Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware problems I think??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware problems I think??

Unread postby Filtereyez » May 15th, 2009, 3:38 am

Hey folks, started to experience odd occurrences, no links on my homepage (yahoo) work, the search bar works but the resulting links although legit when clicked I get redirected to search sites. Also a svchost.exe file keeps maxin out my cpu whenever it feels like it. Ran my array of scanners and tools and did find some maleware and cleaned, also found some odd programs installed that neither me nor the wife installed. cleaned what I knew how and problems still persist, any help would be appreciated heres my Hijack Log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:33 AM, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Orphalese\Orphalese Tarot\DeckService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S70.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: eDocOne: Save to... - C:\Program Files\eDocOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: eDocOne - {34C3E8B4-9D99-4F3C-A2F9-64007F446F54} - C:\Program Files\eDocOne\Script\catcher2.htm
O9 - Extra 'Tools' menuitem: eDocOne: Save to... - {34C3E8B4-9D99-4F3C-A2F9-64007F446F54} - C:\Program Files\eDocOne\Script\catcher2.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0456263707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6131956466
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://764f3b595e35c57ae77c31b7ddf8356e ... applet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orphalese Deck Service - Orphalese Data Solutions Ltd - C:\Program Files\Orphalese\Orphalese Tarot\DeckService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11066 bytes
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm
Advertisement
Register to Remove

Re: Malware problems I think??

Unread postby MWR 3 day Mod » May 18th, 2009, 9:57 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware problems I think??

Unread postby askey127 » May 20th, 2009, 10:33 am

Hi Filtereyez,
------------------------------------------------------
Please note that all instructions here are customized for this computer only. The tools used may cause damage if used on a computer with different infections.
For any outsiders reading this thread that appear to have similar problems, please post a new log in the HJT forum and wait for help.


My name is askey127 and I will be helping you remove any infection(s) that you may have.

Please observe these rules while we work:
  • Please give all responses as a reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"
  • If you have a problem with something, stop and ask! Don't keep going on.
  • Please don't remove, install or uninstall anything new unless I ask you to do so.
  • Don't assume that if the symptoms go away, computer is clean
If you can do those things, everything should go smoothly :D

Please Note that your security programs may give warnings about some of the tools I will ask you to use. In any such case, please give permissions.
Be assured that any website links I give you are verified to be safe.
-----------------------------------------------------------
There are some Issues with infections in relation to PunkBuster:
Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here . Choose the Slim version.
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Run CCleaner Cleaning Scan.
If it's not already running, Start CCleaner.
Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------
Run the RSIT Scanner
Please download the Scanner http://images.malwareremoval.com/random/RSIT.exe and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Default location for both files is C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 3:34 pm

Hi askey,

Thank you very much for your response, before I post the requested logs allow me to give you an update on what I've found and done thus far. A house sitter had used the computer bout a year ago and we had problem, supposedly the geekguys at bestbuy had cleaned it, yet we still found programs installed that were not installed by us and the performance of the machine never was quite right. Just recently I have purchased many of the cleaners recommended by users in these forums and have found and cleaned quite a bit malware. Now pertaining to my original problem at the start of this thread, I did find the culprit, it was the trojan.daonol, very nasty bugger. Whith many hours of searching and trial and error I finally found a way to get rid of it through the delete file on reboot option in hijakthis. Everything is working wonderfull or so it appears, yet I'm so discusted with malware at this point I want to be sure.

As far as the punkbuster, most of my games on install give me the option to install it for on-line game play. And to be honest if it is malware or remotely close to malware then I'm willing to sacrifice a game or all of my games if it results in a trouble free system.

again thank you for your response... I have run ccleaner as instructed and the rsit logs are below:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-05-21 12:08:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (40%) free of 144 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:41 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\SYSTEM32\astsrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program files\Returnil\Returnil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - (no file)
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Rvsystem] "C:\Program files\Returnil\Returnil.exe"
O4 - HKCU\..\Run: [EPSON WorkForce 600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_S70.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm
O8 - Extra context menu item: eDocOne: Save to... - C:\Program Files\eDocOne\Script\catcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: eDocOne - {34C3E8B4-9D99-4F3C-A2F9-64007F446F54} - C:\Program Files\eDocOne\Script\catcher2.htm
O9 - Extra 'Tools' menuitem: eDocOne: Save to... - {34C3E8B4-9D99-4F3C-A2F9-64007F446F54} - C:\Program Files\eDocOne\Script\catcher2.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0456263707
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6131956466
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://764f3b595e35c57ae77c31b7ddf8356e ... applet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Orphalese Deck Service - Orphalese Data Solutions Ltd - C:\Program Files\Orphalese\Orphalese Tarot\DeckService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11196 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Clean System Memory.job
C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{455D042C-C371-11DD-8384-0018F37ACC4F}.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4DA5A50A-384D-466B-ACA9-6837B3E7E9CA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{af83e43c-dd2b-4787-826b-31b17dee52ed} - QT Breadcrumbs Address Bar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - QT TabBar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]
{d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - QT Tab Standard Buttons - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-17 30192]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-12 516440]
"PhiBtn"=C:\WINDOWS\System32\drivers\PhiBtn.exe [2005-09-12 155648]
"Traymin900"=C:\WINDOWS\System32\drivers\Tray900.exe [2005-09-12 266240]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"Rvsystem"=C:\Program files\Returnil\Returnil.exe [2009-05-20 2304000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON WorkForce 600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE [2008-03-04 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
C:\Program Files\Logitech\G-series Software\LCDMon.exe [2006-03-06 497152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-23 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll [2005-01-31 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll [2009-02-06 204080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll [2005-05-10 86016]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2008-11-17 103848]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2008-11-17 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2008-11-19 873800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Eidos\Rogue Trooper\RogueTrooper.exe"="C:\Program Files\Eidos\Rogue Trooper\RogueTrooper.exe:*:Enabled:Rogue Trooper"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

======List of files/folders created in the last 1 months======

2009-05-21 12:08:11 ----D---- C:\rsit
2009-05-21 12:00:01 ----D---- C:\Program Files\CCleaner
2009-05-20 14:23:20 ----D---- C:\Program Files\Corner-A
2009-05-20 00:16:49 ----HD---- C:\RETURNIL
2009-05-20 00:16:49 ----D---- C:\Program Files\Returnil
2009-05-18 19:22:20 ----D---- C:\Program Files\a-squared Free
2009-05-17 12:43:22 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SecondLife
2009-05-17 12:37:34 ----D---- C:\Program Files\SecondLife
2009-05-13 00:31:48 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-05-13 00:31:48 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-05-13 00:31:43 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-05-13 00:31:43 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-05-12 17:03:20 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-12 16:45:47 ----D---- C:\WINDOWS\ie8updates
2009-05-12 16:43:41 ----HDC---- C:\WINDOWS\ie8
2009-05-12 16:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-12 16:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-12 16:38:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-12 16:38:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-12 16:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-12 16:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-12 16:32:13 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-05-09 18:35:23 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-09 18:34:53 ----D---- C:\Program Files\TweetDeck
2009-05-05 22:49:43 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Download Manager
2009-05-05 20:22:50 ----D---- C:\WINDOWS\Options
2009-05-05 20:03:41 ----D---- C:\Program Files\Philips_VLounge
2009-05-05 18:48:53 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Publish Providers
2009-05-05 18:47:21 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Sony
2009-05-05 18:37:44 ----D---- C:\Program Files\Common Files\eSellerate
2009-05-05 18:19:32 ----D---- C:\Program Files\Sony Setup
2009-05-04 23:49:59 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\CyberLink
2009-05-04 19:37:35 ----N---- C:\WINDOWS\system32\qtmlClient.dll
2009-05-04 19:37:35 ----N---- C:\WINDOWS\system32\MtxPreview.dll
2009-05-04 19:37:35 ----N---- C:\WINDOWS\system32\MtxParhBFXPreview.dll
2009-05-04 19:37:35 ----N---- C:\WINDOWS\system32\CvoAPI.dll
2009-05-04 19:37:35 ----A---- C:\WINDOWS\Graffiti5.2Pin.ini
2009-05-04 19:14:35 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-05-04 19:00:48 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2009-04-30 19:16:37 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\ValuSoft
2009-04-30 19:12:45 ----D---- C:\Program Files\Prison Tycoon 4
2009-04-30 19:02:46 ----A---- C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
2009-04-30 18:59:20 ----D---- C:\Program Files\Common Files\Thraex Software
2009-04-30 18:59:19 ----D---- C:\Program Files\Prison Tycoon 2
2009-04-30 18:32:22 ----D---- C:\Program Files\Eidos
2009-04-30 17:17:07 ----D---- C:\Program Files\Lionhead Studios
2009-04-28 19:00:14 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-04-28 14:42:30 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SPORE
2009-04-28 14:40:33 ----D---- C:\SporeCache
2009-04-28 14:22:45 ----D---- C:\Program Files\Electronic Arts
2009-04-26 16:24:18 ----N---- C:\WINDOWS\Setup1.exe
2009-04-26 16:24:05 ----D---- C:\Program Files\cybershamanfree
2009-04-25 21:59:28 ----D---- C:\Program Files\Virtual Hypnotist
2009-04-22 15:23:03 ----D---- C:\Program Files\Graffiti Studio 2.0
2009-04-22 03:36:33 ----D---- C:\Program Files\TwitSaver
2009-04-22 03:23:06 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\TwitSaver
2009-04-22 02:31:15 ----D---- C:\Program Files\zFlick
2009-04-22 01:34:02 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Media Player Classic

======List of files/folders modified in the last 1 months======

2009-05-21 12:08:32 ----D---- C:\WINDOWS\Prefetch
2009-05-21 12:08:22 ----D---- C:\WINDOWS\Temp
2009-05-21 12:07:53 ----D---- C:\WINDOWS\Internet Logs
2009-05-21 12:07:02 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 12:03:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 12:02:24 ----AD---- C:\WINDOWS
2009-05-21 12:02:11 ----D---- C:\WINDOWS\Minidump
2009-05-21 12:00:01 ----D---- C:\Program Files
2009-05-21 00:45:48 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-05-21 00:45:06 ----A---- C:\rollback.ini
2009-05-20 22:04:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-20 21:38:05 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SolSuite
2009-05-20 20:53:49 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\MahJong Suite
2009-05-20 11:39:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-05-20 10:30:29 ----D---- C:\Documents and Settings
2009-05-20 10:22:14 ----D---- C:\WINDOWS\Registration
2009-05-20 10:21:21 ----D---- C:\WINDOWS\Debug
2009-05-20 01:25:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-20 00:17:13 ----D---- C:\WINDOWS\system32\drivers
2009-05-19 23:52:18 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2009-05-19 23:51:46 ----SHD---- C:\WINDOWS\Installer
2009-05-19 23:48:00 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2009-05-19 21:34:25 ----AD---- C:\WINDOWS\system32
2009-05-18 18:05:49 ----D---- C:\WINDOWS\system32\LogFiles
2009-05-18 04:04:11 ----HD---- C:\WINDOWS\inf
2009-05-18 04:04:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-18 04:00:43 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-18 03:57:50 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\MSN6
2009-05-18 03:36:06 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Camfrog
2009-05-18 03:18:33 ----D---- C:\Program Files\SolSuite
2009-05-18 03:00:47 ----D---- C:\Program Files\MahJong Suite
2009-05-14 23:49:16 ----D---- C:\Program Files\Pixelan
2009-05-14 23:47:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 23:41:17 ----D---- C:\plugins
2009-05-14 23:09:28 ----D---- C:\Program Files\Sony
2009-05-14 23:04:18 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-14 22:53:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-14 21:52:33 ----D---- C:\Program Files\Internet Explorer
2009-05-13 12:26:18 ----D---- C:\WINDOWS\StormPredator
2009-05-13 12:26:18 ----D---- C:\WINDOWS\PaltalkScene
2009-05-13 12:26:18 ----D---- C:\WINDOWS\MyFreeWeather
2009-05-13 00:27:40 ----D---- C:\WINDOWS\WinSxS
2009-05-13 00:00:24 ----D---- C:\TMRBLog
2009-05-12 16:56:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-12 16:50:45 ----D---- C:\WINDOWS\system32\en-us
2009-05-12 16:50:44 ----D---- C:\WINDOWS\system32\dllcache
2009-05-12 16:50:44 ----D---- C:\WINDOWS\Media
2009-05-12 16:50:44 ----D---- C:\WINDOWS\Help
2009-05-12 16:50:42 ----D---- C:\WINDOWS\system32\wbem
2009-05-12 16:50:42 ----D---- C:\WINDOWS\AppPatch
2009-05-12 16:45:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-12 16:39:37 ----D---- C:\WINDOWS\ie7updates
2009-05-12 00:32:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-11 20:08:37 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-11 00:43:03 ----A---- C:\WINDOWS\win.ini
2009-05-07 00:16:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-05 20:27:16 ----D---- C:\WINDOWS\system
2009-05-05 20:22:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-05 20:16:00 ----D---- C:\Program Files\Common Files\ArcSoft
2009-05-05 19:41:29 ----RSD---- C:\WINDOWS\Fonts
2009-05-05 18:37:44 ----D---- C:\Program Files\Common Files
2009-05-05 15:15:51 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-05-04 17:31:05 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Vista Start Menu
2009-05-04 17:27:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-30 18:20:30 ----RSD---- C:\WINDOWS\assembly
2009-04-30 18:20:30 ----D---- C:\WINDOWS\system32\DirectX
2009-04-30 17:02:43 ----D---- C:\Program Files\Atari
2009-04-28 14:42:11 ----N---- C:\WINDOWS\system32\CmdLineExt.dll
2009-04-26 16:24:12 ----A---- C:\WINDOWS\ST6UNST.EXE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sonypvf2;sonypvf2; C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 635017]
R1 sonypvt2;sonypvt2; C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 431236]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-03-31 353672]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-22 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-22 18048]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 camvid40;Philips SPC 900NC PC Camera; C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-09-12 1239552]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-12-10 52992]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-12-10 68992]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S2 zntport;NTPort Library Driver; \??\C:\WINDOWS\system32\zntport.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dbustrcm;dbustrcm; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\dbustrcm.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-25 68961]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-08 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-08 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys []
S3 MaplomL;MaplomL; C:\WINDOWS\system32\drivers\MaplomL.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 npkcusb;npkcusb; \??\C:\Program Files\Lineage II\system\npkcusb.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
S3 TucbDriverV32;TucbDriverV32; C:\WINDOWS\system32\drivers\TucbDriverV32.sys [2008-06-04 508544]
S3 TucbVideo32;TucbVideo32; C:\WINDOWS\system32\DRIVERS\TucbVideo32.sys [2008-06-04 3768]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva224;XDva224; \??\C:\WINDOWS\system32\XDva224.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-05-18 717320]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-10-17 109056]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 astcc;AST Service; C:\WINDOWS\SYSTEM32\astsrv.exe [2008-05-07 57344]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-12 953168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; C:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
S2 Orphalese Deck Service;Orphalese Deck Service; C:\Program Files\Orphalese\Orphalese Tarot\DeckService.exe [2008-08-30 28672]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-30 66872]
S2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-23 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-17 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

*****************************************************************

info.txt logfile of random's system information tool 1.06 2009-05-21 12:08:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{36C41D70-56F5-4E2B-81DA-6BEB7502D7A1}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x9 -u
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x9 -u
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AbiWord 2.6.5-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
AbiWord Importer/Exporter Plugins-->"C:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordIEPlugins.exe"
AbiWord Tools Plugins-->"C:\Program Files\AbiSuite2\AbiWord\plugins\UninstallAbiWordToolsPlugins.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Ahnenblatt 2.59-->"C:\Documents and Settings\Compaq_Administrator\Application Data\Ahnenblatt\unins000.exe"
AIRTranslate-->MsiExec.exe /X{54E2598B-2CFA-3C7C-C980-C8C822024F8C}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Ancestry World Archives Project - Keying Tool-->MsiExec.exe /I{6FE5CA8E-7D87-49EE-8296-FF1511DEDEB7}
AOL Music - Top 100 Videos-->msiexec /qb /x {49A24F82-DD1A-2AFB-AE18-07A0D800A3BE}
AOL Music - Top 100 Videos-->MsiExec.exe /I{49A24F82-DD1A-2AFB-AE18-07A0D800A3BE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Brochures & Flyers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1Brochure
ArcSoft Print Creations - Funhouse II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1HouseFun
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Photo Prints-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1PhotoPrint
ArcSoft Print Creations - Poster Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1Poster
ArcSoft Print Creations - Quick Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1OneTouch
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F227D8E5-2FD9-4652-B5D3-14003028F235}\Setup.exe" -l0x9
Art Explosion Publisher Pro Silver Edition-->MsiExec.exe /X{C62D7344-8709-4443-9C95-F90659CBC27F}
a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"
Auslogics BoostSpeed-->"C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
Bikini Solitaire-->C:\WINDOWS\system32\GKSUI20.EXE C:\Program Files\Bikini Solitaire V1.0.3\Uninstall1DBE.DAT
Black & White® 2 Battle of the Gods-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
BrainWave Generator-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BrainWave Generator\Uninst.isu"
Camfrog Video Chat 5.3-->"C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Art Display 2.0-->"C:\Program Files\CD Art Display\unins000.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
CleanMem-->"C:\WINDOWS\CleanMem\uninstall.exe" "/U:C:\Program Files\CleanMem\Uninstall\uninstall.xml"
Comical 0.8-->"C:\Program Files\Comical\unins000.exe"
ComicRack v0.9.90-->C:\Program Files\ComicRack\uninst.exe
Corner-A ArtStudio-->C:\Program Files\Corner-A\ArtStudio\Uninstall.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Cybershaman 7 free-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\cybershamanfree\ST6UNST.LOG"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
DeskScapes-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall dk
DesktopX-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall dx
DFX 8 for Winamp-->"C:\Program Files\Winamp\uninstall_dfx.exe"
DFX 8 for Windows Media Player-->MsiExec.exe /I{AFCD7D3E-4CB5-4572-9C2B-6112133A41EB}
DiaryOne 6.65-->"C:\Program Files\DiaryOne\unins000.exe"
Digsby-->C:\Program Files\Digsby\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EasyDeskTicker-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EasyDeskTicker\DeIsL1.isu" -c"C:\Program Files\EasyDeskTicker\_ISREG32.DLL"
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eDocOne 4.0-->"C:\Program Files\eDocOne\unins000.exe"
Epson Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON WorkForce 600 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEKA.EXE /R /APD /P:"EPSON WorkForce 600 Series"
Evernote-->C:\Program Files\InstallShield Installation Information\{0D025345-1033-4F35-A5CE-68CDCDE6CC03}\setup.exe -runfromtemp -l0x0009 -removeonly
Family Tree Legends-->MsiExec.exe /I{1ED6CA46-633C-46CD-9D0F-2A8AE225E8A6}
Family Tree Maker 2009-->C:\Program Files\InstallShield Installation Information\{27711CB0-26B3-4D99-88A9-4E4D60C34850}\setup.exe -runfromtemp -l0x0409
ffdshow [rev 2033] [2008-07-05]-->"C:\Program Files\ffdshow\unins000.exe"
fl.explor'r-->msiexec /qb /x {2D5EA224-597B-BBE2-9293-6F0DF0F53CCB}
fl.explorr-->MsiExec.exe /I{2D5EA224-597B-BBE2-9293-6F0DF0F53CCB}
Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
FLVPlay-->msiexec /qb /x {39A255BB-2828-9AA4-08DE-DD94126F2423}
FLVPlay-->MsiExec.exe /I{39A255BB-2828-9AA4-08DE-DD94126F2423}
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
FreeUndelete-->C:\Program Files\FreeUndelete\GLF70.exe /handle:fru
GeeMail-->MsiExec.exe /X{D963FE9C-5A96-254B-F2BE-A9A0E9C1B541}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Gmail Note-->MsiExec.exe /X{107C841E-591E-B335-2960-A75516792782}
GonVisor 1.73-->"C:\Program Files\GonVisor\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GPS Image Tracker-->C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
Graffiti Studio 2.0-->"C:\Program Files\Graffiti Studio 2.0\unins000.exe"
HeatSeek-->"C:\Documents and Settings\Compaq_Administrator\Application Data\HTSKApp\unins000.exe"
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28101984-0BA6-40FD-9ABE-72F62F80C06C}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
IconDeveloper-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall id
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageMixer for Sony DVD Handycam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD350FC2-A972-427D-800B-A2D200ACFF41}\setup.exe" UNINSTALL
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Impulse-->"C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users\Application Data\{C8EE221B-B5DA-4C2D-878A-57DAFBB8622E}\Impulse_setup.exe
Install(US)2-->C:\Program Files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe -runfromtemp -l0x0009 -removeonly
iSpQ VideoChat 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E74C05-CD77-4422-B5BB-E82693EE2FA3}\Setup.exe" -l0x9 DoUninstall
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jarte Plus 3.3-->"C:\Program Files\Jarte\unins000.exe"
JGoodies JDiskReport 1.3.1-->"C:\Program Files\JGoodies\JDiskReport 1.3.1\uninstall.exe"
KaraFun 1.18-->"C:\Program Files\KaraFun\unins000.exe"
KaraokeMixer 1.1-->"C:\Program Files\Audio4You\KaraokeMixer\unins000.exe"
Logitech G-series Keyboard Software-->MsiExec.exe /X{5A080213-5AEC-4BF2-BB32-796EB0E421EC}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lotto Buster 2010-->C:\WINDOWS\uninst.exe -f"C:\Lotto Buster\DeIsL1.isu" -c"C:\Lotto Buster\_ISREG32.DLL"
Lotto Cheatah Jackpot Winning Lottery Software-->C:\WINDOWS\system32\GKSUI20.EXE C:\Program Files\Lotto Cheatah Jackpot Winning Lottery Software V2.65\Uninstall4E46.DAT
Lotto Sorcerer 6.20-->C:\PROGRA~1\LOTTOS~1\Setup.exe /remove /q0
Lyrics4You 2.8-->"C:\Program Files\Audio4You\Lyrics4You\unins000.exe"
MahJong Suite 2009 v6.0-->"C:\Program Files\MahJong Suite\unins000.exe"
MahJong Suite Graphics Pack Volume 1 - v1.8-->"C:\Program Files\MahJong Suite\unins001.exe"
MahJong Suite Graphics Pack Volume 2 - v2.9-->"C:\Program Files\MahJong Suite\unins002.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
MessengerData WMP Plugin-->MsiExec.exe /I{06283453-7826-2168-5324-689421793582}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Midi4You Converter 1.0-->"C:\Program Files\Audio4You\Midi4You\unins000.exe"
Monopoly Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B975F4A1-63B6-11D4-BFEC-005004AF2D32}\Setup.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Remix Player Standalone Plus-->MsiExec.exe /I{5843df76-828b-4da3-a3c9-7dfe79b563da}
MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
musicshakeENG-->MsiExec.exe /I{02B05067-A6BD-443F-BC52-B0084122F4CD}
MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe
MyScribe-->"C:\Program Files\CafeScribe\MyScribe\uninstall.exe"
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Need for Speed™ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
Orphalese Tarot-->MsiExec.exe /I{81BEDFC2-CD4B-4D3B-AF88-2EE7EAEC812F}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Pagan Daybook 3-->C:\WINDOWS\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\Pagan Daybook 3\INSTALLD.TXT
ParetoLogic Privacy Controls-->MsiExec.exe /I{5C92A787-3D1C-44E7-8B77-072C95EE1CF0}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
Philips SPC 900NC PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{220F6386-5D1F-4DA5-94DB-F12133C3AE2C}\Setup.exe" -l0x9
Philips VLounge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}\Setup.exe" -l0x9
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PicLens for Internet Explorer-->MsiExec.exe /X{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}
Pictomio-->"C:\Program Files\Pictomio\Uninstall.exe"
Picture Package Music Transfer-->C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe -runfromtemp -l0x0009 /removeonly -removeonly
PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
Prison Tycoon 2-->C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
Prison Tycoon 4-->"C:\Program Files\InstallShield Installation Information\{48413BF3-5934-4ED3-8F1B-49D250BBF5AC}\Setup.exe" -runfromtemp -l0x0009 -removeonly
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
REKO Productions Cardgames Deluxe PC-->C:\PROGRA~1\REKOPR~1\KLONDI~1\UNWISE.EXE C:\PROGRA~1\REKOPR~1\KLONDI~1\INSTALL.LOG
Returnil Virtual System Premium Edition-->C:\Program files\Returnil\Uninstall.exe /REMOVE
Rogue Trooper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B6C0B5-EC21-4E7C-9B4B-6DD162BE5AEC}\setup.exe"
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SkinStudio 6 Professional-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall sks
SmartGenealogy-->"C:\Program Files\SmartGenealogy_2.8c\unins000.exe"
Snackr-->msiexec /qb /x {3CC1B522-48BB-BD76-2E84-9246A18BB805}
Snackr-->MsiExec.exe /I{3CC1B522-48BB-BD76-2E84-9246A18BB805}
Snapact-->C:\Program Files\Snapact\uninstall.exe
Solitaire City-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Digital Smoke\Solitaire City\Uninst.isu"
Solitaire Setty v2.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Digital Smoke\Solitaire Setty\Uninst.isu"
SolSuite 2009 v9.4-->"C:\Program Files\SolSuite\unins000.exe"
SolSuite Graphics Pack Volume 1 - v1.24-->"C:\Program Files\SolSuite\unins001.exe"
SolSuite Graphics Pack Volume 2 - v2.15-->"C:\Program Files\SolSuite\unins002.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony DVD Handycam USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F845B05-8B76-4302-A808-7FB21E2BC5E6}\Setup.exe" UNINSTALL
Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundPackager-->"C:\Program Files\Stardock\Impulse\Impulse.exe" /autouninstall snd
SpiceFX Packs 3.0v for Movie Maker-->C:\PROGRA~1\Pixelan\SPICEF~1.0\UNINST~1\UNINST~1.EXE C:\PROGRA~1\Pixelan\SPICEF~1.0\UNINST~1\Install.log
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Super nude patch 6-->C:\WINDOWS\iun6002.exe "C:\Program Files\Maxis\The sims\irunin.ini"
Super nude patch II 2.8-->C:\WINDOWS\iun6002.exe "C:\Documents and Settings\Compaq_Administrator\My Documents\EA Games\The Sims 2\irunin.ini"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Lottery Picker-->MsiExec.exe /I{04A5A32D-CF69-4166-A051-B0C6E2526CF3}
TimeLoc-->msiexec /qb /x {9EB317F3-F30E-32AA-3F67-5E4D9A133AEF}
TimeLoc-->MsiExec.exe /I{9EB317F3-F30E-32AA-3F67-5E4D9A133AEF}
TubeHunter Ultra-->MsiExec.exe /I{AFF2F374-AAE3-48E5-BB3C-78305D25D5C4}
Turbo Trio-->"C:\Program Files\Games Of The Month\Turbo Trio\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
TweetDeck-->MsiExec.exe /X{A9B02DB6-F7BD-16B5-10F2-584333CDD70A}
TwitSaver-->"C:\Program Files\TwitSaver\unins000.exe"
UltraLott Washington 1.7.0-->"C:\Program Files\UltraLott Washington\unins000.exe"
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Virtual Hypnotist 5.8-->C:\Program Files\Virtual Hypnotist\uninst.exe
Vista Start Menu 3.02-->"C:\Program Files\Vista Start Menu\unins000.exe"
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18F}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
Warhammer 40,000: Dawn Of War - Gold Edition-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Wondershare DVD Slideshow Builder 4.4.1-->"C:\Program Files\Wondershare\DVD Slideshow Builder\unins000.exe"
Wondershare Photo Story Platinum 3.1.0-->"C:\Program Files\Wondershare\Photo Story Platinum\unins000.exe"
Wondershare Style Resources version-->"C:\Program Files\Wondershare\Photo Story Platinum\unins001.exe"
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
YouTube Widget-->msiexec /qb /x {89EEF526-7D68-843F-BB44-ED4FF1940599}
YouTube Widget-->MsiExec.exe /I{89EEF526-7D68-843F-BB44-ED4FF1940599}
zFlick-->MsiExec.exe /X{5DED1E80-3EF5-DC62-596A-F32D997761BA}
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Hosts File======

127.0.0.1 advertising.paltalk.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

======System event log======

Computer Name: BAZOIC
Event Code: 20
Message: Printer Driver GoBinder for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 211
Source Name: Print
Time Written: 20081228182705.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BAZOIC
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 210
Source Name: Print
Time Written: 20081228182705.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BAZOIC
Event Code: 7000
Message: The NTPort Library Driver service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 203
Source Name: Service Control Manager
Time Written: 20081228182545.000000-480
Event Type: error
User:

Computer Name: BAZOIC
Event Code: 7023
Message: The Uninterruptible Power Supply service terminated with the following error:
%%2481

Record Number: 202
Source Name: Service Control Manager
Time Written: 20081228182545.000000-480
Event Type: error
User:

Computer Name: BAZOIC
Event Code: 2481
Message: The UPS service is not configured correctly.

Record Number: 201
Source Name: UPS
Time Written: 20081228182527.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: BAZOIC
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\STARDOCK\WINDOWBLINDS\STAINLESSSTEEL_TMP\SS__PROGRESSBARBORDERVERT.BMP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 7047
Source Name: Windows Search Service
Time Written: 20090425135836.000000-420
Event Type: error
User:

Computer Name: BAZOIC
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\STARDOCK\WINDOWBLINDS\STAINLESSSTEEL_TMP\SS__PROGRESSBARBLOCKVERT.BMP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 7046
Source Name: Windows Search Service
Time Written: 20090425135835.000000-420
Event Type: error
User:

Computer Name: BAZOIC
Event Code: 3013
Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\STARDOCK\WINDOWBLINDS\STAINLESSSTEEL_TMP\SS__LISTVIEWHEADER.BMP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Record Number: 7045
Source Name: Windows Search Service
Time Written: 20090425135834.000000-420
Event Type: error
User:

Computer Name: BAZOIC
Event Code: 1517
Message: Windows saved user BAZOIC\Compaq_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 7013
Source Name: Userenv
Time Written: 20090420010355.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BAZOIC
Event Code: 1000
Message: Faulting application setup.exe, version 1.0.0.9, faulting module setup.exe, version 1.0.0.9, fault address 0x00015033.

Record Number: 6799
Source Name: Application Error
Time Written: 20090322181951.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Alky for Applications\Libraries\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 3:43 pm

Oh and askey I have a question for you as well, I recently discovered a program and have purchased it, it is installed but I have not turned it on yet cause frankly I need to read the manual to better understand it. The program is called Returnil, it creates a virtual system for protection, what is your opinion from your experience of a program like this for security? Should I bother with it at all? I only paid 25 dollars for it so if its hogwash it really is no big loss.

thank you.
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby askey127 » May 21st, 2009, 5:12 pm

Filtereyez,
I must say I don't know enough about Returnil to advise you.
It looks a bit like Sandboxie, but I'm afraid I cannot be of help..

We will remove a few obsolete and interfering programs. We will update them later.
----------------------------------------------------------
Remove Program(s) with CCleaner
Open CCleaner. In the Left Pane, click Tools. Verify that Uninstall is highlighted in color, or click on it.
Click and Highlight the Following Programs, one at a time, and click the Run Uninstaller button for each one.
Wait for completion of each one before highlighting and Uninstalling the next.

J2SE Runtime Environment 5.0 Update 6
Adobe Reader 7.0.5-
Ad-Aware

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
----------------------------------------------------------
Let's check if there are any leftovers from Daonol:
Please download DaonolFix from the link below and save it to your Desktop
http://jpshortstuff.247fixes.com/beta/DaonolFix.exe
* Double-click DaonolFix.exe to run it.
* Select 1. Find Daonol (no fix) by typing 1 and pressing Enter.
* You will see a lot of files being listed - don't worry, they are just being scanned.
* A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called DaonolFix.txt).
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked if it found any malware items, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp

So let's see what results we get from DaonolFix, and the Malwarebytes log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 6:43 pm

Hi askey127,

Sorry for my slow response here, I had asked on another forum (Tech Support Guy) for info on weather a program existed that would tell me what program made a certain file, and in the process of that thread wanting to know why i asked it lead to them wanting to help me with my problem, then I came here and noticed I got a response. now I know how mods feel about posting across diff forums so I explained to them my delima and told them you would be helping me - the only thing they had me do was run combo-fix and said to be sure that you know I ran it and had the logs available if you would like to see them:

Now before I perform your above instruction can I ask one question? And I might be wrong for questioning - please forgive me here, Why must I remove ad-aware? that is a program I paid for and use to remove malware? If I'm getting ahead or to excited here I am sorry, I realize your the professional here not me :)

I got 3 hours free time so I'll stay here and follow your guidance :)
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 7:13 pm

OK I'm not gonna question :P I ran CCleaner and removed J2SE Runtime Environment 5.0 Update 6,
Adobe Reader 7.0.5-, and Ad-Aware.

Here are the logs you requested:

DaonolFix (15.04.09) by jpshortstuff
Log created at 16:02 on 21/05/2009 by Compaq_Administrator
Running from C:\Documents and Settings\Compaq_Administrator\Desktop\DaonolFix.exe

=====Find Daonol=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"="wdmaud.drv"
"aux1"="wdmaud.drv"
"aux2"="wdmaud.drv"
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"MSVideo8"="VfWWDM32.dll"
"VIDC.CSCD"="camcodec.dll"
"vidc.cvid"="iccvid.dll"
"vidc.DIVX"="DivX.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iv50"="ir50_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"VIDC.MP42"="mpg4c32.dll"
"VIDC.MPG4"="mpg4c32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"vidc.VP60"="C:\WINDOWS\system32\vp6vfw.dll"
"vidc.VP61"="C:\WINDOWS\system32\vp6vfw.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wave"="wdmaud.drv"
"wave1"="wdmaud.drv"
"wave2"="wdmaud.drv"
"wavemapper"="msacm32.drv"

-=Daonol Files=-
(none found)

-=End Of File=-
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 7:13 pm

Malwarebytes' Anti-Malware 1.36
Database version: 2164
Windows 5.1.2600 Service Pack 3

5/21/2009 4:09:48 PM
mbam-log-2009-05-21 (16-09-48).txt

Scan type: Quick Scan
Objects scanned: 88522
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby askey127 » May 21st, 2009, 9:45 pm

Your logs indicated that you were running the Antivirus version of Ad-Aware and the Zone Labs Security Suite at the same time. Since two simultaneous AV's are a NO-NO, I asked you to remove one.
I may have incorrectly assumed which of the two to remove.

I would like to see the last ComboFix log, if you would post it please.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 9:54 pm

I have ZoneAlarm Security suite wich if I understand rightly is firewall and antivirus - corect me if I'm wrong, and the adaware pro anniversary edition - Which I thought was just a maleware scanner although I do run the ad-watch live included with the program. If I should not run the two at the same time (Zonealarm and ad-aware) then let me know and I will not reinstall ad-aware.

Here is the combo-fix log, gonna be two parts i think cause so long:

ComboFix 09-05-20.A1 - Compaq_Administrator 05/21/2009 14:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1611 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\BtLSt61.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\020-006\L3D_Images_Common.GfxMem=32MB.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Common.GfxMem=32MB.Game=Hentai.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Common.GfxMem=32MB.Game=Luder.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Required.GfxMem=32MB.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Required.GfxMem=32MB.Game=Hentai.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Required.GfxMem=32MB.Game=Luder.bxp
c:\windows\system32\Cache\020-006\L3D_Images_Required.GfxMem=32MB.Game=Winamp.bxp
c:\windows\system32\Cache\020-006\L3D_Scenes_Required.Game=Winamp.bxp
c:\windows\system32\Cache\020-006\L3D_Scripts_Required.bxp
c:\windows\system32\Cache\020-006\L3D_Scripts_Required.Game=Winamp.bxp
c:\windows\system32\winio.vxd
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 19:08 . 2009-05-21 19:08 -------- d-----w C:\rsit
2009-05-21 19:00 . 2009-05-21 19:00 -------- d-----w c:\program files\CCleaner
2009-05-21 02:02 . 2009-05-21 02:02 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Corner-A
2009-05-20 21:23 . 2009-05-20 21:23 -------- d-----w c:\program files\Corner-A
2009-05-20 17:30 . 2009-05-20 17:31 -------- d-----w c:\documents and settings\linkos
2009-05-20 07:17 . 2009-05-20 07:17 22272 ----a-w c:\windows\system32\drivers\RVFsSec.sys
2009-05-20 07:16 . 2009-05-20 07:16 39424 ----a-w c:\windows\system32\drivers\RVSystem.sys
2009-05-20 07:16 . 2009-05-20 07:16 -------- d-----w c:\program files\Returnil
2009-05-20 07:16 . 2009-05-20 07:19 -------- d--h--w C:\RETURNIL
2009-05-19 02:22 . 2009-05-19 09:10 -------- d-----w c:\program files\a-squared Free
2009-05-18 11:00 . 2009-05-18 11:00 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 19:43 . 2009-05-17 19:46 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\SecondLife
2009-05-17 19:37 . 2009-05-17 19:38 -------- d-----w c:\program files\SecondLife
2009-05-13 07:31 . 2009-04-01 02:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-13 00:07 . 2009-05-13 00:07 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-13 00:03 . 2009-05-13 00:09 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-13 00:00 . 2009-05-13 00:00 -------- d-sh--w c:\documents and settings\Compaq_Administrator\IECompatCache
2009-05-12 23:58 . 2009-05-20 17:18 -------- d-----w c:\documents and settings\linkos\Latina
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\FireStix
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\Perfume
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\Japanese
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\Walls
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\Extreme Sik
2009-05-12 23:58 . 2009-05-12 23:58 -------- d-----w c:\documents and settings\linkos\Corrupt
2009-05-12 23:56 . 2009-05-12 23:56 -------- d-sh--w c:\documents and settings\Compaq_Administrator\PrivacIE
2009-05-12 23:53 . 2009-05-12 23:53 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-12 23:51 . 2009-05-12 23:51 -------- d-sh--w c:\documents and settings\Compaq_Administrator\IETldCache
2009-05-12 23:45 . 2009-05-12 23:45 -------- d-----w c:\windows\ie8updates
2009-05-12 23:45 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-12 23:43 . 2009-05-12 23:45 -------- dc-h--w c:\windows\ie8
2009-05-12 23:33 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-12 23:33 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-12 23:33 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-12 23:33 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-12 23:33 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-12 23:33 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-12 23:33 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-05-12 23:33 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-12 23:33 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-12 23:32 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-12 23:32 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-10 01:35 . 2009-05-10 01:35 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-05-10 01:34 . 2009-05-10 01:34 -------- d-----w c:\program files\TweetDeck
2009-05-08 08:31 . 2005-01-03 06:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-05-06 05:49 . 2009-05-06 06:22 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Download Manager
2009-05-06 03:22 . 2005-09-12 23:00 155648 ----a-w c:\windows\system32\drivers\Phibtn.exe
2009-05-06 03:22 . 2005-09-12 23:00 266240 ----a-w c:\windows\system32\drivers\Tray900.exe
2009-05-06 03:22 . 2009-05-06 03:22 -------- d-----w c:\windows\Options
2009-05-06 03:03 . 2009-05-06 03:03 -------- d-----w c:\program files\Philips_VLounge
2009-05-06 01:48 . 2009-05-06 01:48 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Publish Providers
2009-05-06 01:47 . 2009-05-06 02:32 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Sony
2009-05-06 01:47 . 2009-05-06 01:47 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sony
2009-05-06 01:37 . 2009-05-06 01:37 -------- d-----w c:\program files\Common Files\eSellerate
2009-05-06 01:19 . 2009-05-06 01:19 -------- d-----w c:\program files\Sony Setup
2009-05-05 23:31 . 2009-05-05 23:31 200888 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-05 22:13 . 2009-05-05 22:13 -------- d-----w c:\documents and settings\All Users\CyberLink
2009-05-05 06:49 . 2009-05-05 06:50 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\CyberLink
2009-05-05 02:37 . 2003-06-26 17:04 237568 ------w c:\windows\system32\qtmlClient.dll
2009-05-05 02:37 . 2003-07-01 23:49 69632 ------w c:\windows\system32\MtxPreview.dll
2009-05-05 02:37 . 2003-07-01 23:49 49152 ------w c:\windows\system32\MtxParhBFXPreview.dll
2009-05-05 02:37 . 2003-01-20 16:08 49152 ------w c:\windows\system32\CvoAPI.dll
2009-05-05 02:14 . 2009-05-05 02:14 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2009-05-05 02:00 . 2009-05-05 04:43 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-05-01 02:16 . 2009-05-01 02:16 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\ValuSoft
2009-05-01 02:12 . 2009-05-01 02:12 -------- d-----w c:\program files\Prison Tycoon 4
2009-05-01 02:02 . 2009-05-01 02:06 910146 ----a-w c:\windows\Prison Tycoon 2 Uninstaller.exe
2009-05-01 01:59 . 2009-05-01 01:59 -------- d-----w c:\program files\Common Files\Thraex Software
2009-05-01 01:59 . 2009-05-01 02:06 -------- d-----w c:\program files\Prison Tycoon 2
2009-05-01 01:32 . 2009-05-01 01:32 -------- d-----w c:\program files\Eidos
2009-05-01 00:17 . 2009-05-01 00:17 -------- d-----w c:\program files\Lionhead Studios
2009-04-29 02:00 . 2009-04-29 02:00 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-28 21:42 . 2009-04-29 02:00 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\SPORE
2009-04-28 21:40 . 2009-04-28 21:41 -------- d-----w C:\SporeCache
2009-04-28 21:34 . 2009-04-28 21:34 1748 ------w c:\windows\system32\ealregsnapshot1.reg
2009-04-28 21:34 . 2009-04-28 21:34 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations
2009-04-28 21:22 . 2009-04-29 00:03 -------- d-----w c:\program files\Electronic Arts
2009-04-26 23:24 . 2009-04-26 23:24 249856 ------w c:\windows\Setup1.exe
2009-04-26 23:24 . 2009-05-13 19:26 -------- d-----w c:\program files\cybershamanfree
2009-04-26 04:59 . 2009-04-26 04:59 -------- d-----w c:\program files\Virtual Hypnotist
2009-04-22 22:23 . 2009-04-23 00:55 -------- d-----w c:\program files\Graffiti Studio 2.0
2009-04-22 11:23 . 2009-04-22 11:23 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Ginipic
2009-04-22 10:43 . 2009-04-27 02:32 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\FlickrNet
2009-04-22 10:43 . 2009-04-22 10:43 -------- d-----w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sam_Judson_(sam@wackylabs
2009-04-22 10:36 . 2008-09-11 00:52 790528 ------w c:\windows\system32\TwitSaver.scr
2009-04-22 10:36 . 2009-04-22 10:36 -------- d-----w c:\program files\TwitSaver
2009-04-22 10:23 . 2009-04-22 10:37 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\TwitSaver
2009-04-22 09:31 . 2009-04-22 09:31 -------- d-----w c:\program files\zFlick
2009-04-22 08:34 . 2009-04-22 08:34 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 21:24 . 2008-10-28 11:52 278123808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-21 21:18 . 2008-10-28 11:52 3723404 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-21 05:04 . 2008-05-10 03:56 0 ----a-w c:\windows\wrieuasyer15.dat
2009-05-20 07:23 . 2009-05-20 07:24 5094912 ----a-w c:\windows\Internet Logs\xDB1B.tmp
2009-05-19 01:39 . 2008-06-06 23:21 3888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS
2009-05-18 11:00 . 2009-01-23 21:30 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-18 10:18 . 2008-05-10 03:46 -------- d-----w c:\program files\SolSuite
2009-05-18 10:00 . 2008-05-10 03:51 -------- d-----w c:\program files\MahJong Suite
2009-05-15 07:10 . 2009-05-15 07:11 1028608 ----a-w c:\windows\Internet Logs\xDB1A.tmp
2009-05-15 06:49 . 2008-05-09 07:35 -------- d-----w c:\program files\Pixelan
2009-05-15 06:47 . 2006-09-06 01:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-15 06:41 . 2008-10-18 02:10 2004 ----a-w c:\windows\Registration\e10f24f0-652e-11dd-ad8b-0800200c9a66.dll
2009-05-15 06:09 . 2008-12-10 23:21 -------- d-----w c:\program files\Sony
2009-05-13 07:35 . 2008-05-07 06:25 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-05-12 19:37 . 2009-01-23 20:58 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-12 07:32 . 2008-11-29 21:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 03:08 . 2008-11-29 22:40 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-06 03:24 . 2009-05-06 03:25 1882624 ----a-w c:\windows\Internet Logs\xDB19.tmp
2009-05-06 03:16 . 2008-05-09 00:47 -------- d-----w c:\program files\Common Files\ArcSoft
2009-05-05 22:15 . 2006-09-06 01:09 141928 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 00:27 . 2008-05-10 04:52 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 00:02 . 2008-12-26 05:45 -------- d-----w c:\program files\Atari
2009-04-28 21:42 . 2008-05-25 23:37 107888 ------w c:\windows\system32\CmdLineExt.dll
2009-04-26 23:24 . 2008-05-31 22:29 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-22 08:38 . 2008-08-08 23:57 8931897 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-20 08:04 . 2009-04-20 08:05 431104 ----a-w c:\windows\Internet Logs\xDB18.tmp
2009-04-20 00:19 . 2008-05-08 00:30 -------- d-----w c:\program files\Winamp
2009-04-14 02:34 . 2008-05-10 09:13 -------- d-----w c:\program files\Paltalk Messenger
2009-04-06 22:32 . 2008-11-29 21:13 38496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-11-29 21:13 15504 ------w c:\windows\system32\drivers\mbam.sys
2009-04-01 02:20 . 2008-10-28 11:48 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 23:01 . 2009-03-31 23:02 1479168 ----a-w c:\windows\Internet Logs\xDB17.tmp
2009-03-30 01:48 . 2008-08-01 08:48 -------- d-----w c:\program files\Comical
2009-03-30 01:48 . 2008-05-10 04:00 -------- d-----w c:\program files\Bikini Solitaire V1.0.3
2009-03-23 01:22 . 2009-03-23 01:22 4608 ------w c:\windows\system32\w95inf32.dll
2009-03-23 01:22 . 2009-03-23 01:22 2272 ------w c:\windows\system32\w95inf16.dll
2009-03-23 01:07 . 2009-03-23 01:07 717296 ------w c:\windows\system32\drivers\sptd.sys
2009-03-10 14:10 . 2009-03-10 14:11 143872 ----a-w c:\windows\Internet Logs\xDB16.tmp
2009-03-10 12:40 . 2009-03-10 12:41 321024 ----a-w c:\windows\Internet Logs\xDB15.tmp
2009-03-10 12:24 . 2009-03-10 12:19 43520 ------w c:\windows\system32\CmdLineExt03.dll
2009-03-10 11:44 . 2009-03-10 11:44 0 ----a-w c:\windows\PowerReg.dat
2009-03-10 05:19 . 2009-03-10 05:20 2962944 ----a-w c:\windows\Internet Logs\xDB14.tmp
2009-03-10 03:16 . 2009-03-10 03:14 109 ------w c:\windows\system32\2823673565.dat
2009-03-08 11:34 . 2004-08-10 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-10 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-10 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-10 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-10 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-10 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-10 04:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-10 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-10 04:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-10 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ------w c:\windows\system32\pdh.dll
2009-03-06 09:21 . 2009-03-06 09:22 320000 ----a-w c:\windows\Internet Logs\xDB13.tmp
2009-03-05 02:06 . 2009-03-05 02:07 187904 ----a-w c:\windows\Internet Logs\xDB12.tmp
2009-03-01 10:49 . 2009-03-01 10:50 323584 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-02-27 00:39 . 2008-07-16 05:07 1324 ------w c:\windows\system32\d3d9caps.dat
2009-02-27 00:17 . 2009-02-27 00:18 2775552 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-02-27 00:17 . 2009-02-27 00:18 3729920 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-12-18 04:29 . 2008-12-18 04:29 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-12-25 12:38 . 2008-05-07 04:42 22 --sha-w c:\windows\SMINST\HPCD.SYS
.

------- Sigcheck -------

[-] 2005-03-14 08:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2004-08-10 04:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-03-14 07:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby Filtereyez » May 21st, 2009, 9:55 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON WorkForce 600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE" [2008-03-04 188928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-18 30192]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-12 516440]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-09-12 155648]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-09-12 266240]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-04-01 982408]
"Rvsystem"="c:\program files\Returnil\Returnil.exe" [2009-05-20 2304000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-5-7 3009656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-8 434176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-23 10:03 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 22:13 49152 ----a-w c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-06 18:14 204080 ----a-w c:\progra~1\Stardock\OBJECT~2\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\Program Files\\Eidos\\Rogue Trooper\\RogueTrooper.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/23/2009 1:58 PM 64160]
R0 RVFsSec;RVFsSec;c:\windows\system32\drivers\RVFsSec.sys [5/20/2009 12:17 AM 22272]
R0 RVSystem;RVSystem;c:\windows\system32\drivers\RVSystem.sys [5/20/2009 12:16 AM 39424]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [12/10/2008 6:10 PM 19478]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [12/10/2008 6:10 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [12/10/2008 6:10 PM 431236]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 953168]
R2 Orphalese Deck Service;Orphalese Deck Service;c:\program files\Orphalese\Orphalese Tarot\DeckService.exe [8/30/2008 11:34 AM 28672]
R3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [5/8/2008 5:47 PM 1239552]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/17/2008 9:29 PM 30192]
S3 MaplomL;MaplomL; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]
S3 TucbDriverV32;TucbDriverV32;c:\windows\system32\drivers\TucbDriverV32.sys [7/6/2008 8:39 PM 508544]
S3 TucbVideo32;TucbVideo32;c:\windows\system32\drivers\TucbVideo32.sys [7/6/2008 8:40 PM 3768]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2008-11-30 22:05]

2008-12-06 c:\windows\Tasks\ParetoLogic Privacy Controls_{455D042C-C371-11DD-8384-0018F37ACC4F}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2008-11-25 19:28]

2009-05-21 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 20:25]

2009-03-11 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 20:25]

2009-05-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-03-11 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2009-05-21 c:\windows\Tasks\User_Feed_Synchronization-{4DA5A50A-384D-466B-ACA9-6837B3E7E9CA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: DiaryOne: Save full text - c:\program files\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files\DiaryOne\Script\catcher.htm
IE: eDocOne: Save to... - c:\program files\eDocOne\Script\catcher.htm
IE: {{34C3E8B4-9D99-4F3C-A2F9-64007F446F54} - c:\program files\eDocOne\Script\catcher2.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\hzav8ymr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\hzav8ymr.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\hzav8ymr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Evernote\Evernote3\FfTbClipper\components\enbar3.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 14:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3303901203-2237977533-341204483-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C777922D-C452-BC59-4FC8-42A937A6B0D3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhdljobehnchlikkcbfaigkfffjeboocm"=hex:63,62,6e,68,6b,61,70,64,6e,6f,6b,68,
64,66,66,66,69,62,68,64,61,61,62,66,69,6c,6a,67,6b,63,69,6d,6c,63,6d,69,69,\
"bbhdljobehnchlikkccfpflpdcpjpjpimaba"=hex:61,62,6c,68,63,64,70,70,69,63,67,6c,
64,6c,6d,67,6c,68,6c,61,64,68,6c,70,6c,6b,64,6c,69,6c,69,65,68,65,00,69

[HKEY_USERS\S-1-5-21-3303901203-2237977533-341204483-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,7b,c6,e1,d5,e6,f6,7f,cf,2e,58,69,bd,f7,c7,64,b4,b3,35,ea,2f,
f8,25,15,4e,57,c9,d6,bc,06,5e,4b,45,b2,fa,ad,7d,18,44,fe,52,da,cd,f6,62,70,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,83,d3,d7,11,a6,
59,44,3a,c8,28,51,af,b0,29,a3,98,bc,fe,db,03,c5,29,3d,2e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,a5,1d,2b,c5,e3,
21,7b,ad,71,3b,04,66,8b,46,0d,96,13,d2,4f,d9,69,1a,ac,c7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,ee,27,53,8f,a8,
29,93,87,25,da,ec,7e,55,20,c9,26,11,31,77,20,cc,4e,a4,0b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,f8,6a,0a,54,0e,
e2,d3,4d,3e,1e,9e,e0,57,5a,93,61,58,e0,7f,d7,23,f1,b8,e7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,48,e6,1b,0f,6a,
b8,ff,74,cd,44,cd,b9,a6,33,6c,cd,43,24,f1,6e,28,d2,54,8e,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,2e,1f,da,19,54,
bf,eb,f8,b0,18,ed,a7,3f,8d,37,a4,dc,13,c2,12,eb,b8,a2,5c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,87,b1,c2,51,f3,
88,0d,5a,31,77,e1,ba,b1,f8,68,02,ee,0c,07,b1,35,0a,99,e2,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,2f,03,e9,9c,90,
0a,7f,20,83,6c,56,8b,a0,85,96,ab,51,a1,5d,f0,f6,57,ab,45,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,69,ee,d6,f9,c5,
70,c8,94,51,fa,6e,91,28,9e,14,cc,fc,d5,9e,7c,7b,0b,dc,13,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,32,b2,5a,ff,fb,
a1,ad,33,b1,cd,45,5a,a8,c4,f8,b9,3c,a7,d4,22,9c,28,04,2a,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a0,93,77,36,c9,
65,3b,96,e3,0e,66,d5,eb,bc,2f,6b,3f,16,24,b2,31,55,25,93,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f3,8d,fe,ee,d7,
26,70,6b,fa,ea,66,7f,d4,3b,6b,70,c9,d2,0b,8b,7a,28,0d,dc,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(3008)
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
c:\program files\Stardock\Object Desktop\DeskScapes\deskscape.dll
c:\windows\system32\d3dx9_32.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
c:\program files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
c:\progra~1\COMMON~1\Stardock\mcpcore.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\tray.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\Stardock\sdmcp.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\system32\scardsvr.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\arservice.exe
c:\windows\system32\ASTSRV.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
.
**************************************************************************
.
Completion time: 2009-05-21 14:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 21:32

Pre-Run: 60,623,953,920 bytes free
Post-Run: 60,490,129,408 bytes free

464
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby askey127 » May 22nd, 2009, 7:21 am

Filtereyez,
I would suggest using either Malwarebytes Anti-Malware or SuperAntiSpyware in conjunction with your Zone Alarm AntiVirus Suite.
Either is compatible with Zone Alarm and can be used for scans every week or so.

I don't see any malware on your machine at this time.
Your machine does have an extremely large number of installed programs, so you should keep it Defragmented and check regularly that your C: drive has always at least 15% free space.
------------------------------------------------------------
Download the latest version of Java SE Runtime Environment(JRE), and install it to your computer.
It is the 5th one on the page, called Java SE Runtime Environment (JRE) 6 Update 13
Select Windows, multi-language, and check to agree to the license.
Download it, choose save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
--------------------------------------------------------
Download the Newest Version of Adobe Reader
  • Go here and click on AdbeRdr910_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.

If you prefer a simple reader, without plug-ins, that is smaller and faster, take a look at the free Foxit Reader here : http://www.foxitsoftware.com/downloads/
I would recommend the older Foxit version 2.3 only, without the toolbar. Foxit version 3.0 has the undesirable ASK toolbar.
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
Do not use the Registry block to clean anything with this program. It is for experts only and it is risky.
(As a general rule, don't ever use a registry cleaner or "registry optimizer" of any kind on your machine).
  • Select Cleaner Settings.
    Check Internet Explorer and System so that all items are checked. In The Windows Explorer section, you may wish to leave "Windows Log Files", "Start Menu Shortcuts", and "Desktop Shortcuts" unchecked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.
  • Select Cleaner Settings.
    Under Internet Explorer, Uncheck "History".
  • Click on the Options block on the left. Select Advanced.
    Check Only delete files in Windows Temp folders older than 48 hours.
  • Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run CCleaner when computer starts.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware problems I think??

Unread postby Filtereyez » May 22nd, 2009, 3:27 pm

I just ran the last instructions, and everything is running superb, matter of fact I never knew my computer could ever be this fast to respond :P . askey your help has been immeasurable! I thank you very very much for you time and concern, the work you all do here is outstanding.

As I already have Malwarebytes and ZoneAlarm Security Suite I'll continue with those two, I will not reinstall Ad-aware Pro AE, I did not realize the Pro included antivirus engine and when I bought the pro I remember there site specifically said it would compliment ZoneAlarm, but at this time I can find nothing on their site to this effect, matter of fact for a layman like myself it hard to tell that it does have antivirus. Live and learn right? :P

And as a last note : I am assuming the combofix, DaonolFix, and Rsit can all be removed by just deleting the icons off my desktop since they were all stand alone and saved to the desktop. If I am wrong please correct me. And as well when I ran combofix I remember it saying that it turned autoruns off, which is a bummer cause I really like that feature, but I am almost sure I also seen somewhere posted that for security purposes it is better to have autorun turned off? Should I just leave it off? I don't know how to turn it on so if it needs to be on I sure could use some assistance there.

Again Thank You
Filtereyez
Active Member
 
Posts: 10
Joined: November 29th, 2008, 8:03 pm

Re: Malware problems I think??

Unread postby askey127 » May 22nd, 2009, 6:59 pm

Filtereyez,
The difficulty with ZoneAlarm and Ad-Aware is like this:
Both companies think of the other company's basic program when they discuss compatibility.
The two "fancy" ones will not work together properly.

Before you remove ComboFix, you can use it to reset the Autoruns, and have CF remove itself.
-----------------------------------------------------------
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the Combofix and the /u
    • Image
  • When shown the disclaimer, Select "2"

You can have Autoruns turned "ON" with no problem.

Whenever you have a flash drive, always put a Read-Only folder in the root of it named autorun.inf.
This prevents most malware from ever installing an autostart "file" of that name.

Removing the other programs from your desktop should be just fine.
Good job.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware