I will post a Hijack This logfile.

Thank you very much for any help you may provide.

Tyler

Hijack this file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:50 PM, on 1/16/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Obotinexil] rundll32.exe "C:\WINDOWS\Tzaka.dll",e
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Tyler\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1343024091-2077806209-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 12004 bytes
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm
Advertisement
Register to Remove

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 20th, 2009, 8:22 am

Hi :)

I apoligise for the delay, the forum has been extremely busy of late.

If you still require assistance can you post a new HijackThis Log and a Uninstall List please, how to provide as follows:

Run HJT and click on Open the Misc Tools section.

  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 20th, 2009, 4:32 pm

Dakeyras,

Thank you very much for your reply. Below I have a fresh HJT log file. Below that I have the requested uninstall_list log. The only new update since my last post, is that now my Internet Explorer keeps crashing. I had IE 7, uninstalled and reinstalled it a few times, but still had the same problem. I then installed IE 8 (beta), but the problem was the same. It only crashes on some sites, and it says something about a kernel 32 error. Anyway, sorry for throwing another problem at you, because it just started yesterday, but I wanted to at least mention it in case it was somehow related to my post from a few days ago (which I'm still having that problem as well).

HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:24 PM, on 1/20/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Obotinexil] rundll32.exe "C:\WINDOWS\Tzaka.dll",e
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Tyler\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1343024091-2077806209-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11995 bytes



Uninstall log:


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acoustica CD/DVD Label Maker
Acoustica Effects Pack
Acoustica Mixcraft 4.1
Acoustica MP3 Audio Mixer 2.13
Acrobat.com
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Audition 3.0
Adobe Audition 3.0.1 Patch
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Animated GIF producer 3.0.1 TRIAL
Antares Autotune VST RTAS TDM v5.08
ASIO4ALL
ATI Display Driver
Audacity 1.2.6
Aurora Web Editor 2008 Professional
AV Voice Changer Software DIAMOND 6.0
avast! Antivirus
AVI MPEG Converter 3
AVI to DVD Converter
Bubble Ice Age
Call of Duty Game of the Year Edition
Cambridge Advanced Learner's Dictionary
CCleaner (remove only)
Checkers 1.3
Checkers International 1.2
Chinese Checkers 1.1.0
Choice Guard
ChordWizard Gold 2.0
ChordWizard Music Theory 3.0
ChordWizard Songtrix Gold 3.0
Collab
Connect
Corel Paint Shop Pro Photo X2
Creative Audio Console
D'Accord Personal Guitarist 1.2
Deus Ex
DirectXInstallService
Dirt Track Racing - Sprint Cars
DivX
DivX Converter
DivX Player
DivX Web Player
Drug Lord 2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
Dynex Wireless G USB Network Adapter Setup
Easy Avi/Divx/Xvid to DVD Burner 2.4.4
EMC 10 Content
EPSON CX5000 Series User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
EPSON Web-To-Page
Exact Audio Copy 0.95b4
Finale 2008
Finale NotePad 2008
FL Studio 8
Flash Movie Player 1.5
FontCreator 5.5
foobar2000 v0.9.6.1
Garritan Instruments for Finale
GEAR 32bit Driver Installer
Google Earth Pro
Guitar Pro 5.2
HijackThis 2.0.2
Homework Helpers
Hotfix for Windows XP (KB952287)
IL Download Manager
Intense Language Office
InterVideo DeviceService
IsoBuster 2.4
Java(TM) 6 Update 11
kuler
Logitech QuickCam
Logitech® Camera Driver
Macromedia Director MX 2004
Magic Calendar Maker 2.6 (remove only)
Magic ISO Maker v5.3 (build 0216)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MixMeister Fusion 7.2.2
Mozilla Firefox (3.0.5)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
MVision
NASCAR® Racing 2007 Season
Neo Sonic Universe
Nero 7 Demo
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PoiZone
Power Tab Editor 1.7
PowerISO
Quake 4(TM)
QuarkXPress
QuarkXPress 5.0
Registry Mechanic 8.0
ResumeMaker
Rosetta Stone V3
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SmartSound Quicktracks Plugin
Sony Digital Voice Editor 2
SpeechRedist
Spybot - Search & Destroy
Suite Shared Configuration CS4
SUPERAntiSpyware Professional
Swiff Player 1.5
TeLL me More
Tennis Masters Series 2003
The Logo Creator v5
Toxic Biohazard
Ulead GIF Animator 5
Ulead VideoStudio 11
Unreal Tournament 2004
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
vanBasco's Karaoke Player
VCDEasy
VDownloader 0.77
VIA Platform Device Manager
VIA Vinyl Audio Codecs Driver Setup Program
Viewpoint Media Player
VLC media player 0.9.8a
Winamp
WindowBlinds
Windows Internet Explorer 8 Beta 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
WinRAR archiver
WinWay Resume Deluxe
WriteItNow3
Yahoo! Messenger
You Don't Know Jack 6 - The Lost Gold
You Don't Know Jack The Ride
YOU DON'T KNOW JACK V1.0


Thanks,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 21st, 2009, 6:00 pm

Just a slight update. I renamed the value of the "Tzaka" file to simply "r" instead of the command previously mentioned:

rundll32.exe "C:\WINDOWS\Tzaka.dll",e

I don't know if this would help, but I did it to hopefully disable what it's attempting to do at startup. It still shows up in the registry, and still comes back after deleting (it comes back if you delete it, click on another registry folder, and then click back to the "run folder).

Tzaka still shows up in the msconfig startup tab. It's still checked and continues to come back if unchecked, but at least now it says "r" which is just a random letter I picked so hopefully it won't do anything. Hopefully it's just harmless, but either way, I'd like to know how to remove it.

Thanks again,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 22nd, 2009, 8:36 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi tyler1984 and welcome to Malware Removal :).

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Next:

What is this computer used for exactly please. Is it a business machine or used for personal use ?

Now we have some preliminary steps to address before we begin the malware removal process as follows:

Windows Internet Explorer 8 Beta 2:

This is actually still in the Beta stage of development and will be prone to problems whilst still in the testing stage.

Because of this and the good chance it may cause a problem and or create a system conflict. My advice is to uninstall this application until it has been fully tested and released as a stand alone software browser application.

I appreciate you have been experiencing problem with Internet Explore 7, we will address this.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Windows Internet Explorer 8 Beta 2 <---After uninstall this will rollback to IE7.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Next:

We need to disable the registry guard feature of Spybot S&D and the protection module from SUPERAntiSpyware Professional as these will actually hinder the malware removal process.

Please note: I also actually advice we then leave both these security applications as on-demand scanners only since you also have protection module active with Malwarebytes' Anti-Malware.

Also having more than one protection/real time guard active in memory actually lessons online protection and a system conflict may arise with unforeseen circumstances.

Disable Spybot's TeaTimer:

This is a two step process.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.

Second step, For Either Version:
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Disable SUPERAntiSpyware:

  • Right-click on the shortcut from the system tray
  • Choose View Control Center (preferences/options)
  • On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
  • Click Close to exit.

I have a question about SUPERAntiSpyware Professional, have you paid for this or is it the 30 day trial ?

When completed the above, please post back the following and we will continue with the malware removal process:

  • Business or Personal use Computer Query.
  • SUPERAntiSpyware Query.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 22nd, 2009, 11:54 pm

Dakeyras,

First, this computer is for personal use, but I do a lot of business-related work on it (for work and school).

I have a purchased version of SUPERAnitspyware. I removed Explorer 8 Beta 2. I removed the registry guard on both Spybot's Teatimer and SUPERAntispyware's guard.

Below is my HJT log. Thank you very much.

Tyler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:14 PM, on 1/22/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Obotinexil] r
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1343024091-2077806209-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11001 bytes
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 23rd, 2009, 7:44 am

Hi :)

First, this computer is for personal use, but I do a lot of business-related work on it (for work and school).

I have a purchased version of SUPERAnitspyware. I removed Explorer 8 Beta 2. I removed the registry guard on both Spybot's Teatimer and SUPERAntispyware's guard.

Below is my HJT log. Thank you very much.

OK thank you for informing myself and you are welcome!

Next:

We need to perform a few in-depth scans of your computer so I can better ascertain what actual malware infections are present as follows:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Next:

Please download Rooter.exe to your desktop.

  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt.
  • Post that log in your next reply.

When completed the above, please post back the following:

  • Both RSIT Logs.
  • Rooter.txt.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 23rd, 2009, 2:39 pm

Below I have the 3 logs.

"Info log"

info.txt logfile of random's system information tool 1.05 2009-01-23 13:25:17

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {65482307-FE7D-4E7F-9DEF-3F0E841BC77A}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\uisurvey.exe
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Acoustica Mixcraft 4.1-->C:\PROGRA~1\ACOUST~2\Unwise.exe
Acoustica MP3 Audio Mixer 2.13-->C:\PROGRA~1\ACOUST~4\UNWISE.EXE C:\PROGRA~1\ACOUST~4\INSTALL.LOG
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Audition 3.0.1 Patch-->MsiExec.exe /X{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Animated GIF producer 3.0.1 TRIAL-->"C:\Program Files\Animated GIF producer 3.0.1 TRIAL\unins000.exe"
Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Aurora Web Editor 2008 Professional-->MsiExec.exe /I{A520BF75-AD2D-4173-B929-4C31F927AD7E}
AV Voice Changer Software DIAMOND 6.0-->C:\PROGRA~1\AVVCS6~1.0DI\UNWISE.EXE C:\PROGRA~1\AVVCS6~1.0DI\INSTALL.LOG
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVI MPEG Converter 3-->C:\Program Files\ImTOO\AVI MPEG Converter 3\Uninstall.exe
AVI to DVD Converter-->C:\Program Files\Xilisoft\AVI to DVD Converter\Uninstall.exe
Bubble Ice Age-->"C:\Program Files\Realore\Bubble Ice Age\unins000.exe"
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Cambridge Advanced Learner's Dictionary-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cambridge\CAL001CP\Uninst.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Checkers 1.3-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Magicwand\Checkers 1.3\Uninst.isu"
Checkers International 1.2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Checkers\DeIsL1.isu"
Chinese Checkers 1.1.0-->"C:\Program Files\Novel Games\Chinese Checkers\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ChordWizard Gold 2.0-->C:\Program Files\ChordWizard Gold 2.0\Uninstall.exe
ChordWizard Music Theory 3.0-->C:\Program Files\ChordWizard Music Theory 3.0\Uninstall.exe
ChordWizard Songtrix Gold 3.0-->C:\Program Files\ChordWizard Songtrix Gold 3.0\Uninstall.exe
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
D'Accord Personal Guitarist 1.2-->"C:\Program Files\D'Accord Music Software\D'Accord Personal Guitarist 1.2\unins000.exe"
Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Dirt Track Racing - Sprint Cars-->C:\WINDOWS\IsUninst.exe -f"L:\Program Files\Program Files\Ratbag\Dirt Track Racing - Sprint Cars\Uninst.isu"
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Drug Lord 2-->C:\Program Files\Drug Lord 2\druglord2.exe remove
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"
Dynex Wireless G USB Network Adapter Setup-->C:\Program Files\InstallShield Installation Information\{531D27E5-DE21-4777-9EDB-B7803087E7F3}\setup.exe -runfromtemp -l0x0009 -removeonly
Easy Avi/Divx/Xvid to DVD Burner 2.4.4-->"C:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe"
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
EPSON CX5000 Series User's Guide-->C:\Program Files\epson\guide\cx5000_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX5000 Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x9 -anything
Exact Audio Copy 0.95b4-->C:\Program Files\Exact Audio Copy\uninst.exe
Finale 2008-->C:\Program Files\Finale 2008\uninstallFinale.exe
Finale NotePad 2008-->C:\Program Files\Finale NotePad 2008\uninstallNP.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Flash Movie Player 1.5-->C:\Program Files\Flash Movie Player\uninst.exe
FontCreator 5.5-->"C:\Program Files\High-Logic\FontCreator\unins000.exe"
foobar2000 v0.9.6.1-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Garritan Instruments for Finale-->C:\Program Files\Garritan Instruments for Finale\uninstallGarritan.exe
GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homework Helpers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD8780DE-96F5-454B-B551-E063B94AAD4F}\setup.exe" -l0x9 anything
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intense Language Office-->C:\Program Files\Intense Language Office\Common\Uninst.exe
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Director MX 2004-->C:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE C:\PROGRA~1\MACROM~1\DIRECT~1\install.log
Magic Calendar Maker 2.6 (remove only)-->"C:\Program Files\Magic Calendar Maker\uninst.exe"
Magic ISO Maker v5.3 (build 0216)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MixMeister Fusion 7.2.2-->"C:\Program Files\MixMeister Fusion 7.2.2\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NASCAR® Racing 2007 Season-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}\Setup.exe" -l0x9 -uninst
Neo Sonic Universe-->C:\Neo Sonic Universe\Uninstal.exe
Nero 7 Demo-->MsiExec.exe /I{513AEC24-3465-8C4F-87BA-652D6F491033}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Quake 4(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1033
QuarkXPress 5.0-->MsiExec.exe /I{A7BF5269-3E74-11D5-B00F-00104B398D77}
QuarkXPress-->MsiExec.exe /I{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
ResumeMaker-->C:\PROGRA~1\RESUME~1\UNWISE.EXE C:\PROGRA~1\RESUME~1\INSTALL.LOG
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio Disc Gallery-->MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio Easy Media Creator 10 Suite-->MsiExec.exe /I{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio MediaShare-->MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Seagate DiscWizard-->MsiExec.exe /X{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sony Digital Voice Editor 2-->C:\PROGRA~1\SONY\DIGITA~1\UNINST.EXE
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Swiff Player 1.5-->"C:\Program Files\GlobFX\Swiff Player\unins000.exe"
TeLL me More-->"C:\TELL ME MORE SI\Bin\unsetup.exe" -file "C:\TELL ME MORE SI\unsetup.aui"
Tennis Masters Series 2003-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "L:\Program Files\Program Files\setup.exe" -l0x9
The Logo Creator v5-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Ulead GIF Animator 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Unreal Tournament 2004-->L:\Program Files\Program Files\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
VCDEasy-->"C:\Program Files\VCDEasy\unins000.exe"
VDownloader 0.77-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinWay Resume Deluxe-->MsiExec.exe /I{DFACE88E-BFD1-4E1F-AF5C-100C979A12B0}
WriteItNow3-->"C:\Program Files\WriteItNow3\UninstallerData\Uninstall WriteItNow3.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
You Don't Know Jack 6 - The Lost Gold -->C:\PROGRA~1\JELLYV~1\YOUDON~1\Setup.exe /remove
You Don't Know Jack The Ride-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Jack The Ride\Uninst.isu"
YOU DON'T KNOW JACK V1.0-->C:\YDKJV1~1.5(X\uninstal.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Obotinexil] rundll32.exe "C:\WINDOWS\Tzaka.dll",e
O4 - HKLM\..\Run: [Obotinexil] rundll32.exe "C:\WINDOWS\Tzaka.dll",e
O4 - HKLM\..\Run: [Obotinexil] rundll32.exe "C:\WINDOWS\Tzaka.dll",e

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Norton AntiVirus
AV: avast! antivirus 4.8.1296 [VPS 090123-0]

System event log

Computer Name: TYLER-635F62BAD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 1426
Source Name: Service Control Manager
Time Written: 20090110203406.000000-300
Event Type: information
User:

Computer Name: TYLER-635F62BAD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 1425
Source Name: Service Control Manager
Time Written: 20090110203400.000000-300
Event Type: information
User:

Computer Name: TYLER-635F62BAD
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 1424
Source Name: Service Control Manager
Time Written: 20090110203400.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TYLER-635F62BAD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 1423
Source Name: Service Control Manager
Time Written: 20090110200959.000000-300
Event Type: information
User:

Computer Name: TYLER-635F62BAD
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 1422
Source Name: Service Control Manager
Time Written: 20090110200953.000000-300
Event Type: information
User:

Application event log

Computer Name: TYLER-635F62BAD
Event Code: 0
Message:
Record Number: 273
Source Name: Viewpoint Manager Service
Time Written: 20090109124514.000000-300
Event Type: information
User:

Computer Name: TYLER-635F62BAD
Event Code: 105
Message: The service was started.

Record Number: 272
Source Name: ATI Smart
Time Written: 20090109124510.000000-300
Event Type: information
User:

Computer Name: TYLER-635F62BAD
Event Code: 37
Message:
Record Number: 271
Source Name: Norton AntiVirus
Time Written: 20090109124219.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TYLER-635F62BAD
Event Code: 36
Message:
Record Number: 270
Source Name: Norton AntiVirus
Time Written: 20090109124217.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TYLER-635F62BAD
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 269
Source Name: Winlogon
Time Written: 20090109124154.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------


"Log"

Logfile of random's system information tool 1.05 (written by random/random)
Run by Tyler at 2009-01-23 13:24:57
Microsoft Windows XP Professional Service Pack 3, v.5657
System drive C: has 19 GB (14%) free of 131 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:08 PM, on 1/23/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tyler.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1343024091-2077806209-682003330-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11529 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2008-06-24 136472]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2008-06-24 904768]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2007-12-01 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
L:\Program Files\Program Files\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
L:\Program Files\Program Files\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-09-06 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager]
C:\WINDOWS\system32\wltray.exe [2007-06-14 1282048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2008-06-24 1325848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-13 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intense Registry Service]
IntEdReg.exe /CHECK []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsf8uiw3jnjgffght]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
C:\Program Files\Messenger\msmsgs.exe [2007-12-01 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Obotinexil]
r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2004-10-11 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2008-06-24 136472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-09 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-19 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tezrtsjhfr84iusjfo84f]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
C:\PROGRA~1\DYNEXG~1\DYNEXW~1.EXE [2007-09-20 1458176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-25 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-01-09 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\GAMES\Warcraft III\Warcraft III.exe"="F:\GAMES\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GAMES\Quake III Arena\Quake3\quake3.exe"="C:\Program Files\GAMES\Quake III Arena\Quake3\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\AIM-Old\aim.exe"="C:\AIM-Old\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\AIM\aim.exe"="C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - wd_windows_tools\setup.exe


======File associations======

.js - open - "L:\Program Files\Program Files\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-01-23 13:24:57 ----D---- C:\rsit
2009-01-23 01:11:28 ----D---- C:\WINDOWS\LastGood
2009-01-22 23:44:47 ----HDC---- C:\WINDOWS\ie7
2009-01-22 23:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-22 23:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-01-20 11:44:45 ----D---- C:\WINDOWS\ie8updates
2009-01-19 17:47:21 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-01-19 16:18:44 ----A---- C:\WINDOWS\imsins.BAK
2009-01-19 14:05:02 ----D---- C:\Program Files\Rosetta Stone - German I & 2
2009-01-19 02:07:15 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2009-01-19 00:46:18 ----A---- C:\WINDOWS\system32\LMRTREND.dll
2009-01-19 00:46:16 ----A---- C:\WINDOWS\system32\dxtmsft3.dll
2009-01-19 00:46:10 ----A---- C:\WINDOWS\system32\unam4ie.exe
2009-01-19 00:46:08 ----A---- C:\WINDOWS\system32\vidx16.dll
2009-01-19 00:46:08 ----A---- C:\WINDOWS\system32\qcut.dll
2009-01-19 00:46:03 ----A---- C:\WINDOWS\system32\w95inf32.dll
2009-01-19 00:46:03 ----A---- C:\WINDOWS\system32\w95inf16.dll
2009-01-19 00:45:30 ----D---- C:\TELL ME MORE SI
2009-01-19 00:33:24 ----A---- C:\WINDOWS\err.txt
2009-01-19 00:24:32 ----D---- C:\Program Files\Intense Language Office
2009-01-19 00:10:44 ----D---- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
2009-01-19 00:10:34 ----D---- C:\Documents and Settings\All Users\Application Data\Broderbund Software
2009-01-19 00:10:30 ----A---- C:\WINDOWS\wplog.txt
2009-01-19 00:10:26 ----D---- C:\Program Files\Web Publish
2009-01-19 00:06:26 ----D---- C:\Program Files\Common Files\Broderbund
2009-01-18 23:22:23 ----A---- C:\WINDOWS\TLC.INI
2009-01-18 23:10:24 ----D---- C:\Documents and Settings\Tyler\Application Data\Cambridge
2009-01-18 23:09:55 ----A---- C:\WINDOWS\TEXTware.ini
2009-01-18 23:09:48 ----A---- C:\WINDOWS\system32\textwareilluminatorbaseProtocol.dll
2009-01-18 23:09:48 ----A---- C:\WINDOWS\system32\bass.dll
2009-01-18 23:09:47 ----A---- C:\WINDOWS\system32\Twavbx32.dll
2009-01-18 23:09:47 ----A---- C:\WINDOWS\system32\TWAIED02.DLL
2009-01-18 23:09:47 ----A---- C:\WINDOWS\system32\TwaBcu01.dll
2009-01-18 23:09:47 ----A---- C:\WINDOWS\system32\polspell.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\ltkrn10N.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\ltimg10N.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\ltfil10N.DLL
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\LTDIS10N.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\lfpng10N.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\LFCMP10N.DLL
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\lfbmp10N.dll
2009-01-18 23:09:46 ----A---- C:\WINDOWS\system32\ILXTBS.DLL
2009-01-18 23:09:45 ----A---- C:\WINDOWS\system32\Illprs.dll
2009-01-18 23:09:45 ----A---- C:\WINDOWS\system32\ILLKRN.DLL
2009-01-18 23:09:42 ----D---- C:\Program Files\TEXTware
2009-01-18 23:04:46 ----D---- C:\Program Files\Cambridge
2009-01-18 21:19:03 ----D---- C:\DeusEx
2009-01-18 16:45:16 ----D---- C:\Documents and Settings\Tyler\Application Data\Absolutist.com
2009-01-18 16:30:54 ----D---- C:\Program Files\Checkers
2009-01-18 16:21:59 ----D---- C:\Program Files\Novel Games
2009-01-18 16:12:41 ----D---- C:\Program Files\Magicwand
2009-01-18 15:05:02 ----HD---- C:\WINDOWS\PIF
2009-01-18 02:52:04 ----D---- C:\Program Files\Common Files\Download Manager
2009-01-15 21:51:36 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-15 02:58:18 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-01-15 02:45:33 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-01-15 02:24:03 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-01-15 02:24:03 ----RA---- C:\WINDOWS\system32\AdobePDF.dll
2009-01-15 02:08:16 ----D---- C:\Program Files\Adobe Media Player
2009-01-15 02:05:43 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-15 01:43:32 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-01-14 22:13:15 ----D---- C:\Documents and Settings\Tyler\Application Data\Corel
2009-01-14 22:10:46 ----D---- C:\Program Files\Corel
2009-01-14 22:10:46 ----D---- C:\Program Files\Common Files\Corel
2009-01-14 21:43:06 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2009-01-14 20:25:53 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-01-14 15:21:57 ----A---- C:\WINDOWS\~GLC0007.TMP
2009-01-14 15:20:16 ----A---- C:\WINDOWS\~GLC0006.TMP
2009-01-14 15:18:11 ----A---- C:\WINDOWS\~GLC0005.TMP
2009-01-14 15:16:00 ----A---- C:\WINDOWS\~GLC0004.TMP
2009-01-14 14:52:03 ----D---- C:\YDKJ V1.5 (XL)
2009-01-14 11:57:23 ----D---- C:\Program Files\ChordWizard Gold 2.0
2009-01-14 03:22:22 ----SHD---- C:\WINDOWS\ftpcache
2009-01-14 03:07:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 03:06:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-14 02:51:33 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2009-01-14 02:49:29 ----A---- C:\WINDOWS\CoD.INI
2009-01-14 02:34:09 ----A---- C:\WINDOWS\uninst.exe
2009-01-14 02:24:52 ----D---- C:\Documents and Settings\Tyler\Application Data\Quark
2009-01-14 02:23:47 ----D---- C:\WINDOWS\system32\QuickTime
2009-01-14 02:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Quark
2009-01-14 02:05:27 ----D---- C:\Program Files\War Chess
2009-01-14 01:26:11 ----D---- C:\Program Files\D'Accord Music Software
2009-01-13 12:57:11 ----D---- C:\Program Files\High-Logic
2009-01-13 12:57:11 ----D---- C:\Documents and Settings\Tyler\Application Data\FontCreator
2009-01-13 04:12:25 ----D---- C:\Program Files\Common Files\SWF Studio
2009-01-13 04:09:49 ----D---- C:\Program Files\Jellyvision
2009-01-13 03:51:17 ----D---- C:\Program Files\ChordWizard Songtrix Gold 3.0
2009-01-13 03:23:02 ----D---- C:\Program Files\ChordWizard Music Theory 3.0
2009-01-13 03:22:24 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-01-13 03:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-13 03:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-13 03:13:15 ----D---- C:\Documents and Settings\Tyler\Application Data\Thinstall
2009-01-13 03:01:23 ----D---- C:\Program Files\MSXML 4.0
2009-01-13 02:45:12 ----D---- C:\Program Files\Winamp
2009-01-13 02:45:12 ----D---- C:\Documents and Settings\Tyler\Application Data\Winamp
2009-01-13 01:55:48 ----N---- C:\WINDOWS\snymsico.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\trc.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\StrmOut.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdYsys.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdSptSvps.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdSptSv.exe
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdSpi.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdShlex.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdMSCom.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\ICDFConv.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\IcdCdda.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\dsp_trc.dll
2009-01-13 01:55:17 ----A---- C:\WINDOWS\system32\DSConv.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\spicc.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\spc.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\rcnv2.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\LPEC.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\IcdXa.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\ICDUSB2.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\ICDUSB.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\IcdStor2.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\IcdShare.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\IcdSConv.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\icdcomm2.dll
2009-01-13 01:55:16 ----A---- C:\WINDOWS\system32\icdcomm.dll
2009-01-13 01:55:08 ----D---- C:\Program Files\SONY
2009-01-13 01:53:04 ----D---- C:\Program Files\Summitsoft.Logo.Design.Studio.v3.5
2009-01-13 01:50:36 ----D---- C:\Documents and Settings\Tyler\Application Data\Summitsoft
2009-01-13 01:48:11 ----D---- C:\Documents and Settings\Tyler\Application Data\VCDEasy
2009-01-13 01:47:50 ----D---- C:\Program Files\VCDEasy
2009-01-13 01:42:58 ----D---- C:\Program Files\Common Files\Digidesign
2009-01-13 01:42:57 ----D---- C:\Program Files\Antares Audio Technologies
2009-01-13 01:42:30 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-01-13 01:39:19 ----D---- C:\Program Files\ASIO4ALL v2
2009-01-13 01:37:35 ----D---- C:\Program Files\VstPlugins
2009-01-13 01:37:35 ----A---- C:\WINDOWS\system32\rewire.dll
2009-01-13 01:37:01 ----D---- C:\Program Files\Outsim
2009-01-13 01:35:36 ----D---- C:\Program Files\Image-Line
2009-01-13 00:53:14 ----A---- C:\WINDOWS\unvise32.exe
2009-01-13 00:52:13 ----D---- C:\Program Files\The Logo Creator v5
2009-01-13 00:44:07 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-01-13 00:43:01 ----D---- C:\Program Files\Adobe
2009-01-13 00:43:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-13 00:35:00 ----A---- C:\WINDOWS\system32\muweb.dll
2009-01-13 00:35:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-01-13 00:34:59 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-01-13 00:32:10 ----D---- C:\Documents and Settings\Tyler\Application Data\Aim
2009-01-13 00:31:52 ----D---- C:\AIM-Old
2009-01-13 00:13:49 ----A---- C:\WINDOWS\~GLH0000.TMP
2009-01-13 00:13:47 ----A---- C:\WINDOWS\~GLC0001.TMP
2009-01-13 00:08:05 ----A---- C:\WINDOWS\~GLC0000.TMP
2009-01-13 00:06:20 ----A---- C:\WINDOWS\~GLC0002.TMP
2009-01-12 22:59:55 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-12 22:55:21 ----D---- C:\Program Files\Smart Projects
2009-01-12 21:59:48 ----D---- C:\Program Files\Microsoft
2009-01-12 21:59:14 ----D---- C:\Program Files\Windows Live SkyDrive
2009-01-12 21:58:39 ----D---- C:\Program Files\Windows Live
2009-01-12 21:50:49 ----D---- C:\Program Files\Common Files\Windows Live
2009-01-12 18:10:18 ----D---- C:\SIERRA
2009-01-12 18:10:18 ----D---- C:\Program Files\Sierra On-Line
2009-01-12 11:27:31 ----A---- C:\WINDOWS\UNWISE.EXE
2009-01-12 11:27:26 ----D---- C:\YDKJ
2009-01-12 01:19:55 ----D---- C:\Documents and Settings\Tyler\Application Data\ArcSoft
2009-01-12 00:42:56 ----D---- C:\Documents and Settings\Tyler\Application Data\Help
2009-01-12 00:35:26 ----D---- C:\Documents and Settings\Tyler\Application Data\MixMeister Technology
2009-01-12 00:31:04 ----D---- C:\Program Files\MixMeister Fusion 7.2.2
2009-01-11 23:56:46 ----D---- C:\Program Files\Guitar Pro 5
2009-01-11 23:02:37 ----A---- C:\WINDOWS\demdata.txt
2009-01-11 22:51:25 ----D---- C:\Program Files\Garritan Instruments for Finale
2009-01-11 22:51:21 ----D---- C:\Program Files\Kontakt Player 2
2009-01-11 22:47:56 ----D---- C:\Program Files\Finale 2008
2009-01-11 22:09:27 ----A---- C:\WINDOWS\Pool3DWin.ini
2009-01-11 21:30:37 ----D---- C:\Documents and Settings\Tyler\Application Data\Ulead Systems
2009-01-11 21:28:55 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-11 21:28:50 ----D---- C:\Documents and Settings\All Users\Application Data\InterVideo
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-01-11 21:28:49 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-01-11 21:27:59 ----D---- C:\Program Files\Windows Media Components
2009-01-11 21:27:09 ----D---- C:\Program Files\Common Files\Ulead Systems
2009-01-11 21:27:09 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2009-01-11 20:13:32 ----D---- C:\Documents and Settings\Tyler\Application Data\fretsonfire
2009-01-11 16:52:14 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-01-11 16:52:13 ----D---- C:\Documents and Settings\Tyler\Application Data\Roxio
2009-01-11 16:51:43 ----D---- C:\Program Files\InterActual
2009-01-11 16:33:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2009-01-11 16:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2009-01-11 16:27:04 ----D---- C:\WINDOWS\RegisteredPackages
2009-01-11 16:25:18 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-01-11 16:25:00 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-01-11 16:24:47 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2009-01-11 16:24:46 ----D---- C:\Program Files\SmartSound Software
2009-01-11 16:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-11 16:24:22 ----D---- C:\Program Files\Roxio
2009-01-11 16:23:21 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-01-11 16:23:20 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-01-11 16:23:18 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-01-11 16:22:01 ----D---- C:\WINDOWS\system32\URTTEMP
2009-01-11 15:12:05 ----D---- C:\Documents and Settings\Tyler\Application Data\WinWay
2009-01-11 15:11:17 ----D---- C:\Program Files\WinWay Resume
2009-01-11 14:01:25 ----D---- C:\Program Files\Power Tab Software
2009-01-11 13:56:07 ----D---- C:\PSFONTS
2009-01-11 13:55:55 ----D---- C:\Program Files\Finale NotePad 2008
2009-01-11 13:49:59 ----D---- C:\Program Files\Common Files\Macromedia Shared
2009-01-11 13:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-01-11 13:49:02 ----D---- C:\Program Files\Macromedia
2009-01-11 03:54:19 ----D---- C:\Documents and Settings\Tyler\Application Data\Media Player Classic
2009-01-11 03:54:01 ----A---- C:\Program Files\mplayerc.exe
2009-01-11 03:38:26 ----D---- C:\Documents and Settings\Tyler\Application Data\Ahead
2009-01-11 03:37:22 ----D---- C:\Program Files\Nero
2009-01-11 03:37:22 ----D---- C:\Program Files\Common Files\Ahead
2009-01-11 03:30:39 ----A---- C:\WINDOWS\GPInstall.exe
2009-01-11 03:27:29 ----D---- C:\Program Files\EasyChord
2009-01-11 00:57:03 ----D---- C:\Program Files\ArtOfIllusion
2009-01-11 00:27:38 ----D---- C:\Documents and Settings\Tyler\Application Data\Individual Software
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Vb5db.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Olemsg32.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Odbctl32.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Msrepl35.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Msrd2x35.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Msjter35.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Msjint35.dll
2009-01-11 00:26:25 ----A---- C:\WINDOWS\system32\Msjet35.dll
2009-01-11 00:26:24 ----D---- C:\Program Files\ResumeMaker
2009-01-11 00:26:24 ----D---- C:\Documents and Settings\All Users\Application Data\Individual Software
2009-01-11 00:17:50 ----D---- C:\Program Files\Common Files\Adobe
2009-01-11 00:15:23 ----D---- C:\WINDOWS\system32\Color
2009-01-11 00:15:23 ----D---- C:\Program Files\Quark
2009-01-10 23:32:19 ----D---- C:\Program Files\PowerISO
2009-01-10 23:21:20 ----D---- C:\Program Files\Magic Calendar Maker
2009-01-10 23:12:05 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-01-10 23:09:54 ----D---- C:\Documents and Settings\Tyler\Application Data\Google
2009-01-10 23:08:48 ----D---- C:\Program Files\Google
2009-01-10 23:02:49 ----D---- C:\Fonts (OLD)
2009-01-10 22:44:34 ----D---- C:\Program Files\Guitar Calculator Pro
2009-01-10 22:23:47 ----D---- C:\Program Files\Project64 v1.5
2009-01-10 22:23:31 ----A---- C:\Program Files\Project64 1.5(N64 EMULATOR).exe
2009-01-10 22:21:33 ----A---- C:\Program Files\Neave Pac-Man.exe
2009-01-10 22:20:55 ----A---- C:\Program Files\NovaChess.exe
2009-01-10 22:04:22 ----A---- C:\WINDOWS\ULEAD32.INI
2009-01-10 22:04:19 ----D---- C:\Program Files\Ulead Systems
2009-01-10 22:04:19 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-01-10 22:04:19 ----A---- C:\WINDOWS\system32\INETWH32.dll
2009-01-10 21:58:55 ----D---- C:\Program Files\chess_it3
2009-01-10 21:20:03 ----D---- C:\Program Files\Xilisoft
2009-01-10 20:11:03 ----D---- C:\Papyrus
2009-01-10 19:51:57 ----A---- C:\WINDOWS\Sierra.ini
2009-01-10 19:33:40 ----D---- C:\Program Files\ImTOO
2009-01-10 19:19:55 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2009-01-10 19:19:55 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2009-01-10 19:19:55 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2009-01-10 19:19:55 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2009-01-10 19:19:55 ----RA---- C:\WINDOWS\system32\lvci1110.dll
2009-01-10 19:19:54 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-10 19:15:58 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-01-10 19:15:55 ----D---- C:\Program Files\Logitech
2009-01-10 19:15:55 ----D---- C:\Program Files\Common Files\LogiShrd
2009-01-10 19:14:58 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-01-10 19:06:23 ----A---- C:\WINDOWS\system32\wltrysvc.exe
2009-01-10 19:06:23 ----A---- C:\WINDOWS\system32\wltrynt.dll
2009-01-10 19:06:23 ----A---- C:\WINDOWS\system32\wltray.exe
2009-01-10 19:06:23 ----A---- C:\WINDOWS\system32\preflib.dll
2009-01-10 19:06:23 ----A---- C:\WINDOWS\system32\ATL71.DLL
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\bcmwlu00.exe
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\bcmwltry.exe
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\bcmwlpkt.dll
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\bcmwliss.dll
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\BCMLogon.dll
2009-01-10 19:06:22 ----A---- C:\WINDOWS\system32\bcm1xsup.dll
2009-01-10 19:06:21 ----D---- C:\Program Files\Dynex G USB Network Adapter
2009-01-10 19:05:01 ----D---- C:\Documents and Settings\Tyler\Application Data\InstallShield
2009-01-10 18:59:21 ----D---- C:\Documents and Settings\Tyler\Application Data\Leadertech
2009-01-10 18:59:18 ----D---- C:\EPSONREG
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-01-10 18:57:02 ----A---- C:\WINDOWS\system32\EpPicMgr.dll
2009-01-10 18:56:19 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-01-10 18:56:15 ----A---- C:\WINDOWS\system32\EAL32.INI
2009-01-10 18:56:15 ----A---- C:\WINDOWS\system32\EAL32.DLL
2009-01-10 18:56:15 ----A---- C:\WINDOWS\system32\EAL.EXE
2009-01-10 18:56:15 ----A---- C:\WINDOWS\system32\E_FLBBVA.DLL
2009-01-10 18:56:15 ----A---- C:\WINDOWS\system32\E_FD4BBVA.DLL
2009-01-10 18:55:48 ----D---- C:\Program Files\epson
2009-01-10 18:55:47 ----A---- C:\WINDOWS\system32\escwiad.dll
2009-01-10 18:55:29 ----A---- C:\WINDOWS\EP_CX5000.ini
2009-01-10 17:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-10 17:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-10 17:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-10 17:23:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-10 17:22:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-10 17:22:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-10 17:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-10 17:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-10 17:20:27 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-10 17:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-10 17:19:52 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-10 17:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-10 17:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-10 17:19:11 ----D---- C:\WINDOWS\ie7updates
2009-01-10 17:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-10 17:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-10 17:18:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-10 17:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-10 17:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-10 17:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-10 17:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-10 17:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-10 17:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-10 17:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-10 17:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-10 17:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-10 14:05:10 ----A---- C:\WINDOWS\wininit.ini
2009-01-10 12:04:46 ----D---- C:\Documents and Settings\Tyler\Application Data\Ratbag
2009-01-10 12:01:58 ----N---- C:\WINDOWS\Setup1.exe
2009-01-10 12:01:58 ----A---- C:\WINDOWS\ST6UNST.EXE
2009-01-10 02:56:29 ----D---- C:\Program Files\Realore
2009-01-10 02:50:33 ----D---- C:\Documents and Settings\Tyler\Application Data\foobar2000
2009-01-10 02:50:25 ----D---- C:\Program Files\foobar2000
2009-01-10 02:47:10 ----D---- C:\Program Files\GlobFX
2009-01-10 00:56:13 ----A---- C:\WINDOWS\SCWRITER.INI
2009-01-10 00:45:40 ----D---- C:\Documents and Settings\Tyler\Application Data\ImgBurn
2009-01-10 00:38:10 ----D---- C:\Program Files\Microsoft Reader
2009-01-10 00:38:10 ----A---- C:\WINDOWS\DASShp.dll
2009-01-10 00:33:57 ----A---- C:\WINDOWS\piano.ini
2009-01-09 23:22:32 ----A---- C:\WINDOWS\WB.ini
2009-01-09 21:47:37 ----D---- C:\Program Files\WriteItNow3
2009-01-09 21:46:57 ----HD---- C:\Program Files\Zero G Registry
2009-01-09 21:35:53 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-09 20:45:00 ----D---- C:\Program Files\MagicISO
2009-01-09 20:39:07 ----A---- C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
2009-01-09 20:38:32 ----D---- C:\Program Files\Easy Avi Divx Xvid to DVD Burner
2009-01-09 19:48:10 ----A---- C:\WINDOWS\cdplayer.ini
2009-01-09 19:47:37 ----D---- C:\audiograbber
2009-01-09 19:23:07 ----A---- C:\lame_enc.dll
2009-01-09 19:20:55 ----D---- C:\Program Files\Audacity
2009-01-09 17:41:06 ----D---- C:\Program Files\Animated GIF producer 3.0.1 TRIAL
2009-01-09 15:00:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-09 14:52:53 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-09 14:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-09 14:04:22 ----A---- C:\WINDOWS\system32\MFC71.DLL
2009-01-09 14:04:22 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-01-09 14:04:20 ----D---- C:\Program Files\Alwil Software
2009-01-09 13:58:20 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-09 13:58:17 ----D---- C:\Program Files\Reference Assemblies
2009-01-09 13:57:53 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-01-09 13:15:59 ----D---- C:\Documents and Settings\Tyler\Application Data\Malwarebytes
2009-01-09 13:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-09 13:15:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-09 12:39:30 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-01-09 12:38:05 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-01-09 12:37:53 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-01-09 02:41:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-09 02:41:32 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-09 02:41:32 ----D---- C:\Documents and Settings\Tyler\Application Data\SUPERAntiSpyware.com
2009-01-09 02:40:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-09 02:26:15 ----D---- C:\Program Files\Exact Audio Copy
2009-01-09 02:23:45 ----D---- C:\Documents and Settings\Tyler\Application Data\vlc
2009-01-09 02:19:29 ----D---- C:\Program Files\VideoLAN
2009-01-09 01:58:59 ----D---- C:\Program Files\Tulipsoft
2009-01-09 01:56:52 ----D---- C:\Program Files\AV Vcs 6.0 DIAMOND
2009-01-09 01:51:52 ----D---- C:\Documents and Settings\Tyler\Application Data\Aurora Web Editor
2009-01-09 01:50:58 ----D---- C:\Program Files\Multimedia Australia
2009-01-09 01:44:41 ----RSD---- C:\WINDOWS\assembly
2009-01-09 01:44:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-09 01:41:28 ----D---- C:\Program Files\Acoustica MP3 Audio Mixer
2009-01-09 01:38:35 ----A---- C:\WINDOWS\system32\Wnaspint.dll
2009-01-09 01:38:33 ----D---- C:\Program Files\Acoustica Shared Effects
2009-01-09 01:38:32 ----D---- C:\Documents and Settings\All Users\Application Data\Acoustica
2009-01-09 01:38:19 ----D---- C:\Program Files\Acoustica Mixcraft 4
2009-01-09 01:35:19 ----D---- C:\Documents and Settings\Tyler\Application Data\Acoustica
2009-01-09 01:35:16 ----D---- C:\Program Files\Acoustica CD Label Maker
2009-01-09 01:16:12 ----A---- C:\WINDOWS\system32\wbsys.dll
2009-01-09 01:16:11 ----D---- C:\Program Files\Stardock
2009-01-09 01:13:43 ----D---- C:\Documents and Settings\Tyler\Application Data\WinRAR
2009-01-09 01:13:15 ----D---- C:\Program Files\WinRAR
2009-01-09 01:04:40 ----D---- C:\Program Files\Alcohol Soft
2009-01-09 00:55:26 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-09 00:55:23 ----D---- C:\Program Files\DivX
2009-01-09 00:18:42 ----A---- C:\Documents and Settings\Tyler\Application Data\inst.exe
2009-01-09 00:18:41 ----D---- C:\Documents and Settings\Tyler\Application Data\Vso
2009-01-09 00:18:37 ----D---- C:\Program Files\DVDFab 5
2009-01-09 00:15:48 ----D---- C:\WINDOWS\Sun
2009-01-09 00:15:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-09 00:15:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-09 00:15:35 ----A---- C:\WINDOWS\system32\java.exe
2009-01-09 00:15:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-09 00:15:27 ----D---- C:\Program Files\Java
2009-01-09 00:14:24 ----D---- C:\Documents and Settings\Tyler\Application Data\Sun
2009-01-09 00:12:47 ----D---- C:\Program Files\Flash Movie Player
2009-01-09 00:11:00 ----D---- C:\Program Files\Drug Lord 2
2009-01-09 00:07:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-09 00:07:50 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-01-09 00:07:48 ----D---- C:\Program Files\Registry Mechanic
2009-01-09 00:03:17 ----D---- C:\Program Files\vanBasco's Karaoke Player
2009-01-08 23:50:37 ----D---- C:\Program Files\Trend Micro
2009-01-08 23:49:09 ----D---- C:\VundoFix Backups
2009-01-08 23:49:09 ----A---- C:\VundoFix.txt
2009-01-08 23:48:55 ----A---- C:\Program Files\VundoFix.exe
2009-01-08 23:43:49 ----D---- C:\Program Files\CCleaner
2009-01-08 23:41:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-08 23:41:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 23:35:07 ----D---- C:\Documents and Settings\Tyler\Application Data\Mozilla
2009-01-08 23:35:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-08 23:24:19 ----D---- C:\Program Files\VDOWNLOADER
2009-01-08 23:08:32 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-01-08 23:07:45 ----D---- C:\Program Files\Microsoft Works
2009-01-08 23:07:40 ----D---- C:\Program Files\MSBuild
2009-01-08 23:07:30 ----D---- C:\Program Files\Microsoft Visual Studio
2009-01-08 23:07:30 ----D---- C:\Program Files\Common Files\DESIGNER
2009-01-08 23:05:28 ----D---- C:\WINDOWS\SHELLNEW
2009-01-08 23:05:11 ----D---- C:\Program Files\Microsoft Office
2009-01-08 23:05:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-08 23:04:59 ----RHD---- C:\MSOCache
2009-01-08 23:02:31 ----D---- C:\IUware Online
2009-01-08 14:36:05 ----D---- C:\Program Files\AFT software
2009-01-08 14:36:00 ----D---- C:\AIM
2009-01-08 14:35:35 ----D---- C:\Program Files\ArcSoft
2009-01-08 14:28:37 ----D---- C:\Program Files\DAMN NFO Viewer
2009-01-08 14:27:13 ----D---- C:\Program Files\FrankSounds
2009-01-08 14:26:07 ----D---- C:\Program Files\GAMES
2009-01-08 14:25:59 ----D---- C:\Program Files\Guitar Scales Method
2009-01-08 14:25:29 ----D---- C:\Program Files\HighwayPursuit
2009-01-08 14:24:49 ----D---- C:\Program Files\ImgBurn
2009-01-08 14:23:31 ----D---- C:\Program Files\Kaleidoscope Mahjongg
2009-01-08 14:23:18 ----D---- C:\Program Files\Checkers 1.3
2009-01-08 14:23:07 ----D---- C:\Program Files\Metronome - Light Edition
2009-01-08 14:22:14 ----D---- C:\Program Files\Midnight Pool 3D
2009-01-08 14:19:56 ----D---- C:\Program Files\sgcfinder5
2009-01-08 14:19:56 ----D---- C:\Program Files\SF2
2009-01-08 14:19:54 ----D---- C:\Program Files\SmartMusic
2009-01-08 14:19:50 ----D---- C:\Program Files\Sonic Foundry
2009-01-08 14:17:50 ----D---- C:\Program Files\DOSBox-0.63
2009-01-08 14:17:35 ----D---- C:\Program Files\WinBoard
2009-01-08 14:17:32 ----D---- C:\Program Files\WINPIANO
2009-01-08 14:13:00 ----D---- C:\This Bird Has Flown_ A 40th Anniversary Tribute to the Beatles' Rubber Soul
2009-01-08 14:06:10 ----D---- C:\Beavis And Butthead Clips
2009-01-08 14:06:08 ----D---- C:\Totally_Michael-Totally_Michael-2008-RTB
2009-01-08 14:05:50 ----D---- C:\ResumeMaker
2009-01-08 14:00:28 ----D---- C:\Neo Sonic Universe
2009-01-08 14:00:27 ----D---- C:\Midnight Pool 3D
2009-01-08 14:00:27 ----D---- C:\Max Payne Savegames
2009-01-08 14:00:27 ----D---- C:\libmp3lame-3.97
2009-01-08 13:59:32 ----D---- C:\Hinder - Far From Close
2009-01-08 13:59:28 ----D---- C:\Greenskeepers_-_Pleetch_(CMCCD110)-CD-2004-EMP
2009-01-08 13:59:27 ----D---- C:\Greenskeepers - Fingerblasting Vinyl
2009-01-08 13:59:27 ----D---- C:\filelib
2009-01-08 13:39:17 ----D---- C:\ACDC BL@©K ICE +++ © @ (320 Kb)
2009-01-08 13:35:44 ----D---- C:\(F) Music Videos
2009-01-08 13:35:40 ----D---- C:\Learning Office XP
2009-01-08 13:31:44 ----D---- C:\GTA Vice City User Files
2009-01-08 13:31:43 ----RD---- C:\Favorites
2009-01-08 13:31:41 ----D---- C:\My Library
2009-01-08 13:31:41 ----D---- C:\Manhunt User Files
2009-01-08 13:31:41 ----D---- C:\ICD-P210_Tyler
2009-01-08 00:07:16 ----D---- C:\Documents and Settings\Tyler\Application Data\acccore
2009-01-08 00:06:50 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-08 00:06:49 ----D---- C:\Program Files\Viewpoint
2009-01-08 00:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-01-08 00:06:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-01-08 00:06:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-01-08 00:06:30 ----D---- C:\Program Files\Common Files\AOL
2009-01-08 00:06:21 ----D---- C:\Program Files\AIM6
2009-01-07 22:55:41 ----D---- C:\Documents and Settings\Tyler\Application Data\Adobe
2009-01-07 22:17:10 ----D---- C:\Documents and Settings\Tyler\Application Data\Macromedia
2009-01-07 22:09:27 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-07 22:09:25 ----D---- C:\Program Files\Yahoo!
2009-01-07 19:54:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-07 14:40:53 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2009-01-07 14:40:35 ----D---- C:\Program Files\Seagate
2009-01-07 14:40:35 ----D---- C:\Program Files\Common Files\Seagate
2009-01-07 14:27:55 ----D---- C:\WINDOWS\WBEM
2009-01-07 14:26:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-07 14:26:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-07 14:26:36 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-07 14:26:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-07 14:26:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-07 14:08:13 ----A---- C:\WINDOWS\system32\ulutil2.dll
2009-01-07 14:05:46 ----RA---- C:\WINDOWS\system32\ptipbm.dll
2009-01-07 13:08:00 ----SHD---- C:\RECYCLER
2009-01-07 13:02:14 ----D---- C:\WINDOWS\pss
2009-01-07 12:30:51 ----D---- C:\WINDOWS\SATA Card
2009-01-07 12:30:51 ----D---- C:\Tyler
2009-01-07 11:56:39 ----D---- C:\WINDOWS\system32\Defaults
2009-01-07 11:56:14 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-01-07 11:56:14 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-01-07 11:56:11 ----D---- C:\Documents and Settings\Tyler\Application Data\Creative
2009-01-07 11:56:05 ----D---- C:\WINDOWS\system32\Data
2009-01-07 11:56:05 ----D---- C:\Program Files\Creative
2009-01-07 11:56:05 ----A---- C:\WINDOWS\system32\instwdm.ini
2009-01-07 11:56:05 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-01-07 11:56:05 ----A---- C:\WINDOWS\INRES.DLL
2009-01-07 11:56:05 ----A---- C:\WINDOWS\CTXFIRES.DLL
2009-01-07 11:56:05 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-01-07 11:53:16 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-07 11:53:12 ----A---- C:\WINDOWS\system32\UnAudioNT.dll
2009-01-07 11:53:11 ----D---- C:\Program Files\VIAudioi
2009-01-07 11:53:03 ----A---- C:\WINDOWS\IsUninst.exe
2009-01-07 11:50:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-07 11:49:42 ----N---- C:\WINDOWS\system32\difxapi.dll
2009-01-07 11:49:42 ----D---- C:\Program Files\VIA
2009-01-07 11:46:26 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-01-07 11:46:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-07 11:46:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-07 11:45:41 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-07 11:45:36 ----D---- C:\ATI
2009-01-07 11:30:22 ----D---- C:\Documents and Settings\Tyler\Application Data\Identities
2009-01-07 11:30:21 ----HD---- C:\Program Files\Uninstall Information
2009-01-07 11:30:16 ----SD---- C:\Documents and Settings\Tyler\Application Data\Microsoft
2009-01-07 11:30:16 ----ASH---- C:\Documents and Settings\Tyler\Application Data\desktop.ini
2009-01-07 11:27:29 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-07 11:27:28 ----D---- C:\WINDOWS\Prefetch
2009-01-07 11:27:27 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-07 11:27:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 10:45:46 ----D---- C:\WINDOWS\system32\xircom
2009-01-07 10:45:46 ----D---- C:\Program Files\xerox
2009-01-07 10:45:46 ----D---- C:\Program Files\microsoft frontpage
2009-01-07 10:45:29 ----A---- C:\WINDOWS\control.ini
2009-01-07 10:45:29 ----A---- C:\AUTOEXEC.BAT
2009-01-07 10:45:11 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-07 10:44:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-07 10:44:26 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-07 10:44:26 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-07 10:44:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-07 10:44:17 ----HD---- C:\Program Files\WindowsUpdate
2009-01-07 10:43:59 ----D---- C:\WINDOWS\system32\DirectX
2009-01-07 10:43:54 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-07 10:43:52 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-07 10:43:52 ----A---- C:\WINDOWS\desktop.ini
2009-01-07 10:43:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-07 10:43:45 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-07 10:43:44 ----D---- C:\Program Files\Common Files\Services
2009-01-07 10:43:42 ----SD---- C:\WINDOWS\Tasks
2009-01-07 10:43:42 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-07 10:43:41 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-07 10:43:38 ----D---- C:\WINDOWS\system32\Macromed
2009-01-07 10:43:38 ----D---- C:\WINDOWS\srchasst
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-07 10:43:35 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-07 10:43:34 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-07 10:43:34 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-07 10:43:34 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-07 10:43:34 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-07 10:43:34 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-07 10:43:31 ----D---- C:\Program Files\Movie Maker
2009-01-07 10:43:15 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-07 10:43:15 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-07 10:43:15 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-07 10:43:15 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-07 10:43:13 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-01-07 10:43:13 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-07 10:43:12 ----D---- C:\WINDOWS\system32\Restore
2009-01-07 10:43:12 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-07 10:43:12 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-07 10:43:12 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-07 10:43:11 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-07 10:43:09 ----D---- C:\Program Files\NetMeeting
2009-01-07 10:43:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-07 10:43:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-07 10:43:08 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-07 10:43:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-07 10:43:06 ----D---- C:\Program Files\Outlook Express
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-07 10:43:06 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-07 10:43:00 ----D---- C:\Program Files\Common Files\System
2009-01-07 10:42:56 ----D---- C:\Program Files\Internet Explorer
2009-01-07 10:42:25 ----D---- C:\Program Files\ComPlus Applications
2009-01-07 10:42:24 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-07 10:42:24 ----A---- C:\WINDOWS\vb.ini
2009-01-07 10:42:20 ----D---- C:\WINDOWS\Registration
2009-01-07 10:42:14 ----D---- C:\Program Files\Windows Media Player
2009-01-07 10:42:14 ----D---- C:\Program Files\Online Services
2009-01-07 10:42:07 ----D---- C:\Program Files\Messenger
2009-01-07 10:42:04 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-07 10:42:04 ----A---- C:\WINDOWS\system32\write.exe
2009-01-07 10:41:56 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-07 10:41:56 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-07 10:41:56 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-07 10:41:56 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-07 10:41:56 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-07 10:41:55 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-07 10:41:50 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-07 10:41:50 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-07 10:41:50 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-07 10:41:49 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-07 10:41:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-07 10:41:43 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-07 10:41:34 ----D---- C:\Program Files\MSN
2009-01-07 10:41:33 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-07 10:41:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-07 10:41:32 ----D---- C:\Program Files\Windows NT
2009-01-07 10:41:32 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-07 10:41:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-07 10:41:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-07 10:41:32 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-07 10:41:31 ----D---- C:\WINDOWS\system32\en-US
2009-01-07 10:41:31 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-01-07 10:41:31 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-07 10:41:31 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-07 10:41:30 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-07 10:41:30 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-07 10:41:30 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-07 10:41:30 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-07 10:41:29 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-07 10:41:28 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-07 10:41:28 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-07 10:41:27 ----D---- C:\WINDOWS\system32\Com
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-07 10:41:27 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-07 10:41:26 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-07 10:41:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-07 10:41:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-07 10:41:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-07 10:41:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-07 05:40:09 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-06 20:38:48 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-06 20:37:39 ----SHD---- C:\WINDOWS\Installer
2009-01-06 20:37:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-06 20:37:38 ----D---- C:\Program Files\Common Files\ODBC
2009-01-06 20:37:38 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-06 20:37:36 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-06 20:37:35 ----RD---- C:\Program Files
2009-01-06 20:37:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-06 20:37:35 ----D---- C:\Program Files\Common Files
2009-01-06 20:37:33 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-06 20:37:33 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-06 20:37:33 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-06 20:37:31 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-06 20:37:29 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-06 20:37:28 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-06 20:37:28 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-06 20:37:28 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-06 20:37:28 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-06 20:37:28 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-06 20:37:27 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-06 20:37:26 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-06 20:37:24 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-06 20:37:24 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-06 20:37:24 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-06 20:37:24 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-06 20:37:24 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-06 20:37:22 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-06 20:37:21 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-06 20:37:21 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-01-06 20:37:20 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-06 20:37:13 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-06 20:37:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-06 20:37:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-06 20:36:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-06 20:36:35 ----D---- C:\Documents and Settings
2009-01-06 20:36:34 ----SHD---- C:\System Volume Information
2009-01-06 20:35:55 ----SH---- C:\boot.ini
2009-01-06 20:32:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-06 20:32:32 ----RSD---- C:\WINDOWS\Fonts
2009-01-06 20:32:32 ----RD---- C:\WINDOWS\Web
2009-01-06 20:32:32 ----HD---- C:\WINDOWS\inf
2009-01-06 20:32:32 ----D---- C:\WINDOWS\WinSxS
2009-01-06 20:32:32 ----D---- C:\WINDOWS\twain_32
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Temp
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\wins
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\wbem
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\usmt
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\spool
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\Setup
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\ras
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\oobe
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\npp
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\mui
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\IME
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\icsxml
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\ias
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\export
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\en
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\drivers
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\dhcp
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\config
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\3com_dmi
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\3076
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\2052
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1054
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1042
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1041
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1037
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1033
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1031
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1028
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32\1025
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system32
2009-01-06 20:32:32 ----D---- C:\WINDOWS\system
2009-01-06 20:32:32 ----D---- C:\WINDOWS\security
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Resources
2009-01-06 20:32:32 ----D---- C:\WINDOWS\repair
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Provisioning
2009-01-06 20:32:32 ----D---- C:\WINDOWS\PeerNet
2009-01-06 20:32:32 ----D---- C:\WINDOWS\pchealth
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Network Diagnostic
2009-01-06 20:32:32 ----D---- C:\WINDOWS\mui
2009-01-06 20:32:32 ----D---- C:\WINDOWS\msapps
2009-01-06 20:32:32 ----D---- C:\WINDOWS\msagent
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Media
2009-01-06 20:32:32 ----D---- C:\WINDOWS\L2Schemas
2009-01-06 20:32:32 ----D---- C:\WINDOWS\java
2009-01-06 20:32:32 ----D---- C:\WINDOWS\ime
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Help
2009-01-06 20:32:32 ----D---- C:\WINDOWS\ehome
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Driver Cache
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Debug
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Cursors
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Connection Wizard
2009-01-06 20:32:32 ----D---- C:\WINDOWS\Config
2009-01-06 20:32:32 ----D---- C:\WINDOWS\AppPatch
2009-01-06 20:32:32 ----D---- C:\WINDOWS\addins
2009-01-06 20:32:32 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-01-23 01:16:37 ----A---- C:\WINDOWS\win.ini
2009-01-23 01:16:37 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-07 44384]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-12-01 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-26 2863616]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-07-18 41752]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-12-01 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-09 47360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2007-11-30 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2007-11-30 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-11-30 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-11-30 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-11-30 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-11-30 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-11-30 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 agyu68lv;agyu68lv; C:\WINDOWS\system32\drivers\agyu68lv.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2007-11-30 36224]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2007-11-30 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 gwiopm;gwiopm; \??\C:\Program Files\Unknown Device Identifier\gwiopm.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-11-30 10368]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2007-11-30 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2007-11-30 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2007-11-30 10880]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ndiswdm.sys [2007-08-31 198528]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-07-18 490776]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2007-11-30 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2007-11-30 15232]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2007-11-30 19200]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [2003-01-17 1984]
R01000000 papyjoy;papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [2003-01-17 1856]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-25 520192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-09 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-14 170640]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2007-06-14 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-25 593920]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-13 72704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-15 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-02 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2009-01-11 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


"Rooter"


Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3, v.5657
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Tyler ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 090123-0] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:127 Go (Free:18 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:186 Go (Free:3 Go)
G:\ (Local Disk) - NTFS - Total:298 Go (Free:2 Go)
H:\ (Local Disk) - FAT32 - Total:698 Go (Free:2 Go)
J:\ (Local Disk) - FAT32 - Total:372 Go (Free:3 Go)
K:\ (Local Disk) - FAT32 - Total:111 Go (Free:0 Go)
L:\ (Local Disk) - NTFS - Total:170 Go (Free:6 Go)
M:\ (Local Disk) - NTFS - Total:931 Go (Free:523 Go)
Y:\ (CD or DVD)
Z:\ (USB)

Fri 01/23/2009|13:26

----------------------\\ Search..

----------------------\\ Cracks & Keygens..




C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail.htm
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\dot.gif
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\getacro.gif
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\opamasthead.gif



1 - "C:\Rooter$\Rooter_1.txt" - Fri 01/23/2009|13:31

----------------------\\ Scan completed at 13:31


Thanks,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 23rd, 2009, 6:22 pm

Hi :)

A question, do you recorgnise these files and if so what do they pertain to and do you have more than one user account on your computer ?

C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail.htm
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\dot.gif
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\getacro.gif
C:\DOCUME~1\Tyler\Desktop\Spike's Documents\Information-Facts\Anti-RIAA\FTC Launches Crackdown on Deceptive Junk E-mail_files\opamasthead.gif

Next:

System drive C: has 19 GB (14%) free of 131 GB

The Hard-Drive is just under the recommended free space available of 15%, this will cause problems for any type of system maintenance and will eventually result in system instability. I suggest you uninstall any software applications you do not need to free up space.

Please read this topic pertaining to system maintenance, it will prove of benefit toward keeping your computer both stable and improve performance.

I also advice you carry out the following:

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next:

There is evidance at some point you had Norton AntiVirus installed, to fully check all components have been removed please carry out the following:

Please click HERE and follow the instructions to download and run the norton removal tool for the version you had installed.

Next:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs can be read here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Next:

Note: You will need to use Internet explorer for this scan.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms ?
  • Answer to my file query.
  • ComboFix Log.
  • kaspersky Log.
  • A new HijackThis Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 25th, 2009, 5:07 am

Hi :)

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 25th, 2009, 10:50 pm

Hi, yes I still need help, and yes I understood the directions. My computer is still running pretty well, but I'm still having the same problem with the returning Tzaka/Obotinexil files, and Internet Explorer is still crashing.

First, the files you quoted from the previous scan, those files are just a few web pages that I saved. I think they only showed up on search because they had the word "crack" in them.

As for me only having 14% of my available disk space on C: yes I'm aware of that and I will be freeing up a lot of space in the next few days once I get time to back up some things on my portable hard drive.

I ran the ATF program, and I followed all directions listed. Then I used the Norton Removal program and followed all of the directions with it.

I then ran the ComboFix program, below I will post the log, and then I will post the HJT log.

The only problem I had was with the Kaspersky scan. I let it scan all day yesterday and today, and it only got a 27% of the way through. This could be because I have so many drives, but I noticed it was scanning from some of my other drives, so perhaps it was done with the C:? Anyway, after it had got to 27%, Internet Explorer crashed, so I wasn't able to scan it any further. I don't know how good Kaspersky's online scanner is supposed to be, but I do have Avast and Spybot and they have both found the file I previously mentioned.

At any rate, here is the ComboFix log:

ComboFix 09-01-21.04 - Tyler 2009-01-23 18:34:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1206 [GMT -5:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Tyler\Application Data\inst.exe
K:\Autorun.inf
l:\recycler\desktop.ini

----- BITS: Possible infected sites -----

hxxp://pxshadow.dnsalias.com
.
((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-23 13:26 . 2009-01-23 13:31 <DIR> d-------- C:\Rooter$
2009-01-23 13:24 . 2009-01-23 13:25 <DIR> d-------- C:\rsit
2009-01-20 11:44 . 2009-01-22 10:29 <DIR> d-------- c:\windows\ie8updates
2009-01-19 17:56 . 2009-01-19 17:56 <DIR> d--hs---- c:\documents and settings\Tyler\PrivacIE
2009-01-19 17:47 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2009-01-19 17:47 . 2007-08-13 18:45 78,336 --a--c--- c:\windows\system32\dllcache\ieencode.dll
2009-01-19 16:18 . 2009-01-23 17:40 1,374 --a------ c:\windows\imsins.BAK
2009-01-19 14:05 . 2009-01-19 14:23 <DIR> d-------- c:\program files\Rosetta Stone - German I & 2
2009-01-19 02:07 . 2009-01-19 14:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-01-19 00:46 . 1998-09-02 03:02 194,320 --a------ c:\windows\system32\qcut.dll
2009-01-19 00:46 . 1998-08-26 23:51 182,032 --a------ c:\windows\system32\dxtmsft3.dll
2009-01-19 00:46 . 1998-08-20 06:02 140,800 --a------ c:\windows\system32\tm20dec.ax
2009-01-19 00:46 . 1998-09-02 03:28 63,488 --a------ c:\windows\system32\unam4ie.exe
2009-01-19 00:46 . 1998-09-02 03:28 38,160 --a------ c:\windows\system32\LMRTREND.dll
2009-01-19 00:46 . 1998-08-17 04:21 11,776 --a------ c:\windows\system32\mciqtz.drv
2009-01-19 00:46 . 1998-08-17 04:21 10,240 --a------ c:\windows\system32\vidx16.dll
2009-01-19 00:46 . 1998-08-17 04:21 5,672 --a------ c:\windows\system32\quartz.vxd
2009-01-19 00:46 . 2009-01-19 00:46 4,608 --a------ c:\windows\system32\w95inf32.dll
2009-01-19 00:46 . 2009-01-19 00:46 2,272 --a------ c:\windows\system32\w95inf16.dll
2009-01-19 00:45 . 2009-01-19 00:46 <DIR> d-------- C:\TELL ME MORE SI
2009-01-19 00:24 . 2009-01-19 00:24 <DIR> d-------- c:\program files\Intense Language Office
2009-01-19 00:10 . 2009-01-19 01:03 <DIR> d-------- c:\program files\Web Publish
2009-01-19 00:10 . 2009-01-19 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Broderbund Software
2009-01-19 00:10 . 2009-01-19 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Broderbund LLC
2009-01-19 00:06 . 2009-01-19 00:07 <DIR> d-------- c:\program files\Common Files\Broderbund
2009-01-19 00:06 . 1999-04-21 04:08 29,184 --------- c:\windows\system32\Popup.ocx
2009-01-18 23:22 . 2009-01-18 23:26 417 --a------ c:\windows\TLC.INI
2009-01-18 23:13 . 2009-01-18 23:13 351 --a------ c:\windows\ADDICT.CFG
2009-01-18 23:10 . 2009-01-18 23:10 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Cambridge
2009-01-18 23:09 . 2009-01-18 23:09 <DIR> d-------- c:\program files\TEXTware
2009-01-18 23:04 . 2009-01-18 23:04 <DIR> d-------- c:\program files\Cambridge
2009-01-18 23:04 . 2003-01-23 08:41 66,614 --a------ c:\windows\system\TWADIB04.BMP
2009-01-18 21:19 . 2009-01-18 21:27 <DIR> d-------- C:\DeusEx
2009-01-18 16:45 . 2009-01-18 16:45 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Absolutist.com
2009-01-18 16:30 . 2009-01-18 16:41 <DIR> d-------- c:\program files\Checkers
2009-01-18 16:21 . 2009-01-18 16:21 <DIR> d-------- c:\program files\Novel Games
2009-01-18 16:12 . 2009-01-18 16:12 <DIR> d-------- c:\program files\Magicwand
2009-01-18 15:05 . 2009-01-18 15:05 <DIR> d--h----- c:\windows\PIF
2009-01-18 02:52 . 2009-01-18 02:52 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-15 22:47 . 2009-01-19 16:09 <DIR> d-------- c:\documents and settings\Administrator
2009-01-15 02:58 . 2009-01-15 02:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-15 02:45 . 2009-01-15 02:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\ALM
2009-01-15 02:24 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2009-01-15 02:24 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2009-01-15 02:08 . 2009-01-15 02:08 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-15 02:05 . 2009-01-15 02:05 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-15 01:43 . 2009-01-15 01:43 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-14 22:13 . 2009-01-14 22:13 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Corel
2009-01-14 22:13 . 2009-01-14 22:17 2,828 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-01-14 22:13 . 2009-01-14 22:13 88 -r-hs---- c:\windows\system32\B4A6406724.sys
2009-01-14 22:10 . 2009-01-14 22:10 <DIR> d-------- c:\program files\Corel
2009-01-14 22:10 . 2009-01-14 22:11 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-14 21:43 . 2009-01-14 21:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-14 20:25 . 2009-01-14 20:25 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-14 15:21 . 2009-01-14 15:21 101,296 --a------ c:\windows\~GLC0007.TMP
2009-01-14 15:20 . 2009-01-14 15:20 101,296 --a------ c:\windows\~GLC0006.TMP
2009-01-14 15:18 . 2009-01-14 15:18 101,296 --a------ c:\windows\~GLC0005.TMP
2009-01-14 15:16 . 2009-01-14 15:16 101,296 --a------ c:\windows\~GLC0004.TMP
2009-01-14 14:52 . 2009-01-14 14:52 <DIR> d-------- C:\YDKJ V1.5 (XL)
2009-01-14 11:57 . 2009-01-14 11:57 <DIR> d-------- c:\program files\ChordWizard Gold 2.0
2009-01-14 03:22 . 2009-01-14 03:22 <DIR> d--hs---- c:\windows\ftpcache
2009-01-14 02:51 . 2009-01-14 17:52 <DIR> d-------- c:\program files\Call of Duty Game of the Year Edition
2009-01-14 02:49 . 2009-01-14 03:10 745 --a------ c:\windows\CoD.INI
2009-01-14 02:34 . 1996-11-05 16:13 299,008 --a------ c:\windows\uninst.exe
2009-01-14 02:33 . 2009-01-14 02:33 <DIR> d-------- c:\documents and settings\Tyler\WINDOWS
2009-01-14 02:24 . 2009-01-14 02:24 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Quark
2009-01-14 02:23 . 2009-01-14 02:23 <DIR> d-------- c:\windows\system32\QuickTime
2009-01-14 02:21 . 2009-01-14 02:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Quark
2009-01-14 02:05 . 2009-01-14 02:06 <DIR> d-------- c:\program files\War Chess
2009-01-14 01:28 . 2009-01-14 01:28 10 --a------ c:\windows\system32\HCPQMYSGWTM.SYS
2009-01-14 01:26 . 2009-01-14 01:26 <DIR> d-------- c:\program files\D'Accord Music Software
2009-01-13 12:57 . 2009-01-13 12:57 <DIR> d-------- c:\program files\High-Logic
2009-01-13 12:57 . 2009-01-13 12:57 <DIR> d-------- c:\documents and settings\Tyler\Application Data\FontCreator
2009-01-13 04:12 . 2009-01-13 04:13 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-01-13 04:09 . 2009-01-13 04:09 <DIR> d-------- c:\program files\Jellyvision
2009-01-13 03:51 . 2009-01-13 03:51 <DIR> d-------- c:\program files\ChordWizard Songtrix Gold 3.0
2009-01-13 03:23 . 2009-01-13 03:23 <DIR> d-------- c:\program files\ChordWizard Music Theory 3.0
2009-01-13 03:22 . 2009-01-13 03:22 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-13 03:13 . 2009-01-13 03:13 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Thinstall
2009-01-13 03:01 . 2009-01-13 03:01 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-13 02:45 . 2009-01-13 02:46 <DIR> d-------- c:\program files\Winamp
2009-01-13 02:45 . 2009-01-22 12:02 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Winamp
2009-01-13 01:55 . 2009-01-13 01:55 <DIR> d-------- c:\program files\SONY
2009-01-13 01:53 . 2009-01-13 01:53 <DIR> d-------- c:\program files\Summitsoft.Logo.Design.Studio.v3.5
2009-01-13 01:50 . 2009-01-13 01:50 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Summitsoft
2009-01-13 01:48 . 2009-01-13 01:48 <DIR> d-------- c:\documents and settings\Tyler\Application Data\VCDEasy
2009-01-13 01:47 . 2009-01-13 01:47 <DIR> d-------- c:\program files\VCDEasy
2009-01-13 01:42 . 2009-01-13 01:42 <DIR> d-------- c:\program files\Common Files\Digidesign
2009-01-13 01:42 . 2009-01-13 01:42 <DIR> d-------- c:\program files\Antares Audio Technologies
2009-01-13 01:42 . 2003-06-20 13:28 1,777,664 --a------ c:\windows\system32\gdiplus.dll
2009-01-13 01:39 . 2009-01-13 01:39 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-01-13 01:37 . 2009-01-13 01:42 <DIR> d-------- c:\program files\VstPlugins
2009-01-13 01:37 . 2009-01-13 01:37 <DIR> d-------- c:\program files\Outsim
2009-01-13 01:37 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-01-13 01:37 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-01-13 01:35 . 2009-01-13 01:39 <DIR> d-------- c:\program files\Image-Line
2009-01-13 00:53 . 2004-03-29 16:23 90,112 --a------ c:\windows\unvise32.exe
2009-01-13 00:52 . 2009-01-13 01:03 <DIR> d-------- c:\program files\The Logo Creator v5
2009-01-13 00:44 . 2009-01-13 00:44 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-01-13 00:35 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-13 00:35 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-13 00:34 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-13 00:32 . 2009-01-13 00:32 <DIR> d-------- c:\documents and settings\Tyler\Application Data\Aim
2009-01-13 00:31 . 2009-01-13 00:31 <DIR> d-------- C:\AIM-Old
2009-01-13 00:13 . 2009-01-13 00:13 128,720 --a------ c:\windows\~GLC0001.TMP
2009-01-13 00:13 . 2009-01-13 00:13 5,607 --a------ c:\windows\~GLH0000.TMP
2009-01-13 00:08 . 2009-01-13 00:08 128,720 --a------ c:\windows\~GLC0000.TMP
2009-01-13 00:06 . 2009-01-13 00:06 128,720 --a------ c:\windows\~GLC0002.TMP
2009-01-12 22:59 . 2009-01-20 22:34 116 --a------ c:\windows\NeroDigital.ini
2009-01-12 22:55 . 2009-01-12 22:55 <DIR> d-------- c:\program files\Smart Projects
2009-01-12 22:02 . 2009-01-13 22:29 <DIR> d-------- c:\documents and settings\Tyler\Tracing
2009-01-12 21:59 . 2009-01-12 21:59 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-12 21:59 . 2009-01-12 21:59 <DIR> d-------- c:\program files\Microsoft
2009-01-12 21:58 . 2009-01-12 21:59 <DIR> d-------- c:\program files\Windows Live
2009-01-12 21:50 . 2009-01-12 21:50 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-12 18:10 . 2009-01-12 18:10 <DIR> d-------- C:\SIERRA
2009-01-12 18:10 . 2009-01-12 18:10 <DIR> d-------- c:\program files\Sierra On-Line
2009-01-12 11:27 . 2009-01-12 11:30 <DIR> d-------- C:\YDKJ
2009-01-12 11:27 . 1996-01-10 17:01 31,776 --a------ c:\windows\UNWISE.EXE
2009-01-12 01:19 . 2009-01-12 01:19 <DIR> d-------- c:\documents and settings\Tyler\Application Data\ArcSoft
2009-01-12 00:35 . 2009-01-12 00:35 <DIR> d-------- c:\documents and settings\Tyler\Application Data\MixMeister Technology
2009-01-12 00:31 . 2009-01-12 00:35 <DIR> d-------- c:\program files\MixMeister Fusion 7.2.2
2009-01-11 23:56 . 2009-01-11 23:56 <DIR> d-------- c:\program files\Guitar Pro 5
2009-01-11 22:51 . 2009-01-11 22:51 <DIR> d-------- c:\program files\Kontakt Player 2
2009-01-11 22:51 . 2009-01-11 22:57 <DIR> d-------- c:\program files\Garritan Instruments for Finale

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 15:45 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-24 904768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-09 01:18 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jsf8uiw3jnjgffght

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Obotinexil]
r [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tezrtsjhfr84iusjfo84f

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-06-11 22:43 640376 l:\program files\Program Files\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
--a------ 2008-06-12 02:25 37232 l:\program files\Program Files\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
--a------ 2008-08-15 05:46 378224 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2005-09-06 11:10 450560 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-11-24 15:38 94208 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager]
--a------ 2007-06-14 15:48 1282048 c:\windows\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-28 12:00 531272 c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2007-12-01 00:26 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
--a------ 2008-06-24 19:52 1325848 c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 c:\program files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5000 Series]
--a------ 2006-02-13 23:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBVA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-07-25 16:02 563984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2009-01-14 16:11 399504 c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2008-11-05 21:59 4347120 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
--------- 2007-12-01 00:26 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--a------ 2004-10-11 14:54 589824 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2008-07-08 16:41 2828184 c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
--a------ 2008-06-24 19:56 136472 c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-01-09 00:15 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-19 20:53 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--------- 2007-07-23 13:55 341232 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intense Registry Service]
--a------ 2002-10-14 18:30 53760 c:\windows\system32\intedreg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\GAMES\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GAMES\\Quake III Arena\\Quake3\\quake3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\AIM-Old\\aim.exe"=
"c:\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"<NO NAME>"=

R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2009-01-07 7680]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2009-01-07 125952]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-09 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-09 15504]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-09 20560]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-09 170640]
R4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-08 24652]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 gwiopm;gwiopm;\??\c:\program files\Unknown Device Identifier\gwiopm.sys --> c:\program files\Unknown Device Identifier\gwiopm.sys [?]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2009-01-10 198528]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S4 SessionLauncher;SessionLauncher;c:\docume~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\aljq7c09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: l:\program files\Program Files\Acrobat 9.0\Acrobat\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 18:39:36
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~ *]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\PSIService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-23 18:43:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-23 23:43:31

Pre-Run: 19,536,191,488 bytes free
Post-Run: 19,789,447,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

367 --- E O F --- 2009-01-23 22:40:33


And here is the new HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:58 PM, on 1/25/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - L:\Program Files\Program Files\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Tyler\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11060 bytes


Just an observation:

I noticed that the aforementioned suspect files are no longer listed in the HJT log. Hopefully that means it's gone or almost gone. I went to msconfig-startup, and Tzaka is no longer listed near the top and checked to start up. There is still a startup item listed as "r" with a command of "r" that is near the bottom and unchecked. From my earlier post, we know that is when I renamed the Tzaka command to "r" hoping it would disable it. So now perhaps we can just remove the "r" and it will be gone. But I don't know, you guys are the experts, I just wanted to let you know. Also, I noticed all blank entries in msconfig-startup-startup item column are now gone too. A friend who works on computers told me those are always some kind of spyware, is that true?

Just to recap, after completing all the scans (except Kaspersky), the original “Tzaka” file is now gone from msconfig-startup, and is no longer in the registry either. There is still the “r” file that was originally a Tzaka file I renamed to “r” in hopes that it would disable the program. It’s still there as a startup item and command. Other than that, the only other problem seems to be Internet Explorer. I couldn’t find the “r” files in the registry, though it is in the msconfig-startup area. Sorry if I over-explained everything, I just like to be as clear as possible.

Thanks again,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 26th, 2009, 3:21 pm

Hi :)

First, the files you quoted from the previous scan, those files are just a few web pages that I saved.

OK thank you for informing myself but please confirm whether or not you have more than one User Account on the system, thank you.

As for me only having 14% of my available disk space on C: yes I'm aware of that and I will be freeing up a lot of space in the next few days once I get time to back up some things on my portable hard drive.

This really needs to be addressed sooner rather than later as you are already experiencing small instances of system instability which will only get worse over time. You are going to need to free up space on all but one of the installed Hard-Drives.

The only problem I had was with the Kaspersky scan. I let it scan all day yesterday and today, and it only got a 27% of the way through. This could be because I have so many drives, but I noticed it was scanning from some of my other drives, so perhaps it was done with the C:? Anyway, after it had got to 27%, Internet Explorer crashed, so I wasn't able to scan it any further. I don't know how good Kaspersky's online scanner is supposed to be, but I do have Avast and Spybot and they have both found the file I previously mentioned.

Referring to my last statement this is more than likely due to most of the installed Hard-Drives having less than 15% free space left. So problems like this are to be expected I'm afraid.

Kaspersky's online scanner is a excellant application but due to the fact it uses the Java engine, sometimes problems can be encountered as every computer is different. We could try a different scan later on however after you have read the last part of my reply to yourself regarding what I have discovered in the CF Log. But until the Hard-Drive issues are addressed we will undoubtedly encounter similar problems.

I noticed all blank entries in msconfig-startup-startup item column are now gone too. A friend who works on computers told me those are always some kind of spyware, is that true?

ComboFix would have automatically removed these as the files were missing and deemed as orphans. Anything can be Spyware and some were in this instance but the majority were in this case however the previously mentioned orphans from applications no longer installed which at some time you had disabled with MSConfig from starting upon every reboot.

Thanks again,

Tyler

You're welcome!

Next:

OK I have some bad news I'm afraid and the current state of the installed Hard-Drives might well be a moot point at this time.

One or more of the identified infections is a Back-Door Trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 27th, 2009, 3:52 pm

Yes, I am the only user on this computer. I just have my account and the admin account. I have read what you said about doing a reformat and am taking it into consideration. However, I would like to know exactly what you found in the CT log, or anywhere else that makes you think that way. If nothing else, I will need to backup my harddrive being reformatting. I would at least like to try and continue to fix the problem a little bit longer, for 1) because I want to learn more about how to prevent these kinds of things from happening, and 2) I would like to know what the problem/programs are so I can know to avoid those kinds of files and/or programs if I do in fact think they are safe. I say this because, I just had Windows reinstalled less than a month ago, so whatever problem I had, could have occurred when I put some old stuff back on it. I am definitely taking your comments seriously and will disconnect after sending this e-mail, but I would like to ask you to at least move forward a little bit longer if you would, because I at least want to learn more and if possible, try to solve the problem (even if it seems almost impossible to do).

Thanks again for all of your help,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby Dakeyras » January 28th, 2009, 6:59 am

Hi :)

Yes, I am the only user on this computer. I just have my account and the admin account.
OK, thank you for informing myself.

I have read what you said about doing a reformat and am taking it into consideration. However, I would like to know exactly what you found in the CT log, or anywhere else that makes you think that way.
OK as I have already mentioned a Back-Door Trojan was revealed by ComboFix namely: TrojanSpy:Win32/Banker.GB

With this type of infection as I have already advised the best course of action is a re-format and re-installation of the operating system.

I would at least like to try and continue to fix the problem a little bit longer, for 1) because I want to learn more about how to prevent these kinds of things from happening, and 2) I would like to know what the problem/programs are so I can know to avoid those kinds of files and/or programs if I do in fact think they are safe. I say this because, I just had Windows reinstalled less than a month ago, so whatever problem I had, could have occurred when I put some old stuff back on it.
If you wish for myself to continue with a malware removal then I will respect your decision but bare in mind can't guarantee that it will be at all secure afterwords.

OK regardless as to whether or not we proceed with cleaning of the system I will provide advice about what security applications to have installed and how to practice safe online surfing.

One possibility that caused the infections was having to many Anti-Spyware applications guard features active. Which actually lessens online protection. Plus not having installed a software Firewall may have not helped. Though in all probability your system was clean until you mistakingly clicked on something, if you recall:
I clicked on a setup file and Spyware Guard 2008
This is most likely the source of the current infections as these type of rogue applications are notorious for installing more malware on a system.

OK to recap make a decision please and I will respect either and assist you whatever your decide.

I can be no farer than that as I have gave both my advice and opinion.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Problem deleting registry file, KEEPS COMING BACK

Unread postby tyler1984 » January 28th, 2009, 9:42 am

Okay, my current decision is to keep working to find a problem for now. That doesn't mean I won't ultimately take your advice, but I would just like to learn about these kinds of problems as much as possible, and not have to reformat again so soon, but I DO want to be safe as possible as well.

Thanks,

Tyler
tyler1984
Active Member
 
Posts: 13
Joined: January 16th, 2009, 3:15 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware