Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

pop ups in windows explorer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

pop ups in windows explorer

Unread postby tamskinner » September 22nd, 2009, 3:07 am

Hi please help. I use firefox, but am getting pop ups firing up in a windows explorer window. HJT log below
Many thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:08, on 22/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd (file missing)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\Idle Eq.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [freeelse] C:\DOCUME~1\Mark\APPLIC~1\JOYLON~1\user less.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://performancesoft.webex.com/clien ... eatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

--
End of file - 11976 bytes
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am
Advertisement
Register to Remove

Re: pop ups in windows explorer

Unread postby MikeSwim07 » September 25th, 2009, 8:06 pm

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » September 26th, 2009, 3:17 am

Hi Michael, thanks for your help. HJT uninstall list below:

ABC (remove only)
Able RAWer 1.3
Access Help
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Adobe SVG Viewer
AndreaMosaic 3.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Audacity 1.2.6
Authentium AntiVirus SDK - 2
Bonjour
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Crush'Em 2.0
Diskeeper Lite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
eMusic Download Manager 4.1.2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR800 Referene Guide
ESPR800 Software Guide
Eye 312
Eye 312
FontPage 3.0.0
Football Manager 2006
Forex Money Map 1.3.02
Free Disc Burner version 1.1
Free Studio version 4.1
Free YouTube to iPod Converter version 3.1
Free YouTube to Mp3 Converter version 3.1
Google Desktop
Google Desktop
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Help Center
HijackThis 2.0.2
Hitman Pro
hotComm® CL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iArt 3
IBM 32-bit Runtime Environment for Java 2, v1.4.2
InterVideo WinDVD
iPhone Configuration Utility
iPod for Windows 2005-10-12
iPod for Windows 2006-06-28
iPodCopy
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kaspersky Online Scanner
Kiwee Toolbar
Lenovo Care
Lenovo Care Supplement
Malwarebytes' Anti-Malware
Memory-Map OS Edition 2004
Message Center
Messenger Plus! 3
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Midtown Madness 2
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MixMeister BPM Analyzer 1.0
MobileMe Control Panel
Mouse Suite
Mozilla Firefox (3.0.14)
Mozilla Sunbird (0.7)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My DSC
MyDSC2
MyDSC2
NVIDIA Drivers
OpD2d
OpenOffice.org 3.1
Packard Bell Diamond 1200Plus v1.0
PC-Doctor 5 for Windows
PenSoft
PerfectDisk
Picasa 2
PIF DESIGNER2.1
PodUtil 3.0.3
PPSDKRedistributables
Protected Music Converter 1.0.0.9
Puzzl'Em 1.0 Beta2
QuickTime
Radialpoint Security Services
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 7.0
Rescue and Recovery
Rhapsody Player Engine
Roxio Digital Media LE
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Serif PagePlus SE 1.0
Skype™ 4.0
Sonic Update Manager
SweetIM for Messenger 2.6
SweetIM Toolbar for Internet Explorer 3.3
ThinkVantage Technologies Welcome Message
Translation Services Provided by WorldLingo for Microsoft Word
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoEgg Publisher
Virgin Broadband advisor 1.5.14
Virgin Broadband PCguard
Wallpapers
WebEx
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2007
WIRELESS DESIGN & WORK TABLET 100/200/400/1200
XP Themes

Tam
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby MikeSwim07 » September 30th, 2009, 4:18 pm

Hi,

I notice you have a program called PCGuard is a product from Virgin Broadband. Does this program have both Anti-Virus and a Firewall? I also notice that you have authentium Anti-Virus installed. Do you use this application?

Uninstall programs

Some programs that you have are malicious. We need to uninstall them. I have the removal of some toolbars (Kiwee and SweetIM), which are considered malicous by many users. If you don't want to remove these, please inform me of why.

  • First, Click on Start > Control Panel
  • Next, Click on Add or Remove Programs
  • Wait for the list of programs to load
  • Locate the following programs and click Remove

    Kiwee Toolbar
    Messenger Plus! Live & Sponsor (CiD)
    SweetIM for Messenger 2.6
    SweetIM Toolbar for Internet Explorer 3.3
  • Follow the prompts of the uninstaller to uninstall/remove the program
  • Once all of the above have been uninstalled, please close Add/Remove Programs

Lop S&D-Option 1

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Please post the lopR.txt log and a new Uninstall list (from Hijackthis) and a new Hijackthis log on your next reply. Please also answer the questions I asked near the beginning of the post. How is your computer running?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » October 1st, 2009, 2:05 pm

Hi, yes PC Guard has Anti Virus and firewall protection. I dont use the AUthenium (I dont think!)
I couldnt unistall the kiwee toolbar - I got the following error messages:

Kiwee toolbar: "a programme required for this install to complete could not be run..", and "fatal error during installation"

Computer seems to be running fine, but I hate unwanted pop ups. WOuld love to retalitate, but dont know how to!
Many thanks
Tam
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mark ( Administrator )
BOOT : Normal boot
Antivirus : PCguard Anti-Virus 6.0.1 (Not Activated)
Firewall : PCguard Firewall 6.0.1 (Not Activated)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:9 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB) - FAT - Total:1902 Mo (Free:1 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:115 Go (Free:1 Go)
J:\ (USB) - FAT32 - Total:3827 Mo (Free:3 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 01/10/2009|18:57 )

--------------------\\ Listing folders in APPLIC~1


[20/01/2008|12:31] C:\DOCUME~1\ADMINI~1.OUR\APPLIC~1\Microsoft

[16/10/2008|19:49] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft

[02/12/2008|08:19] C:\DOCUME~1\ADMINI~1.001\APPLIC~1\Microsoft

[05/01/2009|07:45] C:\DOCUME~1\ADMINI~1.002\APPLIC~1\Microsoft

[15/03/2009|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[23/09/2009|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[12/04/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[26/09/2009|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/07/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
[23/09/2009|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[20/11/2006|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[01/10/2009|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
[09/01/2009|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/05/2009|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverScanner
[03/11/2007|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/09/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/01/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[10/06/2006|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[19/05/2008|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[31/12/2007|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[10/06/2006|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo
[31/07/2006|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[15/05/2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/03/2009|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/11/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MipKukSoft
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[20/04/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[28/12/2007|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/07/2007|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[31/05/2009|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[09/08/2004|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[22/02/2009|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[05/10/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/08/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[31/07/2006|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ThinkVantage
[31/07/2006|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[31/05/2009|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
[05/06/2009|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[22/09/2006|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/09/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[01/12/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
[28/11/2008|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\Adobe
[01/08/2009|20:02] C:\DOCUME~1\Chloe\APPLIC~1\eBay
[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\Macromedia
[26/04/2008|18:15] C:\DOCUME~1\Chloe\APPLIC~1\Mozilla
[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\WholeSecurity

[10/06/2006|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[09/08/2004|21:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/06/2006|04:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec


[14/07/2008|17:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[06/09/2008|08:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/04/2009|07:36] C:\DOCUME~1\Mark\APPLIC~1\.ABC
[26/09/2009|18:19] C:\DOCUME~1\Mark\APPLIC~1\Adobe
[02/06/2008|06:35] C:\DOCUME~1\Mark\APPLIC~1\AdobeUM
[14/07/2008|17:32] C:\DOCUME~1\Mark\APPLIC~1\agi
[23/09/2009|19:53] C:\DOCUME~1\Mark\APPLIC~1\Apple Computer
[11/05/2009|20:31] C:\DOCUME~1\Mark\APPLIC~1\ArcSoft
[09/01/2009|20:49] C:\DOCUME~1\Mark\APPLIC~1\AVS4YOU
[21/01/2007|10:27] C:\DOCUME~1\Mark\APPLIC~1\BearShare
[15/12/2007|08:31] C:\DOCUME~1\Mark\APPLIC~1\eBay
[01/05/2009|06:15] C:\DOCUME~1\Mark\APPLIC~1\eMusic
[12/01/2007|09:11] C:\DOCUME~1\Mark\APPLIC~1\Google
[04/12/2006|11:49] C:\DOCUME~1\Mark\APPLIC~1\Help
[10/06/2006|04:39] C:\DOCUME~1\Mark\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\Mark\APPLIC~1\Identities
[09/09/2008|14:14] C:\DOCUME~1\Mark\APPLIC~1\InstallShield
[23/11/2007|17:06] C:\DOCUME~1\Mark\APPLIC~1\Kybtec Software
[08/05/2009|09:17] C:\DOCUME~1\Mark\APPLIC~1\Leadertech
[01/03/2008|20:47] C:\DOCUME~1\Mark\APPLIC~1\LimeWire
[14/10/2006|16:13] C:\DOCUME~1\Mark\APPLIC~1\Macromedia
[15/05/2008|21:30] C:\DOCUME~1\Mark\APPLIC~1\Malwarebytes
[21/02/2009|23:09] C:\DOCUME~1\Mark\APPLIC~1\Microsoft
[23/11/2007|17:06] C:\DOCUME~1\Mark\APPLIC~1\MipKukSoft
[06/09/2008|08:20] C:\DOCUME~1\Mark\APPLIC~1\Mozilla
[09/10/2008|19:05] C:\DOCUME~1\Mark\APPLIC~1\MSNInstaller
[12/08/2007|11:19] C:\DOCUME~1\Mark\APPLIC~1\Oberon Media
[09/05/2009|14:43] C:\DOCUME~1\Mark\APPLIC~1\OpenOffice.org
[08/01/2008|18:57] C:\DOCUME~1\Mark\APPLIC~1\PowerChallenge
[16/01/2009|10:24] C:\DOCUME~1\Mark\APPLIC~1\Real
[30/09/2006|06:41] C:\DOCUME~1\Mark\APPLIC~1\Ringtone
[15/12/2008|19:26] C:\DOCUME~1\Mark\APPLIC~1\Serif
[20/09/2009|21:39] C:\DOCUME~1\Mark\APPLIC~1\Skype
[20/09/2009|18:50] C:\DOCUME~1\Mark\APPLIC~1\skypePM
[08/05/2009|09:17] C:\DOCUME~1\Mark\APPLIC~1\Sonic
[08/01/2007|22:57] C:\DOCUME~1\Mark\APPLIC~1\Sun
[10/06/2006|04:42] C:\DOCUME~1\Mark\APPLIC~1\Symantec
[09/02/2008|11:00] C:\DOCUME~1\Mark\APPLIC~1\Talkback
[01/08/2006|18:20] C:\DOCUME~1\Mark\APPLIC~1\Telewest
[31/07/2006|17:49] C:\DOCUME~1\Mark\APPLIC~1\ThinkVantage
[31/12/2007|11:17] C:\DOCUME~1\Mark\APPLIC~1\TrojanHunter
[08/05/2009|10:26] C:\DOCUME~1\Mark\APPLIC~1\Uniblue
[31/05/2009|07:35] C:\DOCUME~1\Mark\APPLIC~1\Virgin Broadband
[05/12/2007|10:12] C:\DOCUME~1\Mark\APPLIC~1\webex
[29/12/2006|15:36] C:\DOCUME~1\Mark\APPLIC~1\WholeSecurity
[15/02/2008|19:47] C:\DOCUME~1\Mark\APPLIC~1\WinPatrol


[30/01/2009|22:50] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Adobe
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\eBay
[10/06/2006|04:50] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Identities
[08/06/2008|10:14] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Macromedia
[16/01/2009|20:01] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Microsoft
[16/10/2008|07:49] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Mozilla
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Real
[27/06/2008|07:05] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Sun
[10/06/2006|04:42] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Symantec
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Telewest
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\ThinkVantage
[09/06/2009|18:01] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Virgin Broadband
[28/07/2009|21:31] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\WholeSecurity

[05/09/2008|20:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
[09/08/2004|21:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[02/08/2009|18:27] C:\DOCUME~1\Pat\APPLIC~1\Adobe
[07/02/2008|18:31] C:\DOCUME~1\Pat\APPLIC~1\eBay
[12/01/2007|10:43] C:\DOCUME~1\Pat\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\Pat\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\Pat\APPLIC~1\Identities
[01/08/2006|09:12] C:\DOCUME~1\Pat\APPLIC~1\Macromedia
[26/02/2007|19:02] C:\DOCUME~1\Pat\APPLIC~1\Microsoft
[19/01/2008|13:31] C:\DOCUME~1\Pat\APPLIC~1\Mozilla
[30/09/2006|19:38] C:\DOCUME~1\Pat\APPLIC~1\Real
[01/08/2006|09:08] C:\DOCUME~1\Pat\APPLIC~1\Symantec
[01/08/2006|20:22] C:\DOCUME~1\Pat\APPLIC~1\Telewest
[01/08/2006|09:08] C:\DOCUME~1\Pat\APPLIC~1\ThinkVantage
[05/06/2009|12:29] C:\DOCUME~1\Pat\APPLIC~1\Virgin Broadband
[02/08/2009|18:39] C:\DOCUME~1\Pat\APPLIC~1\WholeSecurity

[15/10/2008|18:33] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[16/10/2008|19:50] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[30/09/2009 20:44][--a------] C:\WINDOWS\tasks\Norton Security Scan for Mark.job
[25/09/2009 20:58][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/09/2009 09:00][--a------] C:\WINDOWS\tasks\rpc.job
[01/10/2009 07:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/11/2007|12:32] C:\Program Files\1stWORKS
[31/07/2006|20:09] C:\Program Files\A_Tablet
[18/04/2009|07:46] C:\Program Files\ABC
[23/02/2008|10:53] C:\Program Files\AbleRAWer
[14/07/2008|07:08] C:\Program Files\Adobe
[25/09/2008|18:47] C:\Program Files\AGI
[14/02/2007|09:44] C:\Program Files\AndreaMosaic
[30/09/2006|10:36] C:\Program Files\AnMing
[01/09/2008|15:05] C:\Program Files\Apple Software Update
[15/10/2006|15:44] C:\Program Files\ArcSoft
[10/02/2008|12:06] C:\Program Files\Audacity
[10/06/2006|04:32] C:\Program Files\AvRack
[25/09/2009|07:06] C:\Program Files\AVS4YOU
[21/01/2007|10:25] C:\Program Files\BearShare Applications
[15/02/2008|19:47] C:\Program Files\BillP Studios
[06/02/2009|22:05] C:\Program Files\Bonjour
[31/05/2009|07:38] C:\Program Files\CA
[17/12/2007|21:40] C:\Program Files\Canon
[05/01/2008|09:07] C:\Program Files\CCleaner
[04/07/2009|15:00] C:\Program Files\Common Files
[31/05/2009|07:38] C:\Program Files\ComPlus Applications
[15/05/2008|21:21] C:\Program Files\Crawler
[10/06/2006|04:37] C:\Program Files\Diskeeper Corporation
[04/07/2009|15:02] C:\Program Files\DivX
[21/03/2009|18:21] C:\Program Files\DVDVideoSoft
[02/08/2006|17:39] C:\Program Files\EarthLink TotalAccess
[25/09/2009|07:06] C:\Program Files\eBay
[01/06/2009|08:17] C:\Program Files\eMusic Download Manager
[30/12/2007|11:30] C:\Program Files\EPSON
[31/07/2006|19:51] C:\Program Files\EPSON Print CD
[13/04/2008|05:04] C:\Program Files\FontPage
[23/03/2009|15:54] C:\Program Files\Forex Money Map
[23/11/2007|19:11] C:\Program Files\FxClub
[13/12/2008|09:39] C:\Program Files\GameHouse
[04/07/2009|15:03] C:\Program Files\Google
[06/05/2008|08:14] C:\Program Files\Hitman Pro
[10/09/2008|13:05] C:\Program Files\iArt
[10/06/2006|04:39] C:\Program Files\IBM
[10/06/2006|04:49] C:\Program Files\IBM ThinkVantage
[10/05/2009|07:50] C:\Program Files\IDIGICON LimitedCrazy Golf
[31/05/2009|07:36] C:\Program Files\InstallShield Installation Information
[06/08/2009|22:30] C:\Program Files\Internet Explorer
[10/06/2006|04:38] C:\Program Files\InterVideo
[23/09/2009|19:18] C:\Program Files\iPhone Configuration Utility
[23/09/2009|19:37] C:\Program Files\iPod
[23/09/2009|19:40] C:\Program Files\iTunes
[20/01/2008|12:32] C:\Program Files\iTunes(2)
[16/01/2009|08:13] C:\Program Files\Java
[15/12/2006|22:03] C:\Program Files\JoWooD
[09/05/2009|14:38] C:\Program Files\JRE
[19/01/2008|11:46] C:\Program Files\Kaspersky Lab
[23/11/2007|17:06] C:\Program Files\Kybtec Software
[09/09/2008|14:15] C:\Program Files\KYE
[31/12/2007|09:24] C:\Program Files\Lavasoft
[10/06/2006|04:32] C:\Program Files\Lenovo
[10/02/2008|12:08] C:\Program Files\libmp3lame-3.97
[10/05/2009|07:52] C:\Program Files\Mahjong Deluxe
[15/05/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
[21/04/2009|18:54] C:\Program Files\Memory-Map
[20/08/2008|21:30] C:\Program Files\Messenger
[01/10/2009|18:50] C:\Program Files\Messenger Plus! Live
[01/03/2009|02:25] C:\Program Files\MessengerPlus! 3
[20/03/2009|22:43] C:\Program Files\MetaTrader 4
[01/03/2009|12:45] C:\Program Files\Microsoft
[31/07/2006|19:21] C:\Program Files\Microsoft ActiveSync
[09/05/2007|21:36] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/08/2004|21:27] C:\Program Files\microsoft frontpage
[08/08/2006|20:17] C:\Program Files\Microsoft Games
[09/05/2009|14:10] C:\Program Files\Microsoft Office
[28/11/2008|23:41] C:\Program Files\Microsoft SQL Server Compact Edition
[20/09/2006|16:33] C:\Program Files\MixMeister BPM Analyzer
[30/12/2007|11:19] C:\Program Files\MonkeyBongo
[20/05/2008|07:13] C:\Program Files\Movie Maker
[01/10/2009|17:10] C:\Program Files\Mozilla Firefox
[09/05/2008|07:39] C:\Program Files\Mozilla Sunbird
[06/08/2009|22:33] C:\Program Files\MSBuild
[28/06/2009|19:27] C:\Program Files\MSECache
[16/09/2006|10:58] C:\Program Files\MSN
[09/08/2004|21:22] C:\Program Files\MSN Gaming Zone
[14/10/2006|13:24] C:\Program Files\MSXML 4.0
[08/06/2008|09:03] C:\Program Files\Navilog1
[20/05/2008|07:11] C:\Program Files\NetMeeting
[29/09/2009|09:40] C:\Program Files\Norton Security Scan
[29/09/2009|09:40] C:\Program Files\NortonInstaller
[12/08/2007|11:18] C:\Program Files\Oberon Media
[02/08/2006|17:21] C:\Program Files\OfficeUpdate11
[09/08/2004|21:23] C:\Program Files\Online Services
[15/10/2006|07:45] C:\Program Files\OpD2d
[09/05/2009|14:38] C:\Program Files\OpenOffice.org 3
[12/08/2009|22:39] C:\Program Files\Outlook Express
[31/07/2006|20:05] C:\Program Files\Packard Bell Diamond 1200Plus
[05/10/2008|08:26] C:\Program Files\Panda Security
[10/06/2006|04:40] C:\Program Files\PCDR5
[05/03/2007|16:31] C:\Program Files\PCLW300
[05/03/2007|15:40] C:\Program Files\PCL-W310
[15/02/2008|20:26] C:\Program Files\Picasa2
[07/09/2006|17:41] C:\Program Files\PodUtil
[23/09/2009|19:31] C:\Program Files\QuickTime
[20/01/2008|12:32] C:\Program Files\QuickTime(2)
[31/05/2009|07:51] C:\Program Files\Raxco
[16/01/2009|10:20] C:\Program Files\Real
[10/06/2006|04:32] C:\Program Files\Realtek AC97
[10/06/2006|04:32] C:\Program Files\Realtek Sound Manager
[06/08/2009|22:33] C:\Program Files\Reference Assemblies
[27/12/2007|09:45] C:\Program Files\Registry Mechanic
[10/06/2006|04:38] C:\Program Files\Roxio
[10/06/2006|04:32] C:\Program Files\S3
[23/09/2009|19:16] C:\Program Files\Safari
[19/01/2008|10:15] C:\Program Files\Samsung
[15/12/2008|19:25] C:\Program Files\Serif
[13/12/2008|09:39] C:\Program Files\Sky Games
[22/02/2009|14:46] C:\Program Files\Skype
[10/06/2006|04:49] C:\Program Files\SMI2
[10/02/2007|18:30] C:\Program Files\Sports Interactive
[31/07/2006|20:05] C:\Program Files\Temp
[10/06/2006|04:36] C:\Program Files\ThinkVantage
[05/10/2008|08:28] C:\Program Files\TrojanHunter 5.0
[10/06/2006|04:49] C:\Program Files\TVT SMBus
[09/08/2004|21:33] C:\Program Files\Uninstall Information
[28/03/2007|20:39] C:\Program Files\VideoEgg
[31/05/2009|07:37] C:\Program Files\Virgin Broadband
[29/01/2009|07:46] C:\Program Files\Wide Angle Software
[05/01/2008|11:47] C:\Program Files\WinAce
[01/03/2009|12:45] C:\Program Files\Windows Live
[01/03/2009|12:45] C:\Program Files\Windows Live SkyDrive
[13/02/2009|10:57] C:\Program Files\Windows Live Toolbar
[22/09/2006|07:47] C:\Program Files\Windows Media Connect
[01/01/2007|17:12] C:\Program Files\Windows Media Connect 2
[20/05/2008|07:11] C:\Program Files\Windows Media Player
[20/05/2008|07:11] C:\Program Files\Windows NT
[09/08/2004|21:25] C:\Program Files\WindowsUpdate
[20/06/2008|13:34] C:\Program Files\WMA-MP3.com
[09/08/2004|21:27] C:\Program Files\xerox
[30/09/2008|06:35] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/06/2008|06:57] C:\Program Files\Common Files\Adobe
[31/07/2006|19:39] C:\Program Files\Common Files\Adobe Systems Shared
[23/09/2009|19:37] C:\Program Files\Common Files\Apple
[31/05/2009|07:38] C:\Program Files\Common Files\Authentium
[25/09/2009|07:05] C:\Program Files\Common Files\AVSMedia
[31/07/2006|19:21] C:\Program Files\Common Files\Designer
[04/07/2009|15:00] C:\Program Files\Common Files\DivX Shared
[29/09/2009|20:48] C:\Program Files\Common Files\DVDVideoSoft
[31/07/2006|19:50] C:\Program Files\Common Files\EPSON
[11/11/2006|09:41] C:\Program Files\Common Files\gst
[10/06/2006|04:31] C:\Program Files\Common Files\InstallShield
[04/06/2008|07:04] C:\Program Files\Common Files\Java
[09/05/2009|14:10] C:\Program Files\Common Files\Microsoft Shared
[09/08/2004|21:24] C:\Program Files\Common Files\MSSoap
[12/08/2007|11:18] C:\Program Files\Common Files\Oberon Media
[09/08/2004|21:18] C:\Program Files\Common Files\ODBC
[09/09/2008|14:19] C:\Program Files\Common Files\PAC7302
[16/01/2009|10:21] C:\Program Files\Common Files\Real
[31/05/2009|07:43] C:\Program Files\Common Files\Scanner
[09/08/2004|21:24] C:\Program Files\Common Files\Services
[22/02/2009|14:46] C:\Program Files\Common Files\Skype
[10/06/2006|04:38] C:\Program Files\Common Files\Sonic Shared
[09/08/2004|21:18] C:\Program Files\Common Files\SpeechEngines
[10/06/2006|04:38] C:\Program Files\Common Files\SureThing Shared
[20/05/2008|07:11] C:\Program Files\Common Files\System
[01/03/2009|12:40] C:\Program Files\Common Files\Windows Live
[28/11/2008|23:37] C:\Program Files\Common Files\WindowsLiveInstaller
[26/05/2009|07:11] C:\Program Files\Common Files\Wise Installation Wizard
[16/01/2009|10:21] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 64 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse
C:\DOCUME~1\Mark\LOCALS~1\Temp\Start Time Time Barb

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 18:58:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 5

--------------------\\ Searching for other infections

--------------------\\ KoobFace !

C:\WINDOWS\fmark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Mark\My Documents\My Music\iTunes\Mobile Applications\CrackCode 1.ipa


[F:10][D:1]-> C:\DOCUME~1\Mark\LOCALS~1\Temp
[F:278][D:0]-> C:\DOCUME~1\Mark\Cookies
[F:356][D:17]-> C:\DOCUME~1\Mark\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 01/10/2009|19:00 - Option : [1]

--------------------\\ Scan completed at 19:00:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:16, on 01/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PENSOFT\Quick95.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\Mark\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://performancesoft.webex.com/clien ... eatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

--
End of file - 10595 bytes
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby tamskinner » October 1st, 2009, 2:09 pm

sorry - unistall list also:

ABC (remove only)
Able RAWer 1.3
Access Help
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer
AndreaMosaic 3.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Audacity 1.2.6
Authentium AntiVirus SDK - 2
Bonjour
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Crush'Em 2.0
Diskeeper Lite
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
eMusic Download Manager 4.1.2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR800 Referene Guide
ESPR800 Software Guide
Eye 312
Eye 312
FontPage 3.0.0
Football Manager 2006
Forex Money Map 1.3.02
Free Disc Burner version 1.1
Free Studio version 4.1
Free YouTube to iPod Converter version 3.1
Free YouTube to Mp3 Converter version 3.1
Google Desktop
Google Desktop
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Help Center
HijackThis 2.0.2
Hitman Pro
hotComm® CL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iArt 3
IBM 32-bit Runtime Environment for Java 2, v1.4.2
InterVideo WinDVD
iPhone Configuration Utility
iPod for Windows 2005-10-12
iPod for Windows 2006-06-28
iPodCopy
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kaspersky Online Scanner
Kiwee Toolbar
Lenovo Care
Lenovo Care Supplement
Malwarebytes' Anti-Malware
Memory-Map OS Edition 2004
Message Center
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Midtown Madness 2
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MixMeister BPM Analyzer 1.0
MobileMe Control Panel
Mouse Suite
Mozilla Firefox (3.0.14)
Mozilla Sunbird (0.7)
MSN
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My DSC
MyDSC2
MyDSC2
Norton Security Scan
NVIDIA Drivers
OpD2d
OpenOffice.org 3.1
Packard Bell Diamond 1200Plus v1.0
PC-Doctor 5 for Windows
PenSoft
PerfectDisk
Picasa 2
PIF DESIGNER2.1
PodUtil 3.0.3
PPSDKRedistributables
Protected Music Converter 1.0.0.9
Puzzl'Em 1.0 Beta2
QuickTime
Radialpoint Security Services
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 7.0
Rescue and Recovery
Rhapsody Player Engine
Roxio Digital Media LE
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Serif PagePlus SE 1.0
Skype™ 4.0
Sonic Update Manager
ThinkVantage Technologies Welcome Message
Translation Services Provided by WorldLingo for Microsoft Word
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
VideoEgg Publisher
Virgin Broadband advisor 1.5.14
Virgin Broadband PCguard
Wallpapers
WebEx
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol 2007
WIRELESS DESIGN & WORK TABLET 100/200/400/1200
XP Themes
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby MikeSwim07 » October 2nd, 2009, 3:52 pm

Hi,

If I may bring your attention to this file on your machine:
C:\Documents and Settings\Mark\My Documents\My Music\iTunes\Mobile Applications\CrackCode 1.ipa
Please remove this as per the forum guidelines:-

Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.

P2P Software

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BearShare
LimeWire


I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file sharing as a major conduit to spread their wares.

In my future posts, I will remove these applications.

If you do not wish to remove your P2P programs, please tell me and this topic will be closed.

Lop S&D-Option 3

Double click LopSD.exe to start the program.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 3 to choose Option 3 (Fix - Hosts), then press Enter
  • Don't close the window during suppression!
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

Download and Run: CKScanner

  • Download CKScanner to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
    • Note: If you are using Vista, right click and choose "Run as Administrator"
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Please post lopR.txt, CKFiles.txt, and a new Hijackthis log on your next reply. Also, how is your computer running?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » October 3rd, 2009, 4:31 am

Hi
TO my knowledge Limewire and Bearshare have not been used for many years. I THINK any folders for them will be redundant old ones,. I have no problem removing them! I have removed the itunes crack code file.

PC seems to be running fine, no pop ups this moring when I turned on!

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3100+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Mark ( Administrator )
BOOT : Normal boot
Antivirus : PCguard Anti-Virus 6.0.1 (Activated)
Firewall : PCguard Firewall 6.0.1 (Activated)
C:\ (Local Disk) - NTFS - Total:70 Go (Free:9 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:115 Go (Free:1 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [3] ( 03/10/2009| 9:17 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Audio 4 part browse

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1


[20/01/2008|12:31] C:\DOCUME~1\ADMINI~1.OUR\APPLIC~1\Microsoft

[16/10/2008|19:49] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft

[02/12/2008|08:19] C:\DOCUME~1\ADMINI~1.001\APPLIC~1\Microsoft

[05/01/2009|07:45] C:\DOCUME~1\ADMINI~1.002\APPLIC~1\Microsoft

[15/03/2009|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[23/09/2009|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[12/04/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[02/10/2009|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[14/07/2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\agi
[23/09/2009|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[20/11/2006|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/01/2009|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/05/2009|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverScanner
[03/11/2007|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/09/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[05/01/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[10/06/2006|04:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[19/05/2008|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
[31/12/2007|09:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[10/06/2006|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lenovo
[31/07/2006|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[15/05/2008|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[02/10/2009|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[01/03/2009|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/11/2007|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MipKukSoft
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Norton
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NortonInstaller
[20/04/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[28/12/2007|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[24/07/2007|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[31/05/2009|07:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
[09/08/2004|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[22/02/2009|14:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[05/10/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[29/09/2009|09:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/08/2008|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[31/07/2006|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ThinkVantage
[31/07/2006|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[31/05/2009|07:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Virgin Broadband
[05/06/2009|12:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[22/09/2006|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/09/2006|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[01/12/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
[28/11/2008|23:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\Adobe
[01/08/2009|20:02] C:\DOCUME~1\Chloe\APPLIC~1\eBay
[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\Macromedia
[26/04/2008|18:15] C:\DOCUME~1\Chloe\APPLIC~1\Mozilla
[01/08/2009|20:03] C:\DOCUME~1\Chloe\APPLIC~1\WholeSecurity

[10/06/2006|04:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[09/08/2004|21:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/06/2006|04:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec


[14/07/2008|17:32] C:\DOCUME~1\LOCALS~1\APPLIC~1\agi
[06/09/2008|08:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[19/04/2009|07:36] C:\DOCUME~1\Mark\APPLIC~1\.ABC
[02/10/2009|07:52] C:\DOCUME~1\Mark\APPLIC~1\Adobe
[02/06/2008|06:35] C:\DOCUME~1\Mark\APPLIC~1\AdobeUM
[14/07/2008|17:32] C:\DOCUME~1\Mark\APPLIC~1\agi
[23/09/2009|19:53] C:\DOCUME~1\Mark\APPLIC~1\Apple Computer
[11/05/2009|20:31] C:\DOCUME~1\Mark\APPLIC~1\ArcSoft
[09/01/2009|20:49] C:\DOCUME~1\Mark\APPLIC~1\AVS4YOU
[21/01/2007|10:27] C:\DOCUME~1\Mark\APPLIC~1\BearShare
[15/12/2007|08:31] C:\DOCUME~1\Mark\APPLIC~1\eBay
[01/05/2009|06:15] C:\DOCUME~1\Mark\APPLIC~1\eMusic
[12/01/2007|09:11] C:\DOCUME~1\Mark\APPLIC~1\Google
[04/12/2006|11:49] C:\DOCUME~1\Mark\APPLIC~1\Help
[10/06/2006|04:39] C:\DOCUME~1\Mark\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\Mark\APPLIC~1\Identities
[09/09/2008|14:14] C:\DOCUME~1\Mark\APPLIC~1\InstallShield
[23/11/2007|17:06] C:\DOCUME~1\Mark\APPLIC~1\Kybtec Software
[08/05/2009|09:17] C:\DOCUME~1\Mark\APPLIC~1\Leadertech
[01/03/2008|20:47] C:\DOCUME~1\Mark\APPLIC~1\LimeWire
[14/10/2006|16:13] C:\DOCUME~1\Mark\APPLIC~1\Macromedia
[15/05/2008|21:30] C:\DOCUME~1\Mark\APPLIC~1\Malwarebytes
[21/02/2009|23:09] C:\DOCUME~1\Mark\APPLIC~1\Microsoft
[23/11/2007|17:06] C:\DOCUME~1\Mark\APPLIC~1\MipKukSoft
[06/09/2008|08:20] C:\DOCUME~1\Mark\APPLIC~1\Mozilla
[09/10/2008|19:05] C:\DOCUME~1\Mark\APPLIC~1\MSNInstaller
[12/08/2007|11:19] C:\DOCUME~1\Mark\APPLIC~1\Oberon Media
[09/05/2009|14:43] C:\DOCUME~1\Mark\APPLIC~1\OpenOffice.org
[08/01/2008|18:57] C:\DOCUME~1\Mark\APPLIC~1\PowerChallenge
[16/01/2009|10:24] C:\DOCUME~1\Mark\APPLIC~1\Real
[30/09/2006|06:41] C:\DOCUME~1\Mark\APPLIC~1\Ringtone
[15/12/2008|19:26] C:\DOCUME~1\Mark\APPLIC~1\Serif
[20/09/2009|21:39] C:\DOCUME~1\Mark\APPLIC~1\Skype
[20/09/2009|18:50] C:\DOCUME~1\Mark\APPLIC~1\skypePM
[08/05/2009|09:17] C:\DOCUME~1\Mark\APPLIC~1\Sonic
[08/01/2007|22:57] C:\DOCUME~1\Mark\APPLIC~1\Sun
[10/06/2006|04:42] C:\DOCUME~1\Mark\APPLIC~1\Symantec
[09/02/2008|11:00] C:\DOCUME~1\Mark\APPLIC~1\Talkback
[01/08/2006|18:20] C:\DOCUME~1\Mark\APPLIC~1\Telewest
[31/07/2006|17:49] C:\DOCUME~1\Mark\APPLIC~1\ThinkVantage
[31/12/2007|11:17] C:\DOCUME~1\Mark\APPLIC~1\TrojanHunter
[08/05/2009|10:26] C:\DOCUME~1\Mark\APPLIC~1\Uniblue
[31/05/2009|07:35] C:\DOCUME~1\Mark\APPLIC~1\Virgin Broadband
[05/12/2007|10:12] C:\DOCUME~1\Mark\APPLIC~1\webex
[29/12/2006|15:36] C:\DOCUME~1\Mark\APPLIC~1\WholeSecurity
[15/02/2008|19:47] C:\DOCUME~1\Mark\APPLIC~1\WinPatrol


[30/01/2009|22:50] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Adobe
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\eBay
[10/06/2006|04:50] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Identities
[08/06/2008|10:14] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Macromedia
[16/01/2009|20:01] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Microsoft
[16/10/2008|07:49] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Mozilla
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Real
[27/06/2008|07:05] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Sun
[10/06/2006|04:42] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Symantec
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Telewest
[07/06/2008|23:10] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\ThinkVantage
[09/06/2009|18:01] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\Virgin Broadband
[28/07/2009|21:31] C:\DOCUME~1\MATTHE~1.OUR\APPLIC~1\WholeSecurity

[05/09/2008|20:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\agi
[09/08/2004|21:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[02/08/2009|18:27] C:\DOCUME~1\Pat\APPLIC~1\Adobe
[07/02/2008|18:31] C:\DOCUME~1\Pat\APPLIC~1\eBay
[12/01/2007|10:43] C:\DOCUME~1\Pat\APPLIC~1\Google
[10/06/2006|04:39] C:\DOCUME~1\Pat\APPLIC~1\IBM
[09/08/2004|21:33] C:\DOCUME~1\Pat\APPLIC~1\Identities
[01/08/2006|09:12] C:\DOCUME~1\Pat\APPLIC~1\Macromedia
[26/02/2007|19:02] C:\DOCUME~1\Pat\APPLIC~1\Microsoft
[19/01/2008|13:31] C:\DOCUME~1\Pat\APPLIC~1\Mozilla
[30/09/2006|19:38] C:\DOCUME~1\Pat\APPLIC~1\Real
[01/08/2006|09:08] C:\DOCUME~1\Pat\APPLIC~1\Symantec
[01/08/2006|20:22] C:\DOCUME~1\Pat\APPLIC~1\Telewest
[01/08/2006|09:08] C:\DOCUME~1\Pat\APPLIC~1\ThinkVantage
[05/06/2009|12:29] C:\DOCUME~1\Pat\APPLIC~1\Virgin Broadband
[02/08/2009|18:39] C:\DOCUME~1\Pat\APPLIC~1\WholeSecurity

[15/10/2008|18:33] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft
[16/10/2008|19:50] C:\DOCUME~1\TEMP\APPLIC~1\Mozilla

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[30/09/2009 20:44][--a------] C:\WINDOWS\tasks\Norton Security Scan for Mark.job
[25/09/2009 20:58][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/09/2009 09:00][--a------] C:\WINDOWS\tasks\rpc.job
[03/10/2009 09:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/11/2007|12:32] C:\Program Files\1stWORKS
[31/07/2006|20:09] C:\Program Files\A_Tablet
[18/04/2009|07:46] C:\Program Files\ABC
[23/02/2008|10:53] C:\Program Files\AbleRAWer
[14/07/2008|07:08] C:\Program Files\Adobe
[25/09/2008|18:47] C:\Program Files\AGI
[14/02/2007|09:44] C:\Program Files\AndreaMosaic
[30/09/2006|10:36] C:\Program Files\AnMing
[01/09/2008|15:05] C:\Program Files\Apple Software Update
[15/10/2006|15:44] C:\Program Files\ArcSoft
[10/02/2008|12:06] C:\Program Files\Audacity
[10/06/2006|04:32] C:\Program Files\AvRack
[25/09/2009|07:06] C:\Program Files\AVS4YOU
[21/01/2007|10:25] C:\Program Files\BearShare Applications
[15/02/2008|19:47] C:\Program Files\BillP Studios
[06/02/2009|22:05] C:\Program Files\Bonjour
[31/05/2009|07:38] C:\Program Files\CA
[17/12/2007|21:40] C:\Program Files\Canon
[05/01/2008|09:07] C:\Program Files\CCleaner
[04/07/2009|15:00] C:\Program Files\Common Files
[31/05/2009|07:38] C:\Program Files\ComPlus Applications
[15/05/2008|21:21] C:\Program Files\Crawler
[10/06/2006|04:37] C:\Program Files\Diskeeper Corporation
[04/07/2009|15:02] C:\Program Files\DivX
[21/03/2009|18:21] C:\Program Files\DVDVideoSoft
[02/08/2006|17:39] C:\Program Files\EarthLink TotalAccess
[25/09/2009|07:06] C:\Program Files\eBay
[01/06/2009|08:17] C:\Program Files\eMusic Download Manager
[30/12/2007|11:30] C:\Program Files\EPSON
[31/07/2006|19:51] C:\Program Files\EPSON Print CD
[13/04/2008|05:04] C:\Program Files\FontPage
[23/03/2009|15:54] C:\Program Files\Forex Money Map
[23/11/2007|19:11] C:\Program Files\FxClub
[13/12/2008|09:39] C:\Program Files\GameHouse
[04/07/2009|15:03] C:\Program Files\Google
[06/05/2008|08:14] C:\Program Files\Hitman Pro
[10/09/2008|13:05] C:\Program Files\iArt
[10/06/2006|04:39] C:\Program Files\IBM
[10/06/2006|04:49] C:\Program Files\IBM ThinkVantage
[10/05/2009|07:50] C:\Program Files\IDIGICON LimitedCrazy Golf
[31/05/2009|07:36] C:\Program Files\InstallShield Installation Information
[06/08/2009|22:30] C:\Program Files\Internet Explorer
[10/06/2006|04:38] C:\Program Files\InterVideo
[23/09/2009|19:18] C:\Program Files\iPhone Configuration Utility
[23/09/2009|19:37] C:\Program Files\iPod
[23/09/2009|19:40] C:\Program Files\iTunes
[20/01/2008|12:32] C:\Program Files\iTunes(2)
[16/01/2009|08:13] C:\Program Files\Java
[15/12/2006|22:03] C:\Program Files\JoWooD
[09/05/2009|14:38] C:\Program Files\JRE
[19/01/2008|11:46] C:\Program Files\Kaspersky Lab
[23/11/2007|17:06] C:\Program Files\Kybtec Software
[09/09/2008|14:15] C:\Program Files\KYE
[31/12/2007|09:24] C:\Program Files\Lavasoft
[10/06/2006|04:32] C:\Program Files\Lenovo
[10/02/2008|12:08] C:\Program Files\libmp3lame-3.97
[10/05/2009|07:52] C:\Program Files\Mahjong Deluxe
[15/05/2008|21:30] C:\Program Files\Malwarebytes' Anti-Malware
[21/04/2009|18:54] C:\Program Files\Memory-Map
[20/08/2008|21:30] C:\Program Files\Messenger
[01/10/2009|20:03] C:\Program Files\Messenger Plus! Live
[01/03/2009|02:25] C:\Program Files\MessengerPlus! 3
[20/03/2009|22:43] C:\Program Files\MetaTrader 4
[01/03/2009|12:45] C:\Program Files\Microsoft
[31/07/2006|19:21] C:\Program Files\Microsoft ActiveSync
[09/05/2007|21:36] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[09/08/2004|21:27] C:\Program Files\microsoft frontpage
[08/08/2006|20:17] C:\Program Files\Microsoft Games
[09/05/2009|14:10] C:\Program Files\Microsoft Office
[28/11/2008|23:41] C:\Program Files\Microsoft SQL Server Compact Edition
[20/09/2006|16:33] C:\Program Files\MixMeister BPM Analyzer
[30/12/2007|11:19] C:\Program Files\MonkeyBongo
[20/05/2008|07:13] C:\Program Files\Movie Maker
[03/10/2009|09:11] C:\Program Files\Mozilla Firefox
[09/05/2008|07:39] C:\Program Files\Mozilla Sunbird
[06/08/2009|22:33] C:\Program Files\MSBuild
[28/06/2009|19:27] C:\Program Files\MSECache
[16/09/2006|10:58] C:\Program Files\MSN
[09/08/2004|21:22] C:\Program Files\MSN Gaming Zone
[14/10/2006|13:24] C:\Program Files\MSXML 4.0
[08/06/2008|09:03] C:\Program Files\Navilog1
[20/05/2008|07:11] C:\Program Files\NetMeeting
[29/09/2009|09:40] C:\Program Files\Norton Security Scan
[29/09/2009|09:40] C:\Program Files\NortonInstaller
[12/08/2007|11:18] C:\Program Files\Oberon Media
[02/08/2006|17:21] C:\Program Files\OfficeUpdate11
[09/08/2004|21:23] C:\Program Files\Online Services
[15/10/2006|07:45] C:\Program Files\OpD2d
[09/05/2009|14:38] C:\Program Files\OpenOffice.org 3
[12/08/2009|22:39] C:\Program Files\Outlook Express
[31/07/2006|20:05] C:\Program Files\Packard Bell Diamond 1200Plus
[05/10/2008|08:26] C:\Program Files\Panda Security
[10/06/2006|04:40] C:\Program Files\PCDR5
[05/03/2007|16:31] C:\Program Files\PCLW300
[05/03/2007|15:40] C:\Program Files\PCL-W310
[15/02/2008|20:26] C:\Program Files\Picasa2
[07/09/2006|17:41] C:\Program Files\PodUtil
[23/09/2009|19:31] C:\Program Files\QuickTime
[20/01/2008|12:32] C:\Program Files\QuickTime(2)
[31/05/2009|07:51] C:\Program Files\Raxco
[16/01/2009|10:20] C:\Program Files\Real
[10/06/2006|04:32] C:\Program Files\Realtek AC97
[10/06/2006|04:32] C:\Program Files\Realtek Sound Manager
[06/08/2009|22:33] C:\Program Files\Reference Assemblies
[27/12/2007|09:45] C:\Program Files\Registry Mechanic
[10/06/2006|04:38] C:\Program Files\Roxio
[10/06/2006|04:32] C:\Program Files\S3
[23/09/2009|19:16] C:\Program Files\Safari
[19/01/2008|10:15] C:\Program Files\Samsung
[15/12/2008|19:25] C:\Program Files\Serif
[13/12/2008|09:39] C:\Program Files\Sky Games
[22/02/2009|14:46] C:\Program Files\Skype
[10/06/2006|04:49] C:\Program Files\SMI2
[10/02/2007|18:30] C:\Program Files\Sports Interactive
[31/07/2006|20:05] C:\Program Files\Temp
[10/06/2006|04:36] C:\Program Files\ThinkVantage
[05/10/2008|08:28] C:\Program Files\TrojanHunter 5.0
[10/06/2006|04:49] C:\Program Files\TVT SMBus
[09/08/2004|21:33] C:\Program Files\Uninstall Information
[28/03/2007|20:39] C:\Program Files\VideoEgg
[31/05/2009|07:37] C:\Program Files\Virgin Broadband
[29/01/2009|07:46] C:\Program Files\Wide Angle Software
[05/01/2008|11:47] C:\Program Files\WinAce
[01/03/2009|12:45] C:\Program Files\Windows Live
[01/03/2009|12:45] C:\Program Files\Windows Live SkyDrive
[13/02/2009|10:57] C:\Program Files\Windows Live Toolbar
[22/09/2006|07:47] C:\Program Files\Windows Media Connect
[01/01/2007|17:12] C:\Program Files\Windows Media Connect 2
[20/05/2008|07:11] C:\Program Files\Windows Media Player
[20/05/2008|07:11] C:\Program Files\Windows NT
[09/08/2004|21:25] C:\Program Files\WindowsUpdate
[20/06/2008|13:34] C:\Program Files\WMA-MP3.com
[09/08/2004|21:27] C:\Program Files\xerox
[30/09/2008|06:35] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/06/2008|06:57] C:\Program Files\Common Files\Adobe
[31/07/2006|19:39] C:\Program Files\Common Files\Adobe Systems Shared
[23/09/2009|19:37] C:\Program Files\Common Files\Apple
[31/05/2009|07:38] C:\Program Files\Common Files\Authentium
[25/09/2009|07:05] C:\Program Files\Common Files\AVSMedia
[31/07/2006|19:21] C:\Program Files\Common Files\Designer
[04/07/2009|15:00] C:\Program Files\Common Files\DivX Shared
[01/10/2009|20:51] C:\Program Files\Common Files\DVDVideoSoft
[31/07/2006|19:50] C:\Program Files\Common Files\EPSON
[11/11/2006|09:41] C:\Program Files\Common Files\gst
[10/06/2006|04:31] C:\Program Files\Common Files\InstallShield
[04/06/2008|07:04] C:\Program Files\Common Files\Java
[09/05/2009|14:10] C:\Program Files\Common Files\Microsoft Shared
[09/08/2004|21:24] C:\Program Files\Common Files\MSSoap
[12/08/2007|11:18] C:\Program Files\Common Files\Oberon Media
[09/08/2004|21:18] C:\Program Files\Common Files\ODBC
[09/09/2008|14:19] C:\Program Files\Common Files\PAC7302
[16/01/2009|10:21] C:\Program Files\Common Files\Real
[31/05/2009|07:43] C:\Program Files\Common Files\Scanner
[09/08/2004|21:24] C:\Program Files\Common Files\Services
[22/02/2009|14:46] C:\Program Files\Common Files\Skype
[10/06/2006|04:38] C:\Program Files\Common Files\Sonic Shared
[09/08/2004|21:18] C:\Program Files\Common Files\SpeechEngines
[10/06/2006|04:38] C:\Program Files\Common Files\SureThing Shared
[20/05/2008|07:11] C:\Program Files\Common Files\System
[01/03/2009|12:40] C:\Program Files\Common Files\Windows Live
[28/11/2008|23:37] C:\Program Files\Common Files\WindowsLiveInstaller
[26/05/2009|07:11] C:\Program Files\Common Files\Wise Installation Wizard
[16/01/2009|10:21] C:\Program Files\Common Files\xing shared

--------------------\\ Process

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 09:19:18
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 5

--------------------\\ Searching for other infections

--------------------\\ KoobFace !

C:\WINDOWS\fmark2.dat



[F:13][D:3]-> C:\DOCUME~1\Mark\LOCALS~1\Temp
[F:291][D:0]-> C:\DOCUME~1\Mark\Cookies
[F:580][D:17]-> C:\DOCUME~1\Mark\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 01/10/2009|19:00 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 03/10/2009| 9:21 - Option : [3]

--------------------\\ Scan completed at 9:21:25

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:15, on 03/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PENSOFT\Quick95.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mark\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://performancesoft.webex.com/clien ... eatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

--
End of file - 10430 bytes
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby MikeSwim07 » October 3rd, 2009, 9:09 am

Remove one of your Anti-Virus programs.

You are operating your computer with multiple Anti Virus programs running in memory at once:

Virgin Broadband PCguard
Authentium AntiVirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them. I recommend that you keep Virgin Broadband PCguard because it includes a Firewall, but it is your decision.

Download and run GMER

Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If you are using Vista, please right click on the .exe file and choose "Run as Administrator."
  • If asked to allow gmer.sys driver to load, please allow it to.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please post the GMER log and the 2 RSIT logs on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » October 5th, 2009, 2:05 am

I posted a reply some days a go, but it doesnt seem to be here. I ve jsut reliased that the GMER test file has 400,000 characters! Should I attach it instead of pasting in?
Cant find Authentium to remove it
Still got KIwee toolbar
RSIT isnt creating both files

the one RSIT file,
Many thanks

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mark at 2009-10-05 06:59:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (13%) free of 72 GB
Total RAM: 1535 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:59:29, on 05/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PENSOFT\Quick95.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\TBLMOUSE.EXE
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgre.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mark\Desktop\RSIT.exe
C:\Documents and Settings\Mark\Desktop\Mark.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - Startup: Start.lnk = C:\PENSOFT\Quick95.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crl ... crlocx.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://performancesoft.webex.com/clien ... eatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe

--
End of file - 10485 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Security Scan for Mark.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-09-05 55024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-08-03 163840]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2005-04-13 49152]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2005-11-23 507904]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-03-01 196710]
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"ISUSScheduler"=c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-28 81920]
"LPManager"=C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe [2005-12-07 106496]
"cssauthe"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe [2006-03-01 1992240]
"atwtusb"=atwtusb.exe beta []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-01-27 316728]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-09 148888]
"Broadbandadvisor.exe"=C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe [2007-08-07 2061552]
"PCguard"=C:\Program Files\Virgin Broadband\PCguard\Rps.exe [2007-09-05 310000]
"-FreedomNeedsReboot"=C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"=C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe [2007-09-05 61168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PenLock]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\SightSpeed\SightSpeed.exe -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Mark\Start Menu\Programs\Startup
Start.lnk - C:\PENSOFT\Quick95.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~1\google\google~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DealBook 360\DealBook 360.exe"="C:\Program Files\DealBook 360\DealBook 360.exe:*:Enabled:DealBook 360"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Torrentprivacy\Torrent\utorrent.exe"="C:\Torrentprivacy\Torrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Enabled:abc"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Torrentprivacy\SSHTunel.exe"="C:\Torrentprivacy\SSHTunel.exe:*:Enabled:SSHTunel"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe"="C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-10-02 06:39:25 ----DC---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-10-01 18:57:26 ----AC---- C:\lopR.txt
2009-10-01 18:55:08 ----DC---- C:\Lop SD
2009-09-29 09:40:14 ----DC---- C:\Documents and Settings\All Users\Application Data\Norton
2009-09-29 09:40:14 ----D---- C:\Program Files\Norton Security Scan
2009-09-29 09:40:10 ----DC---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-09-29 09:40:10 ----D---- C:\Program Files\NortonInstaller
2009-09-23 19:37:46 ----DC---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-23 19:30:44 ----D---- C:\Program Files\QuickTime
2009-09-23 19:18:46 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-09 21:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 21:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

======List of files/folders modified in the last 1 months======

2009-10-05 06:48:50 ----D---- C:\Program Files\Mozilla Firefox
2009-10-04 20:42:58 ----D---- C:\WINDOWS\Prefetch
2009-10-04 20:42:39 ----D---- C:\Documents and Settings\Mark\Application Data\Adobe
2009-10-04 20:31:45 ----RSHD---- C:\RRbackups
2009-10-04 20:30:39 ----SHDC---- C:\RECYCLER
2009-10-04 20:30:13 ----D---- C:\WINDOWS\Temp
2009-10-04 19:08:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-04 18:55:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-04 18:47:43 ----AD---- C:\WINDOWS
2009-10-04 17:43:49 ----D---- C:\WINDOWS\Album
2009-10-04 17:04:26 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-10-04 09:57:47 ----AD---- C:\WINDOWS\system32
2009-10-04 09:57:45 ----HD---- C:\WINDOWS\inf
2009-10-04 08:49:07 ----SHDC---- C:\Config.Msi
2009-10-04 08:49:06 ----SHD---- C:\WINDOWS\Installer
2009-10-04 00:00:22 ----D---- C:\IBMSHARE
2009-10-03 09:41:27 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-03 09:02:11 ----D---- C:\WINDOWS\Help
2009-10-03 09:00:47 ----A---- C:\WINDOWS\win.ini
2009-10-02 08:17:28 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-01 20:03:47 ----D---- C:\Program Files\Messenger Plus! Live
2009-10-01 18:53:25 ----RD---- C:\Program Files
2009-10-01 18:49:56 ----D---- C:\WINDOWS\Registration
2009-10-01 18:48:26 ----SD---- C:\WINDOWS\Tasks
2009-09-29 09:40:14 ----D---- C:\WINDOWS\system32\drivers
2009-09-29 09:40:14 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-09-26 08:15:20 ----DC---- C:\hijackthis
2009-09-25 07:06:56 ----D---- C:\Program Files\eBay
2009-09-25 07:06:09 ----D---- C:\Program Files\AVS4YOU
2009-09-25 07:05:58 ----D---- C:\Program Files\Common Files\AVSMedia
2009-09-23 20:08:19 ----DC---- C:\Documents and Settings\All Users\Application Data\Apple
2009-09-23 19:53:48 ----D---- C:\Documents and Settings\Mark\Application Data\Apple Computer
2009-09-23 19:40:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-23 19:40:26 ----D---- C:\Program Files\iTunes
2009-09-23 19:37:53 ----D---- C:\Program Files\iPod
2009-09-23 19:37:51 ----D---- C:\Program Files\Common Files\Apple
2009-09-23 19:23:21 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-23 19:16:33 ----D---- C:\Program Files\Safari
2009-09-22 10:00:04 ----DC---- C:\Torrentprivacy
2009-09-20 21:39:51 ----D---- C:\Documents and Settings\Mark\Application Data\Skype
2009-09-20 18:50:32 ----D---- C:\Documents and Settings\Mark\Application Data\skypePM
2009-09-09 21:20:21 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 21:20:17 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-20 5632]
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys [2009-05-31 53192]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-02-18 3846848]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 PAC7302;Eye 312; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-04-30 449664]
R3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16384]
R3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 9216]
R3 RPPKT;Radialpoint Filter (x86); C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GT680x;GrandTechICNameNT; C:\WINDOWS\System32\Drivers\gt680x.sys [2001-11-08 18120]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 SDTHOOK;SDTHOOK; C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys [2007-06-05 44928]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-10-13 35107]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb2vcom;USB Data Cable; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-05-25 22760]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 utblfilt;utblfilt; C:\WINDOWS\System32\drivers\utblfilt.sys [2001-05-23 12084]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-11 237312]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-01 626810]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-11-27 177448]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-22 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe [2005-12-22 77824]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2009-05-31 99056]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-07-31 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bqrmtolltmys;bqrmtolltmys; C:\WINDOWS\system32\drivers\bqrmtolltmys.sys [2007-06-08 8576]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Radialpoint Security Services;Virgin Broadband PCguard; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AGWinService;AG Windows Service; C:\Program Files\agi\common\agservice.exe []
S4 gupdate1c9fcafd144b6ac;Google Update Service (gupdate1c9fcafd144b6ac); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2008-04-28 414984]
S4 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2008-04-28 738568]

-----------------EOF-----------------
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby MikeSwim07 » October 5th, 2009, 7:29 am

Yes, please attach the GMER log.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » October 5th, 2009, 12:57 pm

GMER log too big to attach in one go, have split it into two. Will post seperately
You do not have the required permissions to view the files attached to this post.
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby tamskinner » October 5th, 2009, 12:58 pm

2nd half of GMER file!
You do not have the required permissions to view the files attached to this post.
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am

Re: pop ups in windows explorer

Unread postby MikeSwim07 » October 5th, 2009, 6:53 pm

Hi,

Please go to start > run and type the following:

C:\rsit\info.txt


A log should open.

Please post this log on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: pop ups in windows explorer

Unread postby tamskinner » October 6th, 2009, 1:53 am

Ah, there was a file there from last year. Once I deleted it, RSIT ran another one!
pasted below
Cheers



info.txt logfile of random's system information tool 1.06 2009-10-06 06:51:59

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC (remove only)-->C:\Program Files\ABC\Uninstall.exe
Able RAWer 1.3-->"C:\Program Files\AbleRAWer\unins000.exe"
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\SETUP.EXE" -l0x9 UNINSTALL
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AndreaMosaic 3.20-->C:\WINDOWS\iun6002.exe "C:\Program Files\AndreaMosaic\irunin.ini"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F57D8342-E2E4-46F4-915A-F50817CBCB45}\SETUP.EXE" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C70EF769-8296-4ED0-966F-D624BC6D4927}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crush'Em 2.0-->C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log
Diskeeper Lite-->MsiExec.exe /X{8E726115-FCBE-43B1-9FB7-06E8E25F9ABE}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMusic Download Manager 4.1.2-->C:\Program Files\eMusic Download Manager\uninst.exe
EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x9 uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
ESPR800 Referene Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR800\REF_G\DOCUNINS.EXE
ESPR800 Software Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR800\PQU_G\DOCUNINS.EXE
Eye 312-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{98029732-5077-4E54-8A52-E03768126E43} /l1033
Eye 312-->C:\Program Files\InstallShield Installation Information\{72651B0D-1313-4F03-96B7-47A04E2F24E1}\setup.exe -runfromtemp -l0x0009 -removeonly
FontPage 3.0.0-->"C:\Program Files\FontPage\unins000.exe"
Football Manager 2006-->MsiExec.exe /X{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}
Forex Money Map 1.3.02-->"C:\Program Files\Forex Money Map\unins000.exe"
Free Disc Burner version 1.1-->"C:\Documents and Settings\Mark\My Documents\ma POd\Free Disc Burner\unins000.exe"
Free Studio version 4.1-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free YouTube to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop-->MsiExec.exe /I{D0D36568-0B4C-11DA-BD3A-001185653D46}
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\hijackthis\HijackThis.exe" /uninstall
Hitman Pro-->"C:\Program Files\Hitman Pro\unins000.exe"
hotComm® CL-->C:\PROGRA~1\1stWORKS\HOTCOM~1\CFG\UNWISE.EXE C:\PROGRA~1\1stWORKS\HOTCOM~1\CFG\INSTALL.LOG
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iArt 3-->"C:\Program Files\iArt\unins000.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iPodCopy-->MsiExec.exe /I{36A4FB8D-756D-4B5A-A1C6-E8100B273588}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kiwee Toolbar-->MsiExec.exe /X{6252AFEB-930F-4A08-84D2-58F3ED5568B2}
Lenovo Care Supplement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x9 -AddRemove
Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x9 -AddRemove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory-Map OS Edition 2004-->MsiExec.exe /X{8F22B1DB-3B10-407D-AE0F-7D7BEE7D7C5A}
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\SETUP.EXE" -l0x9 -AddRemove
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Midtown Madness 2-->"C:\Program Files\Microsoft Games\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe"
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mouse Suite-->PMUninst.exe MouseSuite98
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.7)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
MyDSC2-->C:\Program Files\InstallShield Installation Information\{83d96ed0-98aa-4515-8ddc-816f3efdd104}\setup.exe
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B65313CB-1612-4F64-A244-8BF3E5147C90}\Setup.exe" -l0x9
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpD2d-->C:\WINDOWS\unvise32.exe C:\Program Files\OpD2d\uninstal.log
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Packard Bell Diamond 1200Plus v1.0-->C:\PROGRA~1\PACKAR~1\Driver\UNINST.EXE
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
PenSoft-->C:\PenSoft\Uninst.exe
PerfectDisk-->MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x9 anything
PodUtil 3.0.3-->"C:\Program Files\PodUtil\unins000.exe"
PPSDKRedistributables-->MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
Protected Music Converter 1.0.0.9-->"C:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
Puzzl'Em 1.0 Beta2-->C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\SETUP.exe" -l0x9 -removeonly
Registry Mechanic 7.0-->"C:\Program Files\Registry Mechanic\unins000.exe"
Rescue and Recovery-->MsiExec.exe /I{1A07F627-0F8F-43EE-B667-38908DF85911}
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Roxio Digital Media LE-->C:\ibmtools\apps\digmedle\sequencer.exe -fc:\ibmtools\apps\digmedle\uninst.seq
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
RPS Ad Blocker-->MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud-->MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware-->MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus-->MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector-->MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime-->MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup-->MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn-->MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility-->MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall-->MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl-->MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool-->MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker-->MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager-->MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore-->MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup-->MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip-->MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serif PagePlus SE 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}\Setup.exe" -l0x9
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
Translation Services Provided by WorldLingo for Microsoft Word-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mtwlingo.inf, Uninstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->C:\PROGRA~1\S3\UChromeP\S3MINSET.EXE /u UChromeP.uns
VideoEgg Publisher-->C:\Program Files\VideoEgg\Uninstall.exe
Virgin Broadband advisor 1.5.14-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Virgin Broadband PCguard-->C:\Program Files\InstallShield Installation Information\{153BC7CA-9F2F-45AC-B4A1-AFAFBD5D904B}\setup.exe -runfromtemp -l0x0009 -removeonly
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\SETUP.EXE" -l0x9 UNINSTALL
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2007-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WIRELESS DESIGN & WORK TABLET 100/200/400/1200-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\A_Tablet\USB Tablet Driver\Uninst.isu"
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: PCguard Anti-Virus
FW: PCguard Firewall

======System event log======

Computer Name: OURCOMPUTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 8626
Source Name: Disk
Time Written: 20090924211026.000000+060
Event Type: warning
User:

Computer Name: OURCOMPUTER
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 8625
Source Name: Disk
Time Written: 20090924211025.000000+060
Event Type: warning
User:

Computer Name: OURCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk6\D, has a bad block.

Record Number: 8624
Source Name: Disk
Time Written: 20090924210641.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk6\D, has a bad block.

Record Number: 8623
Source Name: Disk
Time Written: 20090924210633.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 7
Message: The device, \Device\Harddisk6\D, has a bad block.

Record Number: 8622
Source Name: Disk
Time Written: 20090924210626.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: OURCOMPUTER
Event Code: 1000
Message: Faulting application itunes.exe, version 8.1.0.52, faulting module quicktime.qts, version 7.60.92.0, fault address 0x0086743e.

Record Number: 17873
Source Name: Application Error
Time Written: 20090407150436.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 1001
Message: Fault bucket 1141397321.

Record Number: 17861
Source Name: Application Hang
Time Written: 20090406160452.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 1001
Message: Fault bucket 1141397321.

Record Number: 17860
Source Name: Application Hang
Time Written: 20090406160452.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 14.0.8064.206, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 17859
Source Name: Application Hang
Time Written: 20090406160442.000000+060
Event Type: error
User:

Computer Name: OURCOMPUTER
Event Code: 1002
Message: Hanging application msnmsgr.exe, version 14.0.8064.206, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 17858
Source Name: Application Hang
Time Written: 20090406160438.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Diskeeper Corporation\Diskeeper;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\Program Files\ImageConverter Plus;C:\Program Files\QuickTime\QTSystem;C:\Program Files\CA\PPRT\bin;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TVT"=C:\Program Files\IBM ThinkVantage
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\IBM ThinkVantage\Common\Python24
"PYTHONPATH"=C:\Program Files\agi\common;C:\Program Files\agi\common\python25.zip
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
tamskinner
Member+
 
Posts: 83
Joined: December 31st, 2007, 3:21 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware