Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware problem

Unread postby IwaYama » December 16th, 2009, 12:36 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:32, on 16/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://scanyourpc-onlinex.com/pr.cgi?id=2847
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe eadp.qko njhlmol
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 9594 bytes



uninstall_list

32 Bit HP CIO Components Installer
AC3Filter (remove only)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Advertisement Service
Age of Empires III
Age of Empires III - The WarChiefs
AGEIA PhysX v7.11.13
Aliens vs. Predator 2
Apple Software Update
ASUS GameFace Library
ASUS Gamer OSD
ASUS Smart Doctor
ASUS VideoSecurity Online
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Black and White
Command & Conquer The First Decade
Command & Conquer™ Red Alert™ 3
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Emperor: Rise of the Middle Kingdom 1.0.1.0
EVE Online Demo
Galactic Civilizations II - Ultimate Edition
Galactic Civilizations II Demo
GameFace Messenger
Gangsters
getPlus(R)_ocx
Half-Life
Half-Life: Opp. Force Multiplayer
Heroes of Might and Magic® III
Heroes of Might and Magic® IV
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Impulse
Impulse
Java(TM) 6 Update 16
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JMB36X Raid Configurer
Linksys Wireless-G USB Network Adapter
McAfee SecurityCenter
Media Player Codec Pack 3.8.0
MediaMonkey 3.0
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows XP Video Decoder Checkup Utility
Mozilla Firefox (3.0.15)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Drivers
Nvu 1.0PR
O2 Broadband Assistant
OpenAL
OpenOffice.org 3.1
Port Royale 2
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Salford FTN95
Search Settings 1.2.2
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shockwave
Shogun - Total War - The Mongol Invasion
Sierra Utilities
SimCity 4 Deluxe
Solid Edge V20
Spotify
StarTopia
Steam
Stronghold 2 Deluxe
Theme Hospital
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
XviD MPEG-4 Video Codec
XviD Video Codec 1.1.2-01022007




Watching videos on megavideo yesterday when a McAfee alert popped up saying some changes had been made. A dos window popped up briefly(it looked like it had some code running), then the computer responded slowly for a moment and then some short cut icons appeared on my desktop one for "system defender" and three links to porn sites, a little more slowing then blue screen and reboot. I didn't click any of the shortcuts and deleted both the shortcuts and quick link icon for system defender, ran the McAfee scan i found 1 item and "quarantined" it.

I went on to chrome browser and any search i would type in google search would redirect me to ad pages if i clicked the google link. same when tested on firefox and ie (i primarily use chrome). I ran new Scan and found 11 quarrantine items. went on chrome, still occasionally changes to adpages if clicked links and found this site. ran another virus scan found 1 item and quarantined so ran twice more and found none. computer is running slowly chrome keeps crashing and some programs wont open properly.

I haven't downloaded any programs or files and didn't click any pop up/adverts, it started in middle of a online video on megavideo. I don't really know what to do so any help MR could give me would be greatly appreciated, the log and uninstall is above. Thankyou
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am
Advertisement
Register to Remove

Re: Malware problem

Unread postby MWR 3 day Mod » December 19th, 2009, 12:29 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 4:30 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 20th, 2009, 8:32 am

Hi,
Thank you for your help. i have followed what you said and here are the files


1)log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by David at 2009-12-20 12:21:22
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (51%) free of 30 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:29, on 20/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\steam\steam.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\David Craggs\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\David Craggs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://scanyourpc-onlinex.com/pr.cgi?id=2847
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 9291 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004UA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 []
"Steam"=d:\steam\steam.exe [2009-11-12 1217808]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2006-06-27 1449984]
"ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2007-07-18 1114112]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-04-06 1843200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WUSB54GSv2SVC"=2

C:\Documents and Settings\David Craggs\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
rvdbjon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\My Documents\realplay.exe"="E:\My Documents\realplay.exe:*:Enabled:RealPlayer"
"D:\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\Lionhead Studios Ltd\Black & White\runblack.exe"="D:\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh"
"D:\Microsoft Games\Age of Empires III\age3.exe"="D:\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III"
"D:\Microsoft Games\Age of Empires III\age3x.exe"="D:\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\EA Games\Red Alert 3\Data\ra3_1.6.game"="D:\EA Games\Red Alert 3\Data\ra3_1.6.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe"="D:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"D:\EA Games\Red Alert 3\Data\ra3_1.10.game"="D:\EA Games\Red Alert 3\Data\ra3_1.10.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome"
"D:\EA Games\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe"="D:\EA Games\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe:*:Enabled:Renegade"
"D:\Spotify\spotify.exe"="D:\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\O2\agent\bin\bcont.exe"="C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe"
"C:\Program Files\O2\bin\wificfg.exe"="C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe"
"C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe"="C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe"
"C:\Program Files\O2\agent\bin\bcont_nm.exe"="C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"D:\Steam\SteamApps\common\eve online\eve.exe"="D:\Steam\SteamApps\common\eve online\eve.exe:*:Enabled:EVE Online Demo"
"C:\Documents and Settings\David Craggs\Local Settings\Temp\VRT1134.tmp"="C:\Documents and Settings\David Craggs\Local Settings\Temp\VRT1134.tmp:*:Enabled:installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8880c0a2-4e93-11dd-85c0-001839027caf}]
shell\AutoRun\command - I:\
shell\open\command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98a396ae-a537-11dd-85eb-001839027caf}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-20 12:21:22 ----D---- C:\rsit
2009-12-20 11:15:09 ----D---- C:\Documents and Settings\David Craggs\Application Data\Malwarebytes
2009-12-20 11:15:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-20 11:15:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-19 14:03:16 ----A---- C:\WINDOWS\wininit.ini
2009-12-19 13:43:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-19 13:43:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 06:03:07 ----D---- C:\Program Files\Trend Micro
2009-12-15 03:15:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\WSOXKDKGD_APDM
2009-12-15 03:15:02 ----SHD---- C:\Documents and Settings\All Users\Application Data\82c78be
2009-12-10 01:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 01:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 01:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 01:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 01:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-25 01:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 01:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-22 16:39:35 ----D---- C:\Documents and Settings\David Craggs\Application Data\Nvu
2009-11-22 16:39:23 ----D---- C:\Program Files\Nvu

======List of files/folders modified in the last 1 months======

2009-12-20 12:15:14 ----D---- C:\WINDOWS\Temp
2009-12-20 12:13:46 ----D---- C:\WINDOWS
2009-12-20 12:11:12 ----D---- C:\WINDOWS\system32\drivers
2009-12-20 12:11:12 ----D---- C:\WINDOWS\system32
2009-12-20 12:10:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-20 11:15:01 ----RD---- C:\Program Files
2009-12-19 12:54:26 ----D---- C:\WINDOWS\Prefetch
2009-12-17 09:47:20 ----HD---- C:\WINDOWS\inf
2009-12-17 09:47:14 ----D---- C:\Program Files\McAfee
2009-12-17 09:46:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-15 17:47:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-15 12:29:15 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-15 11:47:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-15 08:29:09 ----D---- C:\WINDOWS\system32\config
2009-12-15 04:53:05 ----D---- C:\Program Files\Mozilla Firefox
2009-12-15 04:43:51 ----RASH---- C:\boot.ini
2009-12-15 04:43:51 ----A---- C:\WINDOWS\win.ini
2009-12-15 04:43:51 ----A---- C:\WINDOWS\system.ini
2009-12-15 03:21:35 ----SHD---- C:\System Volume Information
2009-12-15 03:21:35 ----D---- C:\WINDOWS\system32\Restore
2009-12-15 03:18:00 ----D---- C:\WINDOWS\Minidump
2009-12-15 03:16:27 ----D---- C:\WINDOWS\system32\wbem
2009-12-15 03:16:12 ----D---- C:\Program Files\Search Settings
2009-12-12 18:59:23 ----D---- C:\Documents and Settings\David Craggs\Application Data\Spotify
2009-12-12 13:15:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-10 09:20:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 01:03:54 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 01:03:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-10 01:03:32 ----D---- C:\WINDOWS\system32\en-US
2009-12-10 01:03:32 ----D---- C:\Program Files\Internet Explorer
2009-12-10 01:03:23 ----D---- C:\WINDOWS\ie7updates
2009-12-01 20:31:31 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-01 20:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-25 01:49:14 ----HD---- C:\Config.Msi
2009-11-25 01:00:56 ----SHD---- C:\WINDOWS\Installer
2009-11-25 01:00:56 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2007-07-12 11136]
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-01 17801]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
R3 ASUSVRC;ASUSTeK Virtual Capture Device; C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-12-19 37376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-12 4397568]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2007-07-12 10752]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 uecwekbk;uecwekbk; \??\C:\Program Files\Common Files\Microsoft Shared\uecwekbk.dll []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 mfefeatk01;McAfee Inc.; \Device\mfefeatk01.sys []
S3 mfefeatk02;McAfee Inc.; \Device\mfefeatk02.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-15 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-31 75064]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2); C:\Program Files\O2\bin\sprtsvc.exe [2009-03-04 202016]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
R3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe []
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-07-27 382320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WUSB54GSv2SVC;WUSB54GSv2SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2004-02-06 41025]

-----------------EOF-----------------



info.txt

info.txt logfile of random's system information tool 1.06 2009-12-20 12:21:31

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->E:\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Empires III - The WarChiefs-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\Program Files\InstallShield Installation Information\{70F8B183-99EB-4304-BA35-080E2DFFD2A3}\setup.exe -runfromtemp -l0x0409
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Aliens vs. Predator 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS GameFace Library-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS Smart Doctor-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1033
ASUS VideoSecurity Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Black and White-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->E:\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->E:\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->E:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Emperor: Rise of the Middle Kingdom 1.0.1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" -l0x9
EVE Online Demo-->"D:\Steam\steam.exe" steam://uninstall/8510
Galactic Civilizations II - Ultimate Edition-->D:\PROGRA~1\Kalypso\GALCIV~1\UNWISE.EXE D:\PROGRA~1\Kalypso\GALCIV~1\INSTALL.LOG
Galactic Civilizations II Demo-->D:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\UNWISE.EXE D:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\INSTALL.LOG
GameFace Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Gangsters-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hothouse Creations\Gangsters\Uninst.isu"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Half-Life: Opp. Force Multiplayer-->D:\SIERRA\HALF-L~1\gearbox\UNWISE.EXE D:\SIERRA\HALF-L~1\gearbox\INSTALL.LOG
Half-Life-->C:\WINDOWS\IsUninst.exe -fd:\SIERRA\Half-Life\Uninst.isu -c"d:\SIERRA\Half-Life\HLUNINST.DLL"
Heroes of Might and Magic® III-->C:\WINDOWS\IsUninst.exe -fd:\3do\Heroes3\Uninst.isu -c"d:\3do\Heroes3\uninst.dll
Heroes of Might and Magic® IV-->C:\WINDOWS\IsUninst.exe -f"d:\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Impulse-->"C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Media Player Codec Pack 3.8.0-->C:\WINDOWS\system32\C2MP\Uninst.exe
MediaMonkey 3.0-->"C:\Program Files\MediaMonkey\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01033}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog 2.1-->MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver-->MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Launcher-->MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Nvu 1.0PR-->"C:\Program Files\Nvu\unins000.exe"
O2 Broadband Assistant-->MsiExec.exe /X{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Port Royale 2-->D:\Port Royale 2\Uninstall.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{8CADD3F6-E808-4D48-893D-797B4849DE72}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Salford FTN95-->MsiExec.exe /X{E9214CE9-76C0-46FE-9BAE-2F74D068AA1C}
Search Settings 1.2.2-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Shogun - Total War - The Mongol Invasion-->C:\WINDOWS\IsUninst.exe -f"d:\Total War\Shogun - Total War\Uninst.isu"
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SimCity 4 Deluxe-->D:\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Solid Edge V20-->MsiExec.exe /X{886F91D5-4B45-45DC-938E-6B0276C6B015}
Spotify-->"D:\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarTopia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBC0E8C0-63AC-11D4-BEF2-00A0C9E0B324}\setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Theme Hospital-->C:\WINDOWS\uninst.exe -fd:\Bullfrog\Hospital\DeIsL1.isu
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
XviD Video Codec 1.1.2-01022007-->C:\Program Files\XviD\uninst.exe

Hosts File Missing
======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: DAVID
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 45241
Source Name: Service Control Manager
Time Written: 20091105163851.000000+000
Event Type: error
User:

Computer Name: DAVID
Event Code: 1003
Message: Error code 10000050, parameter1 aa09a68d, parameter2 00000000, parameter3 8052b8e0, parameter4 00000000.

Record Number: 45240
Source Name: System Error
Time Written: 20091105163716.000000+000
Event Type: error
User:

Computer Name: DAVID
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 45215
Source Name: Service Control Manager
Time Written: 20091105163443.000000+000
Event Type: error
User:

Computer Name: DAVID
Event Code: 10010
Message: The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Record Number: 45210
Source Name: DCOM
Time Written: 20091105071845.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID
Event Code: 7034
Message: The ATK Keyboard Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 45209
Source Name: Service Control Manager
Time Written: 20091105071423.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: DAVID
Event Code: 5028
Message: McAfee McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074\L\max++.00.x86

Process = C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


Record Number: 7695
Source Name: McLogEvent
Time Written: 20091219132939.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID
Event Code: 5028
Message: McAfee McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074\L\max++.00.x86

Process = C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


Record Number: 7694
Source Name: McLogEvent
Time Written: 20091219132939.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID
Event Code: 5028
Message: McAfee McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074\

Process = **\CHROME.EXE


Record Number: 7693
Source Name: McLogEvent
Time Written: 20091219132924.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID
Event Code: 5028
Message: McAfee McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074\

Process = **\CHROME.EXE


Record Number: 7692
Source Name: McLogEvent
Time Written: 20091219132915.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID
Event Code: 5028
Message: McAfee McShield service received an invalid filename from the NaiFiltr device driver.

Received name = \GLOBAL??\C2CAD972#4079#4fd3#A68D#AD34CC121074\L\{FF1D3D65-8EB9-4347-B8C5-C2EC822C6CC2}

Process = C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


Record Number: 7691
Source Name: McLogEvent
Time Written: 20091219132635.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=D:\My Documents - Work\Programs\Fortran;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"mod_path"=D:\My Documents - Work\Programs\Fortran\include
"f95include"=D:\My Documents - Work\Programs\Fortran\include
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"P_SCHEMA"=D:\Solid Edge V20\Schema

-----------------EOF-----------------




Malwarebytes' Anti-Malware Log
Malwarebytes' Anti-Malware 1.42
Database version: 3396
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/12/2009 12:08:24
mbam-log-2009-12-20 (12-08-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 244808
Time elapsed: 49 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 85
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\unpr (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_AntiSpyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe RUNDLL32.EXE NJHLMOL) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\David Craggs\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Craggs\Application Data\System Defender (Rogue.SystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\David Craggs\Local Settings\Temporary Internet Files\Content.IE5\X3V90DKR\Setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Craggs\Templates\curslib.dll (Spyware.Passwords) -> Delete on reboot.
C:\Documents and Settings\David Craggs\Templates\wincert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000108.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000109.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000116.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000226.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000245.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP2\A0000246.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP3\A0001245.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP3\A0001246.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002405.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002406.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002407.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002412.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002416.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002417.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6090AE00-C30A-42DA-80AF-AF7FB2EACC09}\RP4\A0002443.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wincert.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\curslib.dll (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\00006602.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Craggs\Application Data\System Defender\cookies.sqlite (Rogue.SystemDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\unpr.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Delete on reboot.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.



still being redirected when i click on google links.
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 9:25 am

Hi IwaYama

Back Up registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Services
    uecwekbk
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :Files
    C:\Program Files\Common Files\Microsoft Shared\uecwekbk.dll 
    
    :Commands
    
    [purity]
    [emptytemp]
    
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 20th, 2009, 9:45 am

thanks peku006 here is The text file from OTM


All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named uecwekbk was found to stop!
Unable to stop service uecwekbk!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
File/Folder C:\Program Files\Common Files\Microsoft Shared\uecwekbk.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: David Craggs
->Temp folder emptied: 35250023 bytes
->Temporary Internet Files folder emptied: 63024855 bytes
->Java cache emptied: 57801667 bytes
->FireFox cache emptied: 89201210 bytes
->Google Chrome cache emptied: 98773710 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3394067 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2181811 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 88834 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23916768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 413805 bytes
RecycleBin emptied: 11292866 bytes

Total Files Cleaned = 368.00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12202009_133448

Files moved on Reboot...

Registry entries deleted on Reboot...
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 9:58 am

Hi IwaYama

good job :thumbleft:

1 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Image
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 20th, 2009, 11:09 am

OK here they are;

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16945 (vista_gdr.091027-0049)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a4e6bb6216d2743888075aee417f004
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-20 03:03:35
# local_time=2009-12-20 03:03:35 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 464515 464515 0 0
# compatibility_mode=5121 16776533 100 96 2498605 14266226 0 0
# compatibility_mode=8192 67108863 100 0 3752 3752 0 0
# scanned=115728
# found=1
# cleaned=0
# scan_time=3516
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I



new highjackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:32, on 20/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
D:\steam\steam.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 9644 bytes
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 12:04 pm

Hi IwaYama

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery <== empty this folder

uninstall program

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following program

    Search Settings

    and click on remove

Please download gmer.zip from Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.
  • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  • In Command Prompt, type in net stop gmer. Press Enter.
  • Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 20th, 2009, 2:06 pm

Hi peku,
I tried to remove search settings as you stated but it would not remove and i received this error message box:

"Add or Remove Programs
The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personal for assistance."

and it stays in program list so not sure how else to uninstall it

I'll wait for your response before I continue to the next step (gmer.zip)
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 2:34 pm

Hi IwaYama

Download the Windows Installer Ceanup Utility here

Run this program and remove ONLY any entries for 'Search Settings

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 20th, 2009, 3:13 pm

couldn't get the program to run, it downloads and when i click 'run' a program window pops up for a split second then nothing.
would it work if i deleted the 'search settings' folder from the program files folder?
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 20th, 2009, 3:25 pm

Hi IwaYama
would it work if i deleted the 'search settings' folder from the program files folder?

no it is not enough

do not run GMER yet......

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Copy & paste the information in your next reply making sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].
If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Malware problem

Unread postby IwaYama » December 21st, 2009, 5:35 am

Peku006
Here is OTS file, thank-you for your time.

Code: Select all
OTS logfile created on: 21/12/2009 09:28:55 - Run 2
OTS by OldTimer - Version 3.1.12.0     Folder = C:\Documents and Settings\David Craggs\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 15.20 Gb Free Space | 51.90% Space Free | Partition Type: NTFS
Drive D: | 203.58 Gb Total Space | 137.42 Gb Free Space | 67.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 3.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DAVID
Current User Name: David Craggs
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\David Craggs\Desktop\OTS.exe -> [2009/12/21 09:21:20 | 00,598,528 | ---- | M] (OldTimer Tools)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/15 19:14:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
steam.exe -> D:\Steam\steam.exe -> [2009/11/12 05:27:29 | 01,217,808 | ---- | M] (Valve Corporation)
mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.)
mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe -> [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
pnkbstra.exe -> C:\WINDOWS\system32\PnkBstrA.exe -> [2009/03/31 19:08:44 | 00,075,064 | ---- | M] ()
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
sprtsvc.exe -> C:\Program Files\O2\bin\sprtsvc.exe -> [2009/03/04 14:52:58 | 00,202,016 | R--- | M] (SupportSoft, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2007/06/28 16:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
lssrvc.exe -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
pcsync2.exe -> C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe -> [2006/06/27 16:21:14 | 01,449,984 | ---- | M] (Time Information Services Ltd.)
mpapi3s.exe -> C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe -> [2006/06/09 10:37:18 | 00,471,552 | ---- | M] (Nokia Corporation)
servicelayer.exe -> C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -> [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\David Craggs\Desktop\OTS.exe -> [2009/12/21 09:21:20 | 00,598,528 | ---- | M] (OldTimer Tools)
netui1.dll -> C:\WINDOWS\system32\netui1.dll -> [2008/04/14 00:12:02 | 00,245,760 | ---- | M] (Microsoft Corporation)
netui0.dll -> C:\WINDOWS\system32\netui0.dll -> [2008/04/14 00:12:02 | 00,080,896 | ---- | M] (Microsoft Corporation)
ntlanman.dll -> C:\WINDOWS\system32\ntlanman.dll -> [2008/04/14 00:12:02 | 00,044,032 | ---- | M] (Microsoft Corporation)
netrap.dll -> C:\WINDOWS\system32\netrap.dll -> [2008/04/14 00:12:01 | 00,011,776 | ---- | M] (Microsoft Corporation)
linkinfo.dll -> C:\WINDOWS\system32\linkinfo.dll -> [2008/04/14 00:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation)
drprov.dll -> C:\WINDOWS\system32\drprov.dll -> [2008/04/14 00:11:52 | 00,014,336 | ---- | M] (Microsoft Corporation)
davclnt.dll -> C:\WINDOWS\system32\davclnt.dll -> [2008/04/14 00:11:51 | 00,025,088 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(WUSB54GSv2SVC) WUSB54GSv2SVC [Disabled | Stopped] ->  -> File not found
(WMPNetworkSvc) Windows Media Player Network Sharing Service [On_Demand | Stopped] ->  -> File not found
(WmiApSrv) WMI Performance Adapter [On_Demand | Stopped] ->  -> File not found
(VSS) Volume Shadow Copy [On_Demand | Stopped] ->  -> File not found
(UPS) Uninterruptible Power Supply [On_Demand | Stopped] ->  -> File not found
(SysmonLog) Performance Logs and Alerts [On_Demand | Stopped] ->  -> File not found
(SCardSvr) Smart Card [On_Demand | Stopped] ->  -> File not found
(NMIndexingService) NMIndexingService [On_Demand | Stopped] ->  -> File not found
(NBService) NBService [On_Demand | Stopped] ->  -> File not found
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] ->  -> File not found
(ATKKeyboardService) ATK Keyboard Service [Auto | Stopped] ->  -> File not found
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/11/15 19:14:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.)
(McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.)
(mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.)
(MBackMonitor) MBackMonitor [On_Demand | Stopped] -> C:\Program Files\McAfee\MBK\MBackMonitor.exe -> [2009/07/08 19:22:22 | 00,068,112 | ---- | M] (McAfee)
(MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/07/08 13:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\WINDOWS\system32\PnkBstrA.exe -> [2009/03/31 19:08:44 | 00,075,064 | ---- | M] ()
(sprtsvc_O2) SupportSoft Sprocket Service (O2) [Auto | Running] -> C:\Program Files\O2\bin\sprtsvc.exe -> [2009/03/04 14:52:58 | 00,202,016 | R--- | M] (SupportSoft, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard)
(MSIServer) Windows Installer [On_Demand | Stopped] -> C:\WINDOWS\System32\msiexec.exe -> [2008/04/14 00:12:28 | 00,078,848 | ---- | M] ()
(RpcLocator) Remote Procedure Call (RPC) Locator [On_Demand | Stopped] -> C:\WINDOWS\system32\locator.exe -> [2008/04/14 00:12:24 | 00,075,264 | ---- | M] ()
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [On_Demand | Stopped] -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -> [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.)
(NVSvc) NVIDIA Display Driver Service [Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2007/06/28 16:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation)
(McAfeeFramework) McAfee Framework Service [Unknown | Stopped] -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Common Files\LightScribe\LSSrvc.exe -> [2006/10/19 13:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
(ServiceLayer) ServiceLayer [On_Demand | Running] -> C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -> [2006/06/05 13:59:18 | 00,174,080 | ---- | M] (Nokia.)
(RSVP) QoS RSVP [On_Demand | Stopped] -> C:\WINDOWS\system32\rsvp.ini -> [2004/08/04 12:00:00 | 00,012,082 | ---- | M] ()
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\mfehidk.sys -> [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfeavfk.sys -> [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfesmfk.sys -> [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mfebopk.sys -> [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mferkdk.sys -> [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Mpfp.sys -> [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2008/07/01 15:48:36 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(USB_RNDIS) Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 18:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 16:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2008/03/21 20:30:04 | 00,043,528 | ---- | M] (Sonic Solutions)
(AtcL001) NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\l151x86.sys -> [2007/12/19 17:53:00 | 00,037,376 | ---- | M] (Atheros Communications, Inc.)
(npf) NetGroup Packet Filter Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\npf.sys -> [2007/11/15 20:30:48 | 00,034,064 | ---- | M] (CACE Technologies)
(Secdrv) Secdrv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(asusgsb) ASUS Virtual Video Capture Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\asusgsb.sys -> [2007/07/12 10:03:42 | 00,012,416 | ---- | M] (ASUSTeK Computer Inc.)
(Video3D) ASUS Video3D Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Video3D32.sys -> [2007/07/12 10:03:40 | 00,010,752 | ---- | M] (ASUSTeK COMPUTER INC.)
(EIO) EIO [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\EIO.sys -> [2007/07/12 10:03:38 | 00,012,288 | ---- | M] (ASUSTeK Computer Inc.)
(asuskbnt) Enhanced Display Driver Helper Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\atkkbnt.sys -> [2007/07/12 10:03:38 | 00,011,136 | ---- | M] (ASUSTeK COMPUTER INC.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007/06/28 16:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation)
(JRAID) JRAID [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\jraid.sys -> [2007/05/10 17:33:58 | 00,048,640 | R--- | M] (JMicron Technology Corp.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2007/04/12 19:04:40 | 04,397,568 | R--- | M] (Realtek Semiconductor Corp.)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2007/03/08 04:20:50 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2007/03/08 04:20:49 | 00,016,496 | R--- | M] (HP)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2007/03/08 04:20:48 | 00,049,920 | R--- | M] (HP)
(ASUSVRC) ASUSTeK Virtual Capture Device [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\AsusVRC.sys -> [2007/01/29 17:12:52 | 00,018,432 | ---- | M] (ASUSTeK COMPUTER INC.)
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcd.sys -> [2006/05/29 08:26:38 | 00,127,488 | ---- | M] (Nokia)
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdcj.sys -> [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia)
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdcm.sys -> [2006/05/29 08:26:36 | 00,013,312 | ---- | M] (Nokia)
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdc.sys -> [2006/05/29 08:26:36 | 00,008,704 | ---- | M] (Nokia)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004/08/14 08:00:00 | 00,005,810 | R--- | M] ()
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\GTNDIS5.sys -> [2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://scanyourpc-onlinex.com/pr.cgi?id=2847 -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://scanyourpc-onlinex.com/pr.cgi?id=2847 -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\] > -> -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\: Main\\"Start Page" -> about:blank -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\: SearchURL\\"" -> http://uk.search.yahoo.com/search?fr=mcafee&p=%s -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\: URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> C:\Program Files\Search Settings\kb128\SearchSettings.dll [SearchSettings Class] -> [2009/07/29 14:39:38 | 01,153,024 | ---- | M] (Spigot, Inc.)
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\David Craggs\Application Data\Mozilla\FireFox\Profiles\19pq91zp.default\prefs.js -> 
browser.search.param.yahoo-fr -> "chr-greentree_ff&type=616163" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 ->
extensions.enabledItems -> search@searchsettings.com:1.2.2 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> E:\MY DOCUMENTS\BROWSERRECORD -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2009/12/17 22:12:01 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{32EA29D8-4205-4797-8953-A028149A1D70} -> C:\DOCUMENTS AND SETTINGS\DAVID CRAGGS\LOCAL SETTINGS\APPLICATION DATA\{32EA29D8-4205-4797-8953-A028149A1D70}\ [C:\DOCUMENTS AND SETTINGS\DAVID CRAGGS\LOCAL SETTINGS\APPLICATION DATA\{32EA29D8-4205-4797-8953-A028149A1D70}\] -> [2009/12/15 05:29:15 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/11/17 22:59:58 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/11/28 20:25:01 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\David Craggs\Application Data\Mozilla\Extensions -> [2008/09/05 12:23:51 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\David Craggs\Application Data\Mozilla\Firefox\Profiles\19pq91zp.default\extensions -> [2009/12/08 12:10:09 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/12/08 12:10:09 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com -> [2009/09/19 16:55:48 | 00,000,000 | ---D | M]
Hosts file not found -> -> 
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2009/11/23 10:26:38 | 00,204,048 | ---- | M] (McAfee, Inc.)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"uecwekbk32" -> C:\WINDOWS\System32\uecwekbk32.DLL [rundll32 "C:\WINDOWS\system32\uecwekbk32.dll" uecwekbk] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"uecwekbk32" -> C:\WINDOWS\System32\uecwekbk32.DLL [rundll32 "C:\WINDOWS\system32\uecwekbk32.dll" uecwekbk] -> File not found
< Run [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ASUS SmartDoctor" -> C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start] -> [2007/07/18 15:20:34 | 01,114,112 | ---- | M] (ASUSTeK Inc.)
"Google Update" -> C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ["C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c] -> [2008/09/03 13:22:05 | 00,133,104 | ---- | M] (Google Inc.)
"PcSync" -> C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] -> [2006/06/27 16:21:14 | 01,449,984 | ---- | M] (Time Information Services Ltd.)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
"Steam" -> d:\steam\steam.exe ["d:\steam\steam.exe" -silent] -> [2009/11/12 05:27:29 | 01,217,808 | ---- | M] (Valve Corporation)
"updateMgr" -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< David Craggs Startup Folder > -> C:\Documents and Settings\David Craggs\Start Menu\Programs\Startup -> 
C:\Documents and Settings\David Craggs\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/08/18 14:49:56 | 00,384,000 | ---- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004] > -> HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{58ECB495-38F0-49cb-A538-10282ABF65E7}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\"{700259D7-1666-479a-93B1-3250410481E8}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{58ECB495-38F0-49cb-A538-10282ABF65E7}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\"{700259D7-1666-479a-93B1-3250410481E8}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{58ECB495-38F0-49cb-A538-10282ABF65E7}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
CmdMapping\\"{700259D7-1666-479a-93B1-3250410481E8}" [HKLM] -> C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> [2007/03/02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-854245398-1770027372-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com/products/acrobat/nos/gp.cab [get_atlcom Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{E3041394-428D-4B42-BCA6-3C30FD2EAC66}\\DhcpNameServer -> 192.168.1.254   (Linksys Wireless-G USB Network Adapter with SpeedBooster v2) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
\\.\globalroot\systemroot\system32\userinit.exe -> \\.\globalroot\systemroot\system32\userinit.exe -> [2008/04/14 00:12:38 | 00,026,112 | ---- | M] ()
*MultiFile Done* -> -> 
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
brastk.exe -> C:\WINDOWS\System32\svchost.exe [Debugger: svchost.exe] -> [2008/04/14 00:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -> C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [C:\Documents and Settings\David Craggs\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome] -> [2009/12/09 23:22:33 | 00,921,072 | ---- | M] (Google Inc.)
"C:\Documents and Settings\David Craggs\Local Settings\Temp\VRT1134.tmp" -> C:\Documents and Settings\David Craggs\Local Settings\Temp\VRT1134.tmp [C:\Documents and Settings\David Craggs\Local Settings\Temp\VRT1134.tmp:*:Enabled:installer] -> File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe" -> C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe [C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe] -> [2007/07/27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2009/10/28 06:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/11/17 22:59:54 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\O2\agent\bin\bcont.exe" -> C:\Program Files\O2\agent\bin\bcont.exe [C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe] -> [2009/06/04 10:51:46 | 01,000,096 | ---- | M] (SupportSoft, Inc.)
"C:\Program Files\O2\agent\bin\bcont_nm.exe" -> C:\Program Files\O2\agent\bin\bcont_nm.exe [C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe] -> [2009/06/04 10:51:54 | 01,278,624 | ---- | M] (SupportSoft, Inc.)
"C:\Program Files\O2\bin\wificfg.exe" -> C:\Program Files\O2\bin\wificfg.exe [C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe] -> [2009/03/04 14:53:38 | 00,136,480 | ---- | M] (SupportSoft, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" -> C:\WINDOWS\System32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] -> [2009/03/31 19:08:44 | 00,075,064 | ---- | M] ()
"C:\WINDOWS\system32\PnkBstrB.exe" -> C:\WINDOWS\System32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] -> [2009/04/11 23:17:29 | 00,189,784 | ---- | M] ()
"D:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe" -> D:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe [D:\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge] -> [2001/03/11 05:52:38 | 04,813,072 | ---- | M] (Westwood Studios)
"D:\EA Games\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe" -> D:\EA Games\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe [D:\EA Games\Command & Conquer The First Decade\Command & Conquer Renegade(tm)\Renegade\Game.exe:*:Enabled:Renegade] -> [2003/01/28 23:00:32 | 04,414,276 | ---- | M] (Westwood Studios)
"D:\EA Games\Red Alert 3\Data\ra3_1.10.game" -> D:\EA Games\Red Alert 3\Data\ra3_1.10.game [D:\EA Games\Red Alert 3\Data\ra3_1.10.game:*:Enabled:Command & Conquer™ Red Alert™ 3] -> [2009/03/31 15:45:29 | 16,364,816 | ---- | M] (Electronic Arts Inc.)
"D:\EA Games\Red Alert 3\Data\ra3_1.6.game" -> D:\EA Games\Red Alert 3\Data\ra3_1.6.game [D:\EA Games\Red Alert 3\Data\ra3_1.6.game:*:Enabled:Command & Conquer™ Red Alert™ 3] -> [2008/12/05 10:03:43 | 16,610,576 | ---- | M] (Electronic Arts Inc.)
"D:\Firefly Studios\Stronghold 2\Stronghold2.exe" -> D:\Firefly Studios\Stronghold 2\Stronghold2.exe [D:\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2] -> [2007/04/20 09:19:48 | 11,580,904 | ---- | M] (Firefly Studios)
"D:\Lionhead Studios Ltd\Black & White\runblack.exe" -> D:\Lionhead Studios Ltd\Black & White\runblack.exe [D:\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh] -> [2001/03/09 13:57:08 | 08,500,623 | ---- | M] (LionHead Studios Ltd.)
"D:\Microsoft Games\Age of Empires III\age3.exe" -> D:\Microsoft Games\Age of Empires III\age3.exe [D:\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III] -> [2007/08/07 16:22:12 | 09,710,464 | ---- | M] (Ensemble Studios)
"D:\Microsoft Games\Age of Empires III\age3x.exe" -> D:\Microsoft Games\Age of Empires III\age3x.exe [D:\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs] -> [2006/09/07 22:07:49 | 10,143,040 | ---- | M] (Ensemble Studios)
"D:\Spotify\spotify.exe" -> D:\Spotify\spotify.exe [D:\Spotify\spotify.exe:*:Enabled:Spotify] -> [2009/11/18 18:52:29 | 02,876,144 | ---- | M] (Spotify AB)
"D:\Steam\SteamApps\common\eve online\eve.exe" -> D:\Steam\SteamApps\common\eve online\eve.exe [D:\Steam\SteamApps\common\eve online\eve.exe:*:Enabled:EVE Online Demo] -> [2009/11/16 07:45:51 | 00,558,336 | ---- | M] (CCP hf.)
"E:\My Documents\realplay.exe" -> E:\My Documents\realplay.exe [E:\My Documents\realplay.exe:*:Enabled:RealPlayer] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2008/02/21 18:44:36 | 00,000,000 | ---- | M] ()
F:\AutoRun.exe [MZP | ] -> F:\AutoRun.exe [ CDFS ] -> [2001/05/23 18:05:40 | 01,136,640 | R--- | M] (Muckyfoot Productions)
F:\Autorun.inf [[Autorun] | open=Setup.now.exe | icon=sonow\r2.ico | ] -> F:\Autorun.inf [ CDFS ] -> [2002/04/23 08:42:25 | 00,000,050 | R--- | M] ()
G:\Autorun.inf [[autorun] | open=Launch.exe | icon=setup.ico | ] -> G:\Autorun.inf [ UDF ] -> [2006/10/06 06:23:55 | 00,000,044 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{577a3bf8-e0a6-11dc-a52c-806d6172696f}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell
\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell\AutoRun
\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell\AutoRun\command
\{577a3bf8-e0a6-11dc-a52c-806d6172696f}\Shell\AutoRun\command\\"" -> G:\Launch.exe [G:\Launch.exe] -> [2006/10/06 06:23:55 | 00,126,976 | R--- | M] (Macrovision Corporation)
\{8880c0a2-4e93-11dd-85c0-001839027caf}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8880c0a2-4e93-11dd-85c0-001839027caf}\Shell\AutoRun\command
\{8880c0a2-4e93-11dd-85c0-001839027caf}\Shell\AutoRun\command\\"" ->  [I:\] -> File not found
\{8880c0a2-4e93-11dd-85c0-001839027caf}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8880c0a2-4e93-11dd-85c0-001839027caf}\Shell\open\Command
\{8880c0a2-4e93-11dd-85c0-001839027caf}\Shell\open\Command\\"" ->  [rundll32.exe .\desktop.dll,InstallM] -> File not found
\{98a396ae-a537-11dd-85eb-001839027caf}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a396ae-a537-11dd-85eb-001839027caf}\Shell
\{98a396ae-a537-11dd-85eb-001839027caf}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a396ae-a537-11dd-85eb-001839027caf}\Shell\AutoRun
\{98a396ae-a537-11dd-85eb-001839027caf}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98a396ae-a537-11dd-85eb-001839027caf}\Shell\AutoRun\command
\{98a396ae-a537-11dd-85eb-001839027caf}\Shell\AutoRun\command\\"" -> I:\LaunchU3.exe [I:\LaunchU3.exe -a] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls -> 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
\\"AppSecDll" -> C:\WINDOWS\System32\wincert.dll [C:\WINDOWS\system32\wincert.dll] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\David Craggs\Desktop\OTS.exe -> [2009/12/21 09:21:20 | 00,598,528 | ---- | C] (OldTimer Tools)
 MSECACHE -> C:\Program Files\MSECACHE -> [2009/12/20 18:47:49 | 00,000,000 | ---D | C]
 msicuu2.exe -> C:\Documents and Settings\David Craggs\Desktop\msicuu2.exe -> [2009/12/20 18:47:07 | 00,359,656 | ---- | C] (Microsoft Corporation)
 ESET -> C:\Program Files\ESET -> [2009/12/20 14:02:30 | 00,000,000 | ---D | C]
 _OTM -> C:\_OTM -> [2009/12/20 13:34:48 | 00,000,000 | ---D | C]
 OTM.exe -> C:\Documents and Settings\David Craggs\Desktop\OTM.exe -> [2009/12/20 13:33:26 | 00,425,984 | ---- | C] (OldTimer Tools)
 ERDNT -> C:\WINDOWS\ERDNT -> [2009/12/20 13:33:14 | 00,000,000 | ---D | C]
 ERUNT -> C:\Program Files\ERUNT -> [2009/12/20 13:32:00 | 00,000,000 | ---D | C]
 erunt-setup.exe -> C:\Documents and Settings\David Craggs\Desktop\erunt-setup.exe -> [2009/12/20 13:31:31 | 00,791,393 | ---- | C] (Lars Hederer                                                )
 rsit -> C:\rsit -> [2009/12/20 12:21:22 | 00,000,000 | ---D | C]
 Malwarebytes -> C:\Documents and Settings\David Craggs\Application Data\Malwarebytes -> [2009/12/20 11:15:09 | 00,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/20 11:15:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/20 11:15:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/12/20 11:15:02 | 00,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/12/20 11:15:01 | 00,000,000 | ---D | C]
 mbam-setup.exe -> C:\Documents and Settings\David Craggs\Desktop\mbam-setup.exe -> [2009/12/20 11:13:33 | 04,844,296 | ---- | C] (Malwarebytes Corporation                                    )
 Spybot - Search & Destroy -> C:\Program Files\Spybot - Search & Destroy -> [2009/12/19 13:43:13 | 00,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy -> [2009/12/19 13:43:13 | 00,000,000 | ---D | C]
 spybotsd162 (1).exe -> C:\Documents and Settings\David Craggs\Desktop\spybotsd162 (1).exe -> [2009/12/19 10:07:51 | 16,409,960 | ---- | C] (Safer Networking Limited                                    )
 spybotsd162.exe -> C:\Documents and Settings\David Craggs\Desktop\spybotsd162.exe -> [2009/12/19 10:06:26 | 16,409,960 | ---- | C] (Safer Networking Limited                                    )
 Trend Micro -> C:\Program Files\Trend Micro -> [2009/12/15 06:03:07 | 00,000,000 | ---D | C]
 HJTInstall.exe -> C:\Documents and Settings\David Craggs\Desktop\HJTInstall.exe -> [2009/12/15 06:02:31 | 00,812,344 | ---- | C] (Trend Micro Inc.)
 {32EA29D8-4205-4797-8953-A028149A1D70} -> C:\Documents and Settings\David Craggs\Local Settings\Application Data\{32EA29D8-4205-4797-8953-A028149A1D70} -> [2009/12/15 05:29:15 | 00,000,000 | ---D | C]
 TCPIP.SYS.ORIGINAL -> C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL -> [2009/12/15 03:15:41 | 00,361,600 | ---- | C] (Microsoft Corporation)
 WSOXKDKGD_APDM -> C:\Documents and Settings\All Users\Application Data\WSOXKDKGD_APDM -> [2009/12/15 03:15:26 | 00,000,000 | -HSD | C]
 82c78be -> C:\Documents and Settings\All Users\Application Data\82c78be -> [2009/12/15 03:15:02 | 00,000,000 | -HSD | C]
 Tesco Application Form_files -> C:\Documents and Settings\David Craggs\Desktop\Tesco Application Form_files -> [2009/11/26 12:04:09 | 00,000,000 | ---D | C]
 SACore -> C:\Documents and Settings\LocalService\Application Data\SACore -> [2009/11/25 00:01:18 | 00,000,000 | ---D | M]
 Nvu -> C:\Documents and Settings\David Craggs\Application Data\Nvu -> [2009/11/22 16:39:35 | 00,000,000 | ---D | C]
 Nvu -> C:\Program Files\Nvu -> [2009/11/22 16:39:23 | 00,000,000 | ---D | C]
 WMTools Downloaded Files -> C:\Documents and Settings\David Craggs\Local Settings\Application Data\WMTools Downloaded Files -> [2009/11/22 16:38:49 | 00,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2008/07/16 00:00:24 | 00,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2008/03/13 23:11:09 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2008/02/21 18:46:35 | 00,000,000 | ---D | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2008/02/21 18:44:35 | 00,000,000 | --SD | M]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004UA.job -> [2009/12/21 09:22:01 | 00,001,004 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\David Craggs\Desktop\OTS.exe -> [2009/12/21 09:21:20 | 00,598,528 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1770027372-839522115-1004Core.job -> [2009/12/20 23:22:03 | 00,000,952 | ---- | M] ()
 msicuu2.exe -> C:\Documents and Settings\David Craggs\Desktop\msicuu2.exe -> [2009/12/20 18:47:07 | 00,359,656 | ---- | M] (Microsoft Corporation)
 Config.MPF -> C:\WINDOWS\System32\Config.MPF -> [2009/12/20 13:39:49 | 00,012,575 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/12/20 13:36:44 | 00,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/12/20 13:36:36 | 00,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\David Craggs\NTUSER.DAT -> [2009/12/20 13:35:20 | 08,650,752 | -H-- | M] ()
 ntuser.ini -> C:\Documents and Settings\David Craggs\ntuser.ini -> [2009/12/20 13:35:18 | 00,000,278 | -HS- | M] ()
 OTM.exe -> C:\Documents and Settings\David Craggs\Desktop\OTM.exe -> [2009/12/20 13:33:26 | 00,425,984 | ---- | M] (OldTimer Tools)
 NTREGOPT.lnk -> C:\Documents and Settings\David Craggs\Desktop\NTREGOPT.lnk -> [2009/12/20 13:32:00 | 00,000,611 | ---- | M] ()
 ERUNT.lnk -> C:\Documents and Settings\David Craggs\Desktop\ERUNT.lnk -> [2009/12/20 13:32:00 | 00,000,592 | ---- | M] ()
 erunt-setup.exe -> C:\Documents and Settings\David Craggs\Desktop\erunt-setup.exe -> [2009/12/20 13:31:31 | 00,791,393 | ---- | M] (Lars Hederer                                                )
 RSIT.exe -> C:\Documents and Settings\David Craggs\Desktop\RSIT.exe -> [2009/12/20 12:20:05 | 00,781,909 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/20 11:15:06 | 00,000,696 | ---- | M] ()
 mbam-setup.exe -> C:\Documents and Settings\David Craggs\Desktop\mbam-setup.exe -> [2009/12/20 11:13:44 | 04,844,296 | ---- | M] (Malwarebytes Corporation                                    )
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/12/19 14:51:52 | 00,013,646 | ---- | M] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/19 14:03:16 | 00,000,150 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\David Craggs\Desktop\Spybot - Search & Destroy.lnk -> [2009/12/19 13:43:18 | 00,000,933 | ---- | M] ()
 AuraSetup_1.4.12d.msi -> C:\Documents and Settings\David Craggs\Desktop\AuraSetup_1.4.12d.msi -> [2009/12/19 10:14:56 | 01,627,648 | ---- | M] ()
 spybotsd162 (1).exe -> C:\Documents and Settings\David Craggs\Desktop\spybotsd162 (1).exe -> [2009/12/19 10:07:51 | 16,409,960 | ---- | M] (Safer Networking Limited                                    )
 spybotsd162.exe -> C:\Documents and Settings\David Craggs\Desktop\spybotsd162.exe -> [2009/12/19 10:07:28 | 16,409,960 | ---- | M] (Safer Networking Limited                                    )
 New Database.odb -> C:\Documents and Settings\David Craggs\My Documents\New Database.odb -> [2009/12/18 15:07:51 | 00,002,186 | ---- | M] ()
 OpenOffice.org 3.1.lnk -> C:\Documents and Settings\David Craggs\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> [2009/12/18 15:01:28 | 00,000,864 | ---- | M] ()
 Steam.lnk -> C:\Documents and Settings\All Users\Desktop\Steam.lnk -> [2009/12/17 09:46:04 | 00,002,013 | ---- | M] ()
 Google Chrome.lnk -> C:\Documents and Settings\David Craggs\Desktop\Google Chrome.lnk -> [2009/12/16 17:22:56 | 00,002,337 | ---- | M] ()
 HijackThis.lnk -> C:\Documents and Settings\David Craggs\Desktop\HijackThis.lnk -> [2009/12/16 03:59:47 | 00,001,734 | ---- | M] ()
 atapi.sys -> C:\WINDOWS\System32\dllcache\atapi.sys -> [2009/12/15 17:47:51 | 00,096,512 | ---- | M] (Microsoft Corporation)
 Adobaf.dat -> C:\WINDOWS\Adobaf.dat -> [2009/12/15 14:46:07 | 00,000,120 | ---- | M] ()
 HJTInstall.exe -> C:\Documents and Settings\David Craggs\Desktop\HJTInstall.exe -> [2009/12/15 06:02:31 | 00,812,344 | ---- | M] (Trend Micro Inc.)
 Vzevineputehob.bin -> C:\WINDOWS\Vzevineputehob.bin -> [2009/12/15 05:29:18 | 00,000,000 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2009/12/15 04:43:51 | 00,000,659 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2009/12/15 04:43:51 | 00,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2009/12/15 04:43:51 | 00,000,211 | RHS- | M] ()
 409993625.BAT -> C:\Documents and Settings\David Craggs\409993625.BAT -> [2009/12/15 03:16:28 | 00,000,104 | ---- | M] ()
 TCPIP.SYS.ORIGINAL -> C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL -> [2009/12/15 03:15:41 | 00,361,600 | ---- | M] (Microsoft Corporation)
 hosts.20091219-140252.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20091219-140252.backup -> [2009/12/15 03:15:30 | 00,000,365 | RHS- | M] ()
 McDefragTask.job -> C:\WINDOWS\tasks\McDefragTask.job -> [2009/12/15 01:15:27 | 00,000,354 | ---- | M] ()
 spider.sav -> C:\Documents and Settings\David Craggs\My Documents\spider.sav -> [2009/12/15 01:00:28 | 00,000,372 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/12/10 09:20:14 | 00,525,946 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/12/10 09:20:14 | 00,444,802 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/12/10 09:20:14 | 00,072,360 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/12/10 01:03:54 | 00,001,393 | ---- | M] ()
 nStandard.bin -> C:\WINDOWS\System32\drivers\nStandard.bin -> [2009/12/06 06:08:20 | 00,196,608 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
 McQcTask.job -> C:\WINDOWS\tasks\McQcTask.job -> [2009/12/01 01:00:45 | 00,000,346 | ---- | M] ()
 HP job submission.doc -> C:\Documents and Settings\David Craggs\My Documents\HP job submission.doc -> [2009/11/27 14:11:51 | 00,098,304 | ---- | M] ()
 WEB-PAGES-CL-PUBLICATIONS.DOC -> C:\Documents and Settings\David Craggs\Desktop\WEB-PAGES-CL-PUBLICATIONS.DOC -> [2009/11/27 11:17:12 | 00,056,832 | ---- | M] ()
 tesco questions.doc -> C:\Documents and Settings\David Craggs\My Documents\tesco questions.doc -> [2009/11/26 22:34:47 | 00,087,552 | ---- | M] ()
 FurtherLearningGuidelinesOct2008.doc -> C:\Documents and Settings\David Craggs\Desktop\FurtherLearningGuidelinesOct2008.doc -> [2009/11/26 18:21:37 | 00,821,760 | ---- | M] ()
 appformtesco -> C:\Documents and Settings\David Craggs\Desktop\appformtesco -> [2009/11/26 12:04:40 | 00,116,206 | ---- | M] ()
 Tesco Application Form.htm -> C:\Documents and Settings\David Craggs\Desktop\Tesco Application Form.htm -> [2009/11/26 12:04:09 | 00,118,327 | ---- | M] ()
 mech_design_eng_tcm92-11501.pdf -> C:\Documents and Settings\David Craggs\Desktop\mech_design_eng_tcm92-11501.pdf -> [2009/11/25 19:28:36 | 00,105,583 | ---- | M] ()
 Nvu.lnk -> C:\Documents and Settings\David Craggs\Desktop\Nvu.lnk -> [2009/11/22 16:39:28 | 00,000,568 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/11/21 17:01:21 | 00,162,728 | ---- | M] ()
 
[Files - No Company Name]
 NTREGOPT.lnk -> C:\Documents and Settings\David Craggs\Desktop\NTREGOPT.lnk -> [2009/12/20 13:32:00 | 00,000,611 | ---- | C] ()
 ERUNT.lnk -> C:\Documents and Settings\David Craggs\Desktop\ERUNT.lnk -> [2009/12/20 13:32:00 | 00,000,592 | ---- | C] ()
 RSIT.exe -> C:\Documents and Settings\David Craggs\Desktop\RSIT.exe -> [2009/12/20 12:20:05 | 00,781,909 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/12/20 11:15:06 | 00,000,696 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/12/19 14:03:16 | 00,000,150 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\David Craggs\Desktop\Spybot - Search & Destroy.lnk -> [2009/12/19 13:43:18 | 00,000,933 | ---- | C] ()
 AuraSetup_1.4.12d.msi -> C:\Documents and Settings\David Craggs\Desktop\AuraSetup_1.4.12d.msi -> [2009/12/19 10:14:56 | 01,627,648 | ---- | C] ()
 New Database.odb -> C:\Documents and Settings\David Craggs\My Documents\New Database.odb -> [2009/12/18 15:02:40 | 00,002,186 | ---- | C] ()
 OpenOffice.org 3.1.lnk -> C:\Documents and Settings\David Craggs\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> [2009/12/18 15:01:28 | 00,000,864 | ---- | C] ()
 HijackThis.lnk -> C:\Documents and Settings\David Craggs\Desktop\HijackThis.lnk -> [2009/12/15 06:03:07 | 00,001,734 | ---- | C] ()
 Vzevineputehob.bin -> C:\WINDOWS\Vzevineputehob.bin -> [2009/12/15 05:29:18 | 00,000,000 | ---- | C] ()
 Adobaf.dat -> C:\WINDOWS\Adobaf.dat -> [2009/12/15 05:29:17 | 00,000,120 | ---- | C] ()
 409993625.BAT -> C:\Documents and Settings\David Craggs\409993625.BAT -> [2009/12/15 03:16:28 | 00,000,104 | ---- | C] ()
 HP job submission.doc -> C:\Documents and Settings\David Craggs\My Documents\HP job submission.doc -> [2009/11/27 14:11:51 | 00,098,304 | ---- | C] ()
 WEB-PAGES-CL-PUBLICATIONS.DOC -> C:\Documents and Settings\David Craggs\Desktop\WEB-PAGES-CL-PUBLICATIONS.DOC -> [2009/11/27 11:17:12 | 00,056,832 | ---- | C] ()
 FurtherLearningGuidelinesOct2008.doc -> C:\Documents and Settings\David Craggs\Desktop\FurtherLearningGuidelinesOct2008.doc -> [2009/11/26 18:21:37 | 00,821,760 | ---- | C] ()
 tesco questions.doc -> C:\Documents and Settings\David Craggs\My Documents\tesco questions.doc -> [2009/11/26 12:13:03 | 00,087,552 | ---- | C] ()
 appformtesco -> C:\Documents and Settings\David Craggs\Desktop\appformtesco -> [2009/11/26 12:04:40 | 00,116,206 | ---- | C] ()
 Tesco Application Form.htm -> C:\Documents and Settings\David Craggs\Desktop\Tesco Application Form.htm -> [2009/11/26 12:04:09 | 00,118,327 | ---- | C] ()
 mech_design_eng_tcm92-11501.pdf -> C:\Documents and Settings\David Craggs\Desktop\mech_design_eng_tcm92-11501.pdf -> [2009/11/25 19:28:36 | 00,105,583 | ---- | C] ()
 Nvu.lnk -> C:\Documents and Settings\David Craggs\Desktop\Nvu.lnk -> [2009/11/22 16:39:28 | 00,000,568 | ---- | C] ()
 {4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini -> [2009/09/14 15:08:59 | 00,000,728 | ---- | C] ()
 SIntfNT.dll -> C:\WINDOWS\System32\SIntfNT.dll -> [2009/09/06 21:44:23 | 00,021,840 | ---- | C] ()
 SIntf32.dll -> C:\WINDOWS\System32\SIntf32.dll -> [2009/09/06 21:44:23 | 00,017,212 | ---- | C] ()
 SIntf16.dll -> C:\WINDOWS\System32\SIntf16.dll -> [2009/09/06 21:44:23 | 00,012,067 | ---- | C] ()
 libmplayer.dll -> C:\WINDOWS\System32\libmplayer.dll -> [2009/08/27 19:04:44 | 00,557,003 | ---- | C] ()
 ff_x264.dll -> C:\WINDOWS\System32\ff_x264.dll -> [2009/08/27 19:04:32 | 00,811,835 | ---- | C] ()
 libavcodec.dll -> C:\WINDOWS\System32\libavcodec.dll -> [2009/08/27 19:03:52 | 04,456,201 | ---- | C] ()
 ff_kernelDeint.dll -> C:\WINDOWS\System32\ff_kernelDeint.dll -> [2009/08/25 18:07:36 | 00,328,334 | ---- | C] ()
 TomsMoComp_ff.dll -> C:\WINDOWS\System32\TomsMoComp_ff.dll -> [2009/08/25 17:38:04 | 00,425,040 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/08/25 16:56:56 | 00,829,781 | ---- | C] ()
 libmpeg2_ff.dll -> C:\WINDOWS\System32\libmpeg2_ff.dll -> [2009/08/25 16:37:02 | 00,146,098 | ---- | C] ()
 ff_unrar.dll -> C:\WINDOWS\System32\ff_unrar.dll -> [2009/06/02 17:15:44 | 00,113,152 | ---- | C] ()
 ff_tremor.dll -> C:\WINDOWS\System32\ff_tremor.dll -> [2009/06/02 17:15:18 | 00,146,944 | ---- | C] ()
 ff_samplerate.dll -> C:\WINDOWS\System32\ff_samplerate.dll -> [2009/06/02 17:15:04 | 00,183,296 | ---- | C] ()
 ff_libmad.dll -> C:\WINDOWS\System32\ff_libmad.dll -> [2009/06/02 17:14:56 | 00,178,688 | ---- | C] ()
 ff_libfaad2.dll -> C:\WINDOWS\System32\ff_libfaad2.dll -> [2009/06/02 17:14:30 | 00,486,400 | ---- | C] ()
 ff_libdts.dll -> C:\WINDOWS\System32\ff_libdts.dll -> [2009/06/02 17:13:58 | 00,257,024 | ---- | C] ()
 ff_liba52.dll -> C:\WINDOWS\System32\ff_liba52.dll -> [2009/06/02 17:13:50 | 00,142,848 | ---- | C] ()
 ff_wmv9.dll -> C:\WINDOWS\System32\ff_wmv9.dll -> [2009/06/02 17:11:26 | 00,098,304 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/06/02 17:11:16 | 00,085,504 | ---- | C] ()
 PnkBstrK.sys -> C:\WINDOWS\System32\drivers\PnkBstrK.sys -> [2009/03/02 13:52:01 | 00,138,944 | ---- | C] ()
 ts.dll -> C:\WINDOWS\System32\ts.dll -> [2009/01/10 22:17:32 | 00,163,840 | ---- | C] ()
 mkx.dll -> C:\WINDOWS\System32\mkx.dll -> [2009/01/10 22:16:56 | 00,148,480 | ---- | C] ()
 avi.dll -> C:\WINDOWS\System32\avi.dll -> [2009/01/10 22:16:50 | 00,108,032 | ---- | C] ()
 mp4.dll -> C:\WINDOWS\System32\mp4.dll -> [2009/01/10 22:16:14 | 00,141,312 | ---- | C] ()
 ogm.dll -> C:\WINDOWS\System32\ogm.dll -> [2009/01/10 22:15:54 | 00,120,832 | ---- | C] ()
 mmfinfo.dll -> C:\WINDOWS\System32\mmfinfo.dll -> [2009/01/10 22:15:44 | 00,159,744 | ---- | C] ()
 avss.dll -> C:\WINDOWS\System32\avss.dll -> [2009/01/10 22:15:32 | 00,102,400 | ---- | C] ()
 dxr.dll -> C:\WINDOWS\System32\dxr.dll -> [2009/01/10 22:15:28 | 00,246,784 | ---- | C] ()
 avs.dll -> C:\WINDOWS\System32\avs.dll -> [2009/01/10 22:15:12 | 00,097,280 | ---- | C] ()
 mkzlib.dll -> C:\WINDOWS\System32\mkzlib.dll -> [2009/01/10 22:14:08 | 00,079,360 | ---- | C] ()
 mkunicode.dll -> C:\WINDOWS\System32\mkunicode.dll -> [2009/01/10 22:14:06 | 00,023,552 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2008/12/19 08:40:36 | 00,354,816 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2008/12/03 22:11:50 | 00,180,224 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/11/06 16:37:32 | 03,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/11/06 16:34:00 | 00,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/09/16 00:11:10 | 00,012,288 | ---- | C] ()
 SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2008/08/30 03:27:26 | 00,000,487 | ---- | C] ()
 IYVU9_32.DLL -> C:\WINDOWS\System32\IYVU9_32.DLL -> [2008/08/29 21:48:04 | 00,056,832 | ---- | C] ()
 GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/07/01 15:48:36 | 00,094,208 | ---- | C] ()
 libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008/07/01 15:48:34 | 00,651,264 | ---- | C] ()
 ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008/07/01 15:48:34 | 00,147,456 | ---- | C] ()
 WLAN.INI -> C:\WINDOWS\System32\WLAN.INI -> [2008/07/01 15:48:26 | 00,001,383 | ---- | C] ()
 CDPlayer.ini -> C:\WINDOWS\CDPlayer.ini -> [2008/05/09 19:42:55 | 00,000,399 | ---- | C] ()
 sdbg.ini -> C:\WINDOWS\sdbg.ini -> [2008/02/29 08:13:30 | 00,000,308 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/02/22 17:26:54 | 00,000,069 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2008/02/21 23:09:08 | 00,000,376 | ---- | C] ()
 epoPGPsdk.dll.sig -> C:\WINDOWS\System32\epoPGPsdk.dll.sig -> [2008/02/21 22:43:02 | 00,000,280 | ---- | C] ()
 aticlocklib.dll -> C:\WINDOWS\aticlocklib.dll -> [2008/02/21 22:18:13 | 00,643,142 | ---- | C] ()
 R5ClkLib.dll -> C:\WINDOWS\R5ClkLib.dll -> [2008/02/21 22:18:13 | 00,110,592 | ---- | C] ()
 atkid.ini -> C:\WINDOWS\System32\atkid.ini -> [2008/02/21 22:18:12 | 00,000,018 | ---- | C] ()
 asfrench.dll -> C:\WINDOWS\System32\asfrench.dll -> [2008/02/21 22:18:11 | 00,046,592 | ---- | C] ()
 asrussian.dll -> C:\WINDOWS\System32\asrussian.dll -> [2008/02/21 22:18:11 | 00,046,080 | ---- | C] ()
 asgerman.dll -> C:\WINDOWS\System32\asgerman.dll -> [2008/02/21 22:18:11 | 00,046,080 | ---- | C] ()
 aseng.dll -> C:\WINDOWS\System32\aseng.dll -> [2008/02/21 22:18:11 | 00,046,080 | ---- | C] ()
 askorean.dll -> C:\WINDOWS\System32\askorean.dll -> [2008/02/21 22:18:11 | 00,045,568 | ---- | C] ()
 asjapan.dll -> C:\WINDOWS\System32\asjapan.dll -> [2008/02/21 22:18:11 | 00,045,568 | ---- | C] ()
 ASCHT.dll -> C:\WINDOWS\System32\ASCHT.dll -> [2008/02/21 22:18:11 | 00,045,568 | ---- | C] ()
 aschs.dll -> C:\WINDOWS\System32\aschs.dll -> [2008/02/21 22:18:11 | 00,045,568 | ---- | C] ()
 Ascd_log.ini -> C:\WINDOWS\Ascd_log.ini -> [2008/02/21 21:32:37 | 00,011,127 | ---- | C] ()
 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2008/02/21 21:32:29 | 00,005,810 | R--- | C] ()
 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2008/02/21 21:32:28 | 00,013,266 | ---- | C] ()
 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2008/02/21 21:32:22 | 00,010,288 | ---- | C] ()
 Registration.ini -> C:\WINDOWS\System32\Registration.ini -> [2007/10/13 09:30:20 | 00,000,137 | ---- | C] ()
 AgCPanelTraditionalChinese.dll -> C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll -> [2007/07/23 08:03:32 | 00,053,248 | ---- | C] ()
 AgCPanelSwedish.dll -> C:\WINDOWS\System32\AgCPanelSwedish.dll -> [2007/07/23 08:03:32 | 00,053,248 | ---- | C] ()
 AgCPanelSpanish.dll -> C:\WINDOWS\System32\AgCPanelSpanish.dll -> [2007/07/23 08:03:32 | 00,053,248 | ---- | C] ()
 AgCPanelSimplifiedChinese.dll -> C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 AgCPanelPortugese.dll -> C:\WINDOWS\System32\AgCPanelPortugese.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 AgCPanelKorean.dll -> C:\WINDOWS\System32\AgCPanelKorean.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 AgCPanelJapanese.dll -> C:\WINDOWS\System32\AgCPanelJapanese.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 AgCPanelGerman.dll -> C:\WINDOWS\System32\AgCPanelGerman.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 AgCPanelFrench.dll -> C:\WINDOWS\System32\AgCPanelFrench.dll -> [2007/07/23 08:03:30 | 00,053,248 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2007/07/10 17:10:12 | 00,000,547 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007/06/28 16:43:00 | 01,703,936 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007/06/28 16:43:00 | 01,474,560 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007/06/28 16:43:00 | 01,019,904 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007/06/28 16:43:00 | 00,466,944 | ---- | C] ()
 nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2007/06/28 16:43:00 | 00,286,720 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 13:58:52 | 00,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 13:53:56 | 00,026,489 | ---- | C] ()
 pthreadVC.dll -> C:\WINDOWS\System32\pthreadVC.dll -> [2006/04/22 23:00:10 | 00,053,299 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 14:39:28 | 00,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 14:39:28 | 00,026,040 | ---- | C] ()
 CddbCdda.dll -> C:\WINDOWS\System32\CddbCdda.dll -> [2005/12/07 12:31:00 | 00,202,752 | R--- | C] ()
 ASUSASV2.DLL -> C:\WINDOWS\System32\ASUSASV2.DLL -> [2004/10/11 11:19:00 | 00,092,672 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\System32\patchw32.dll -> [2002/02/27 16:50:00 | 00,197,120 | ---- | C] ()
< End of report >



here it is
IwaYama
Regular Member
 
Posts: 24
Joined: December 15th, 2009, 1:46 am

Re: Malware problem

Unread postby peku006 » December 21st, 2009, 6:40 am

Hi IwaYama

it seems that you have a problem with "Windows Installer"

This page may help that problem

and after that try to uninstall Search Settings

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware