Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Installer Services & Windows Restore have stopped working

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » January 21st, 2010, 3:19 pm

Hi WingMan -

1 - ran ERUNT successfully.

2 - ran ComboFix successfully - log fle attached.

3 - Downloaded Dial-a-fix from 1st link and received the following pop-up error when executed:

"FILE HEADER DAMAGED. ABORT OPERATION? YES NO"

I tried the alternate link and that worked.

Computer - Both Windows 'update' and 'installer' are now working.

Windows 'restore' still does not work.

Thank you, George/TENMEG

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 10-01-18.02 - TENMEG 01/21/2010 8:28.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.220 [GMT -7:00]
Running from: c:\documents and settings\TENMEG\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\TENMEG\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\beep.sys . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-20 01:20 . 2010-01-20 01:20 -------- dc----w- c:\program files\NCH Software
2010-01-20 01:07 . 2010-01-20 01:07 -------- dc----w- c:\documents and settings\TENMEG\Local Settings\Application Data\WMTools Downloaded Files
2010-01-20 00:32 . 2010-01-20 00:32 -------- dc----w- c:\documents and settings\TENMEG\Application Data\NCH Swift Sound
2010-01-18 13:43 . 2010-01-18 13:43 -------- dc----w- C:\FOOD-RECEIPES
2010-01-13 18:27 . 2010-01-13 18:27 -------- dc----w- C:\rsit
2010-01-13 15:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-13 14:38 . 2010-01-13 14:40 -------- dc----w- C:\MalwareFix
2009-12-28 16:49 . 2009-12-28 16:52 -------- dc----w- C:\PCToolsFireWall
2009-12-24 21:13 . 2010-01-05 19:40 -------- dc----w- C:\HJT Log 12_24
2009-12-24 21:12 . 2009-12-24 21:12 -------- dc----w- C:\New Folder (7)
2009-12-24 21:07 . 2009-12-24 21:08 -------- dc----w- C:\New HJT LOG FILES 12_24
2009-12-24 20:07 . 2009-12-24 20:07 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-24 19:52 . 2010-01-20 01:20 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-12-24 19:51 . 2010-01-20 01:20 -------- dc----w- c:\program files\NCH Swift Sound
2009-12-24 19:40 . 2009-12-24 19:40 -------- dc----w- C:\New Folder (5)
2009-12-24 18:30 . 2009-12-24 20:09 -------- dc----w- C:\HP External HardDisk
2009-12-24 17:56 . 2009-12-24 17:59 -------- dc----w- c:\documents and settings\TENMEG\Application Data\HpUpdate
2009-12-24 17:14 . 2009-12-24 17:14 -------- dc----w- C:\SeaToolsDOS217EURO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 00:05 . 2008-08-11 05:28 -------- dc----w- c:\documents and settings\TENMEG\Application Data\mjusbsp
2010-01-18 19:44 . 2008-08-17 16:25 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Intuit
2010-01-18 14:45 . 2008-08-17 16:30 3636 -c--a-w- c:\documents and settings\TENMEG\Application Data\wklnhst.dat
2010-01-16 04:43 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Sites
2010-01-16 04:43 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\SiteClasses
2010-01-15 22:51 . 2008-08-09 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 22:51 . 2008-11-15 19:24 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 23:07 . 2008-08-09 19:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2008-08-09 19:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-24 20:09 . 2009-12-24 20:09 11264 -c--a-r- c:\documents and settings\TENMEG\Application Data\Microsoft\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
2009-12-24 19:26 . 2006-01-21 02:45 -------- d-----w- c:\program files\HPQ
2009-12-24 17:56 . 2006-01-21 02:55 -------- d-----w- c:\program files\Hp
2009-12-24 16:59 . 2009-12-24 16:59 93016 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ug00000\magicJack.dll
2009-12-24 16:58 . 2010-01-20 00:05 6515976 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\setup.exe
2009-12-24 16:58 . 2010-01-04 05:10 6515976 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\Upgrade\setup2.exe
2009-12-24 16:58 . 2009-12-24 16:58 6515976 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ug00000\setup.exe
2009-12-24 16:58 . 2009-12-24 16:58 416328 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\magicJackLoader.exe
2009-12-24 16:58 . 2009-12-24 16:58 480608 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\octvqe1_apiw.dll
2009-12-24 16:58 . 2009-12-24 16:58 214360 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\TjVista.dll
2009-12-24 16:58 . 2009-12-24 16:58 337240 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\TjIpSys.dll
2009-12-24 16:58 . 2009-12-24 16:58 607600 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-12-24 16:58 . 2009-12-24 16:58 87384 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\st00000\mjsetup.exe
2009-12-24 16:57 . 2009-12-24 16:57 93016 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\st00000\magicJack.dll
2009-12-24 16:57 . 2009-12-24 16:57 93016 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\magicJack.dll
2009-12-24 16:55 . 2009-12-24 16:55 12482904 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\magicJack.exe
2009-12-24 16:54 . 2010-01-20 00:05 730032 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\install.exe
2009-12-24 16:54 . 2010-01-04 05:10 730032 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\Upgrade\install2.exe
2009-12-24 16:54 . 2009-12-24 16:54 730032 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ug00000\install.exe
2009-12-24 16:53 . 2009-12-24 16:53 87384 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\mjsetup.exe
2009-12-24 16:53 . 2009-12-24 16:53 93016 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\magicJack.dll
2009-12-24 16:52 . 2009-12-24 16:52 441704 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 441704 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-12-24 16:52 . 2009-12-24 16:52 50520 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe
2009-12-21 17:00 . 2009-12-11 16:15 2066200 -c--a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-29 17:23 . 2006-01-21 02:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-29 17:22 . 2009-11-29 17:22 -------- dc----w- c:\program files\Maxtor
2009-11-21 15:51 . 2004-08-04 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-31 18:49 . 2008-12-04 22:09 65823 -c--a-w- c:\documents and settings\TENMEG\Application Data\magicJackOutlookAddIn\magicJackOutlookAddInUninst.exe
2009-10-29 07:45 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll
2009-07-26 19:40 . 2009-07-26 19:40 16409960 -c--a-w- c:\program files\ypsybotsd162.exe
2009-07-26 18:30 . 2009-07-26 18:30 1460840 -c--a-w- c:\program files\HousecallLauncher.exe
2008-09-05 04:35 . 2008-09-05 04:36 785920 -c--a-w- c:\program files\HP Product Detection.msi
2008-09-05 04:35 . 2008-09-05 04:36 3584 -c--a-w- c:\program files\1033.MST
2008-08-20 00:28 . 2008-08-20 00:28 461 -c--a-w- c:\program files\Shortcut to iTunes.lnk
2008-06-26 22:22 . 2008-06-26 22:22 812344 -c--a-w- c:\program files\HJTInstall.exe
2006-03-09 21:32 . 2006-03-09 21:32 3752 -c--a-w- c:\program files\SP32338.CVA
2006-02-21 08:12 . 2006-02-21 08:12 11085 -c--a-w- c:\program files\cpl309bk.cat
2006-02-06 21:02 . 2006-02-06 21:02 32572 -c--a-w- c:\program files\cpl309bk.inf
2006-01-26 07:53 . 2006-01-26 07:53 472 -c--a-w- c:\program files\cpl309bk.ini
2005-08-22 22:07 . 2005-08-22 22:07 1035008 -c--a-w- c:\program files\HSF_DPV.sys
2005-08-22 21:06 . 2005-08-22 21:06 231424 -c--a-w- c:\program files\HSFHWATI.sys
2005-08-22 21:06 . 2005-08-22 21:06 718464 -c--a-w- c:\program files\HSF_CNXT.sys
2005-08-18 17:13 . 2005-08-18 17:13 133528 -c--a-w- c:\program files\HSFProf.cty
2005-08-12 20:01 . 2005-08-12 20:01 577536 -c--a-w- c:\program files\HXFSetup.exe
2005-06-20 14:57 . 2005-06-20 14:57 110592 -c--a-w- c:\program files\uci32100.dll
2004-03-17 16:04 . 2004-03-17 16:04 13059 -c--a-w- c:\program files\MDMXSDK.sys
2004-03-17 16:00 . 2004-03-17 16:00 86016 -c--a-w- c:\program files\MdmXSdk.dll
2002-02-04 20:39 . 2002-02-04 20:39 23 -c--a-w- c:\program files\disk1
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys


[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-11 09:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 08:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 -c--a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" [2009-12-24 50520]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-04 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

c:\documents and settings\user\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-8-5 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-27 00:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0\\Photoshp.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\SWSETUP\\AppInstl\\Setup.exe"=
"c:\\Program Files\\Microsoft Works\\WksWP.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\filters\\ac3config.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\TENMEG\\Application Data\\mjusbsp\\magicJack.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/26/2009 5:35 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/26/2009 5:35 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/26/2009 5:34 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/26/2009 5:34 PM 297752]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 2:06 AM 231424]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [1/7/2009 12:48 PM 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [1/7/2009 12:48 PM 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [1/7/2009 12:48 PM 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [1/7/2009 12:48 PM 90880]
S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [6/13/2007 3:35 PM 705536]
S3 cpuz128;cpuz128;\??\c:\docume~1\TENMEG\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\TENMEG\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [12/6/2007 10:32 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [12/6/2007 10:32 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [12/6/2007 10:32 AM 60816]
S3 RTCore32;RTCore32;\??\c:\program files\RightMark Memory Analyzer\RTCore32.sys --> c:\program files\RightMark Memory Analyzer\RTCore32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2009-08-30 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-01-17 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://hp-desktop.aol.com/
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27F
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www.update
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 08:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?5?1?1??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\windows\system32\locator.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Completion time: 2010-01-21 08:47:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-21 15:47
ComboFix2.txt 2010-01-19 02:29
ComboFix3.txt 2010-01-05 19:17
ComboFix4.txt 2009-08-13 23:11

Pre-Run: 57,452,580,864 bytes free
Post-Run: 57,601,228,800 bytes free

- - End Of File - - 20CECBF41760BC80BA077849C7335D6D
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm
Advertisement
Register to Remove

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 21st, 2010, 5:53 pm

Hello tenmeg,
Thanks for letting me know about that link...Let's continue...

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 3.
Dial-a-fix
You should still have this on your desktop.
  1. Double click on Dial-a-fix.exe to run it.
    At the bottom...in the same section as the Go and Exit buttons...
  2. Press the Hammer/Tool button.
  3. Highlight the "Reinstall System Restore" line. You see a brief description of what is performed.
  4. Click on the GO...button. This button...will grey out. When done...The GO button will be black again.
  5. Click on Exit to close Dial-a-fix. Restart your computer and try the System Restore feature.. Post back, let me know if it works.

If the SR feature still does not work, please provide some details on what isn't working...
Does SR just not even open? Does it come up but there are no SR points to choose? Can you create a System Restore point? ... etc.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. System Restore OK?
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » January 22nd, 2010, 6:03 pm

Hi WingMan,

1.Any problem executing the instructions? - no problems
2.System Restore OK? - Yes - I'm amazed that that there is product that fixes these basic windows problems - if you go to windows web site there are many steps they recommend but none really work and there is no one defintive web page that address these various problems.
3.How is the computer behaving? After system restore was repaired another nagging problem was also corrected - on every start up my computer tried to run Chk Disk on drive C; but failed each time. Correcting the system restore corrected that problem
as well. Thanks

George/TENMEG
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 23rd, 2010, 11:06 am

Hello George/tenmeg,
Well, that sounds great! :D Now, there are some programs that need to be updated as older versions are a security risk.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given. lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Print these instructions or copy them. You will be closing your browser!!

Step 1.
ERUNT - Emergency Recovery Utility NT
Now that the various Windows functions are working, let's back up the registry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update the Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee Security Scan.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may receive a prompt...
  2. If prompted to install "Adobe DLM" This software is not a requirement to obtain the latest Adobe Reader software...so the choice is yours.
    The Adobe (DLM) Download Manager... allows you to "pick up where you left off", if your download process is interrupted. A good idea if you are using dial-up.
    If you choose to install Adobe DLM, it will start the download automatically. Adobe DLM software removal instructions available here...if wanted.
  3. If not using Adobe DLM...click on the highlighted "click here to download" text, to begin the Reader download.
    Save the file to your desktop.
    Uninstall OLD Adobe Reader
  4. Please uninstall Adobe Reader before installing the latest version... Go to Start > Control Panel
  5. Double click on Add/Remove Programs... Locate:
    Adobe Reader 8.1.2
  6. Click on Change/Remove to uninstall it. Once uninstalled... Close and exit Control Panel.
    Install NEW Adobe Reader
  7. Click on the Adobe Acrobat Reader (AdbeRdrxx_en_US.exe) icon, on your desktop... to install the new (free) version.
    The Adobe Reader download file name will be different, depending on the language or OS chosen. xx in the name = version numbers.
  8. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  9. When the installation is complete... Close and re-open your Internet browser.
An alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.

Step 3.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  3. Click the "Download" button to the right.
  4. Select your Platform: "Windows"... then check "I agree to the (current update version) License Agreement.".
  5. Click Continue and the page will refresh.
  6. Locate the entry for Windows Offline Installation and click on the file name, save the file to your desktop.
    Dial-up users: You may want to check the "Windows Offline Installation" box and opt to use...
    "Download Selected with Sun Download Manager". The download can be restarted, in case it's interrupted.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Close any programs you may have running - especially your web browser.
  2. Go to Start > Settings > Control Panel.
  3. Double-click on Add/Remove Programs ...remove all older versions of Java.
  4. Locate the following program(s):
    Java(TM) 6 Update 6
  5. Click the Remove or Change/Remove button...follow any onscreen instructions for the Java uninstaller.
  6. When the Java components are removed... Exit Add/remove Programs and Control Panel.
    Delete old Java Folder
    • Right click on the Start...button.
    • Select Explore...from the menu.
    • Navigate to and find the following folder: if found, delete it.
      It's possible it may have been removed by the uninstall steps
      C:\Program Files\Java\ <==== delete this entire folder
    • When finished, close and exit Explorer.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... double-click on jre-6u18-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.
If you choose to update via the Java applet in Control Panel, uncheck the option to install the Google Toolbar unless you want it.

Step 4.
RSIT (Random's System Information Tool)
You should still have this program on your desktop. If so, just ignore the download instructions.
Please download RSIT by random/random... save it to your desktop.
Attention!
In order for both info and log files to be produced again, I need you to delete the existing RSIT folder:
  1. C:\RSIT <-- delete this entire folder , then...
  2. Double click on RSIT.exe to run it.
  3. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... 2 (Notepad) text files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    These log files can be found in the C:\RSIT folder
  4. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT - log.txt and info.txt file contents.
  3. How is the computer behaving, any problems?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » January 23rd, 2010, 3:22 pm

Hi WingMan -

1.Any problem executing the instructions? - No problems.
2.RSIT - log.txt and info.txt file contents. - Log and Info txt files attached
3.How is the computer behaving, any problems? - Seems to be operating normally - The Old Java - I never could update it due to the Installer Services not working. One thing I notice - The Reply part of the the bulletin board acts squirrly when I added the log and info txt files - by that I mean the scroll bar on the right wants to jump up and down at the end of a new entry so that you have to carefully scroll to the botton of the last entry in order to add the next file??

thanks - George/TENMEG

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of random's system information tool 1.06 (written by random/random)
Run by TENMEG at 2010-01-23 11:59:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 510 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:34 AM, on 1/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\TENMEG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TENMEG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 9946 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-23 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-04 185896]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-11 1085440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-27 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe [2009-12-24 50520]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-27 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe"="C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe:*:Enabled:Adobe Photoshop 5.0"
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe"="C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\SWSETUP\AppInstl\Setup.exe"="C:\SWSETUP\AppInstl\Setup.exe:*:Enabled:Software Setup"
"C:\Program Files\Microsoft Works\WksWP.exe"="C:\Program Files\Microsoft Works\WksWP.exe:*:Enabled:Microsoft Works Word Processor"
"C:\Program Files\K-Lite Codec Pack\filters\ac3config.exe"="C:\Program Files\K-Lite Codec Pack\filters\ac3config.exe:*:Enabled:AC3Filter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\TENMEG\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\TENMEG\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2010-01-23 11:59:11 ----DC---- C:\rsit
2010-01-23 11:42:58 ----DC---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-23 11:42:23 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-23 11:42:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-23 11:42:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-23 11:42:22 ----A---- C:\WINDOWS\system32\java.exe
2010-01-23 11:41:57 ----DC---- C:\Program Files\Java
2010-01-22 15:11:36 ----DC---- C:\Scripts
2010-01-21 10:58:17 ----DC---- C:\SeaGate
2010-01-21 09:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-01-21 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-01-21 09:11:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 09:10:09 ----D---- C:\WINDOWS\temp
2010-01-21 09:03:17 ----SHDC---- C:\RECYCLER
2010-01-21 08:47:29 ----AC---- C:\ComboFix.txt
2010-01-19 18:20:04 ----DC---- C:\Program Files\NCH Software
2010-01-19 17:32:27 ----DC---- C:\Documents and Settings\TENMEG\Application Data\NCH Swift Sound
2010-01-18 06:43:05 ----DC---- C:\FOOD-RECEIPES
2010-01-15 10:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-15 10:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 07:38:08 ----DC---- C:\MalwareFix
2010-01-05 12:00:58 ----A---- C:\WINDOWS\zip.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\sed.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\grep.exe
2009-12-28 09:49:03 ----DC---- C:\PCToolsFireWall
2009-12-24 14:13:46 ----DC---- C:\HJT Log 12_24
2009-12-24 14:12:49 ----DC---- C:\New Folder (7)
2009-12-24 14:07:45 ----DC---- C:\New HJT LOG FILES 12_24
2009-12-24 13:07:11 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-24 12:52:03 ----DC---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-12-24 12:51:30 ----DC---- C:\Program Files\NCH Swift Sound
2009-12-24 12:40:47 ----DC---- C:\New Folder (5)
2009-12-24 11:30:24 ----DC---- C:\HP External HardDisk
2009-12-24 11:29:55 ----AC---- C:\HP Hard Disk.txt
2009-12-24 10:56:30 ----DC---- C:\Documents and Settings\TENMEG\Application Data\HpUpdate
2009-12-24 10:14:52 ----DC---- C:\SeaToolsDOS217EURO

======List of files/folders modified in the last 1 months======

2010-01-23 11:58:09 ----DC---- C:\AstroCamera
2010-01-23 11:45:05 ----DC---- C:\Config.Msi
2010-01-23 11:44:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 11:43:26 ----A---- C:\WINDOWS\ModemLog_UTStarcom USB Modem.txt
2010-01-23 11:42:56 ----SHD---- C:\WINDOWS\Installer
2010-01-23 11:42:23 ----D---- C:\WINDOWS\system32
2010-01-23 11:41:57 ----RDC---- C:\Program Files
2010-01-23 09:57:55 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-23 09:56:13 ----DC---- C:\Program Files\Common Files\Adobe
2010-01-23 09:55:40 ----DC---- C:\Program Files\Adobe
2010-01-23 09:53:00 ----D---- C:\WINDOWS\WinSxS
2010-01-23 09:31:34 ----D---- C:\WINDOWS\ERDNT
2010-01-23 09:14:41 ----DC---- C:\$AVG8.VAULT$
2010-01-23 09:11:26 ----D---- C:\WINDOWS
2010-01-22 17:01:38 ----DC---- C:\Obama
2010-01-22 14:46:51 ----A---- C:\WINDOWS\imsins.BAK
2010-01-22 14:26:19 ----SHD---- C:\System Volume Information
2010-01-22 14:26:19 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 13:04:15 ----D---- C:\WINDOWS\security
2010-01-22 12:02:04 ----D---- C:\WINDOWS\system32\dllcache
2010-01-22 12:01:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 12:36:09 ----SDC---- C:\Documents and Settings\TENMEG\Application Data\Microsoft
2010-01-21 10:52:39 ----A---- C:\WINDOWS\bizpub32.INI
2010-01-21 10:08:13 ----HD---- C:\WINDOWS\inf
2010-01-21 09:49:38 ----D---- C:\Program Files\Internet Explorer
2010-01-21 09:49:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 09:11:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-21 08:47:32 ----DC---- C:\Qoobox
2010-01-21 08:43:59 ----D---- C:\WINDOWS\Prefetch
2010-01-21 08:40:51 ----AC---- C:\WINDOWS\system.ini
2010-01-21 08:34:07 ----D---- C:\WINDOWS\AppPatch
2010-01-21 08:34:06 ----DC---- C:\Program Files\Common Files
2010-01-21 08:23:05 ----DC---- C:\desktop
2010-01-19 17:05:47 ----DC---- C:\Documents and Settings\TENMEG\Application Data\mjusbsp
2010-01-18 12:44:23 ----DC---- C:\Documents and Settings\TENMEG\Application Data\Intuit
2010-01-18 12:38:49 ----A---- C:\WINDOWS\QUICKEN.INI
2010-01-15 21:43:02 ----DC---- C:\Documents and Settings\TENMEG\Application Data\Sites
2010-01-15 21:43:02 ----DC---- C:\Documents and Settings\TENMEG\Application Data\SiteClasses
2010-01-15 18:40:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-15 15:51:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 12:58:19 ----D---- C:\WINDOWS\network diagnostic
2010-01-08 10:56:50 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-05 12:15:58 ----SD---- C:\WINDOWS\Tasks
2010-01-04 17:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-25 18:35:19 ----A---- C:\WINDOWS\ulead32.ini
2009-12-25 10:57:00 ----DC---- C:\xmas pixs
2009-12-24 12:40:35 ----DC---- C:\realchange
2009-12-24 12:26:00 ----D---- C:\Program Files\HPQ
2009-12-24 12:25:56 ----D---- C:\SWSETUP
2009-12-24 11:39:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-24 10:56:41 ----D---- C:\Program Files\Hp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-26 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-27 1345536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-08-08 376320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-01 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-01 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-20 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter; C:\WINDOWS\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 AdfuUd;USB 2.0 (FS) ADFU Device; C:\WINDOWS\System32\Drivers\AdfuUd.sys [2004-09-16 12634]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda2;C-Media USB Audio Interface; C:\WINDOWS\system32\drivers\cmuda2.sys [2004-01-05 705536]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 cpuz128;cpuz128; \??\C:\DOCUME~1\TENMEG\LOCALS~1\Temp\cpuz_x32.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-21 1035008]
S3 lgatbus;LG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-05-19 16772]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RTCore32;RTCore32; \??\C:\Program Files\RightMark Memory Analyzer\RTCore32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWMX00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys []
S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-06-09 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-27 376832]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-26 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-26 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-23 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-27 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-10-11 102400]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

+++++++++++++++++++++++++++++++++++++++++++++++++++++++


info.txt logfile of random's system information tool 1.06 2010-01-23 11:59:38

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\ImageReady 1.0\DeIsL1.isu" -c"C:\Program Files\Adobe\ImageReady 1.0\Uninst.dll"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression 6-->C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9_C2 -removeonly
Canon MP Navigator 2.2-->"C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 User Registration-->C:\Program Files\Canon\IJEREG\MP530\UNINST.EXE
Canon MP530-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
C-Media USB WDM Audio Driver-->C:\WINDOWS\system32\cmdrvrm.exe
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Design & Print Business Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D078FC45-EE0A-4898-8C21-C7254CEBB52E}\setup.exe" -l0x9
Digital Camera Driver-->MsiExec.exe /I{A9E9574E-F5D3-49FB-BA3F-FD5942810E7E}
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EPSON CX8400 User's Guide-->C:\Program Files\epson\guide\cx8400_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX8400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Face-OP 2.0-->C:\WINDOWS\cadkasdeinst01e.exe "C:\Program Files\Face-OP 2.0\"
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HP User Guides 0008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
K-Lite Codec Pack 3.2.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140011_16625e2e\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9
LGUsbDriver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB866374-B705-4749-83D9-997AC77146B3}\setup.exe"
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magellan RoadMate Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4304BE34-6DDA-46CC-ADAB-77990DC77ED5}\Setup.exe" -l0x9
Magic RM RAM to MP3 Converter 2.61-->"C:\Program Files\Magic RM to MP3 Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - City Select North America v7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E8DA0DB7-51C7-4D47-A9FC-51F206ED0045} /l1033
Maxtor Manager-->MsiExec.exe /I{4D36E953-4456-4F8F-BC44-90BC4AA59889}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
Mp3 Workshop 1.1-->"C:\Program Files\Mp3 Workshop\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Palm Desktop for Garmin iQue 3600-->MsiExec.exe /X{2BCB62F5-7EC5-4637-8F7A-2E7F5B437A70}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
ParetoLogic DriverCure-->C:\Program Files\ParetoLogic\DriverCure\uninstall.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Presto! PageManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
QuickLink Mobile-->C:\PROGRA~1\Cricket\QUICKL~1\UNWISE.EXE C:\PROGRA~1\Cricket\QUICKL~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Real Alternative 1.31-->"C:\Program Files\Real Alternative\unins000.exe"
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Reimage Repair-->C:\Program Files\Reimage\Reimage Repair\uninst.exe
Replay Converter 2.50-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Converter\irunin.ini"
Replay Music 2.51-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay Music 2\irunin.ini"
Replay Radio and Replay A/V 7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay7\irunin.ini"
Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
RM-to-MP3-Converter 2.0-->"C:\Program Files\RM-to-MP3-Converter\unins000.exe"
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Task Manager 1.7f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Slice Audio File Splitter-->C:\Program Files\NCH Swift Sound\Slice\uninst.exe
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
The Sprinkler Designer-->"c:\diyonline\Uninstal.exe"
TurboTax 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier Investments 2006-->C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
Ulead Drop Spot 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BCC5640-5360-11D4-A44A-0000E86D2305}\setup.exe"
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Ulead PhotoImpact 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0F02CE0-491C-11D4-A44A-0000E86D2305}\setup.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB Audio-->C:\WINDOWS\CmiUSBUninstall.exe C:\PROGRA~1\USBAUD~1#USB Audio
UTStarcom USB Modem Software-->C:\Program Files\UTStarcom\UTStarcom USB Modem Driver\UTS_Uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

=====HijackThis Backups=====

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - [2009-08-17]
O15 - Trusted Zone: http://forums.cnet.com [2010-01-05]
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2010-01-05]
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe [2010-01-05]
O15 - Trusted Zone: http://download.windowsupdate.com [2010-01-05]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: 2WIRE200
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 22157
Source Name: Disk
Time Written: 20091201221108.000000-420
Event Type: warning
User:

Computer Name: 2WIRE200
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 22156
Source Name: Disk
Time Written: 20091201221101.000000-420
Event Type: warning
User:

Computer Name: 2WIRE200
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 22153
Source Name: Disk
Time Written: 20091201221056.000000-420
Event Type: warning
User:

Computer Name: 2WIRE200
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 22152
Source Name: Disk
Time Written: 20091201221026.000000-420
Event Type: warning
User:

Computer Name: 2WIRE200
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 22151
Source Name: Disk
Time Written: 20091201221023.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: 2WIRE200
Event Code: 491
Message: wuauclt (488) An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Record Number: 57443
Source Name: ESENT
Time Written: 20090910153110.000000-420
Event Type: error
User:

Computer Name: 2WIRE200
Event Code: 491
Message: wuauclt (480) An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Record Number: 57442
Source Name: ESENT
Time Written: 20090910153110.000000-420
Event Type: error
User:

Computer Name: 2WIRE200
Event Code: 491
Message: wuauclt (3056) An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Record Number: 57441
Source Name: ESENT
Time Written: 20090910153110.000000-420
Event Type: error
User:

Computer Name: 2WIRE200
Event Code: 491
Message: wuauclt (1388) An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Record Number: 57440
Source Name: ESENT
Time Written: 20090910143317.000000-420
Event Type: error
User:

Computer Name: 2WIRE200
Event Code: 491
Message: wuauclt (3468) An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).

Record Number: 57439
Source Name: ESENT
Time Written: 20090910143317.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2402
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 23rd, 2010, 4:29 pm

Hello George/tenmeg,
All the logs posted look good... I'm not sure the " bulletin board acts squirrly " would be attributed to any malware. Probably more than likely an interface problem with the browser at the time.
Let's get some scans run to make sure there is nothing hiding anywhere OK?

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me.
Please read these instructions carefully before executing and then perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Now that the various Windows functions are working, let's back up the registry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed, except the System Volume entries
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 3.
ESET NOD32 Online Scan
Note: You - will - need to use Internet Explorer for this scan!
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember, enable your Anti-virus protection... before continuing!

If you made any changes since your last post... added/removed programs, updated software, added new hardware, etc, please run the RSIT step and post accordingly. Otherwise the should be no change and it's not needed.

Step 4.
Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced.<<will be maximized
  3. Please post ONLY the "log.txt", file contents in your next reply.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results.
  3. ESET scan results.
  4. RSIT - log.txt file contents (if applicable).
  5. How is the computer behaving, any problems?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » January 25th, 2010, 3:09 pm

Hi WingMan -

1.Any problem executing the instructions? -- No problems
2.MBAM scan results. -- Log file attached below
3.ESET scan results. -- Log file attached below
4.RSIT - log.txt file contents (if applicable). -- Log file attached below
5.How is the computer behaving, any problems? Computer is running normal - no problems.

Thanks, George/TENMEG

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.44
Database version: 3572
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/25/2010 10:23:24 AM
mbam-log-2010-01-25 (10-23-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 245769
Time elapsed: 1 hour(s), 28 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a70cc4cabeca654ab4ecb6e3685f9052
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-25 06:52:58
# local_time=2010-01-25 11:52:58 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 49836158 49836158 0 0
# compatibility_mode=768 16777215 100 0 14596168 14596168 0 0
# compatibility_mode=1024 16777191 100 0 9508377 9508377 0 0
# compatibility_mode=5890 16777214 0 2 14862319 14862319 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106137
# found=0
# cleaned=0
# scan_time=3927

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of random's system information tool 1.06 (written by random/random)
Run by TENMEG at 2010-01-25 12:02:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 510 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:00 PM, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\TENMEG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\TENMEG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A87A24C-6F1D-46F8-A1DF-997C7B5DBA4B}: NameServer = 172.28.221.53 172.28.221.54
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

--
End of file - 10165 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\DriverCure.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-27 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-26 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-23 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-26 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-12-04 185896]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-11 1085440]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-27 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-11 2043160]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe [2009-12-24 50520]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-09-27 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-26 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe"="C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe:*:Enabled:Adobe Photoshop 5.0"
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe"="C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe:*:Enabled:AceFTP v3"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\SWSETUP\AppInstl\Setup.exe"="C:\SWSETUP\AppInstl\Setup.exe:*:Enabled:Software Setup"
"C:\Program Files\Microsoft Works\WksWP.exe"="C:\Program Files\Microsoft Works\WksWP.exe:*:Enabled:Microsoft Works Word Processor"
"C:\Program Files\K-Lite Codec Pack\filters\ac3config.exe"="C:\Program Files\K-Lite Codec Pack\filters\ac3config.exe:*:Enabled:AC3Filter"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\TENMEG\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\TENMEG\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======List of files/folders created in the last 1 months======

2010-01-25 10:33:26 ----D---- C:\WINDOWS\LastGood
2010-01-25 10:33:24 ----DC---- C:\Program Files\ESET
2010-01-23 11:59:11 ----DC---- C:\rsit
2010-01-23 11:42:58 ----DC---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-23 11:42:23 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-23 11:42:23 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-23 11:42:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-23 11:42:22 ----A---- C:\WINDOWS\system32\java.exe
2010-01-23 11:41:57 ----DC---- C:\Program Files\Java
2010-01-22 15:11:36 ----DC---- C:\Scripts
2010-01-21 10:58:17 ----DC---- C:\SeaGate
2010-01-21 09:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-01-21 09:49:03 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-01-21 09:11:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 09:10:09 ----D---- C:\WINDOWS\temp
2010-01-21 09:03:17 ----SHDC---- C:\RECYCLER
2010-01-21 08:47:29 ----AC---- C:\ComboFix.txt
2010-01-19 18:20:04 ----DC---- C:\Program Files\NCH Software
2010-01-19 17:32:27 ----DC---- C:\Documents and Settings\TENMEG\Application Data\NCH Swift Sound
2010-01-18 06:43:05 ----DC---- C:\FOOD-RECEIPES
2010-01-15 10:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-15 10:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 07:38:08 ----DC---- C:\MalwareFix
2010-01-05 12:00:58 ----A---- C:\WINDOWS\zip.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\sed.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 12:00:58 ----A---- C:\WINDOWS\grep.exe
2009-12-28 09:49:03 ----DC---- C:\PCToolsFireWall

======List of files/folders modified in the last 1 months======

2010-01-25 12:02:48 ----D---- C:\WINDOWS\Prefetch
2010-01-25 12:01:25 ----A---- C:\WINDOWS\ModemLog_UTStarcom USB Modem.txt
2010-01-25 10:33:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-25 10:33:26 ----D---- C:\WINDOWS
2010-01-25 10:33:24 ----RDC---- C:\Program Files
2010-01-25 09:03:55 ----DC---- C:\$AVG8.VAULT$
2010-01-25 08:53:35 ----D---- C:\WINDOWS\ERDNT
2010-01-25 08:43:10 ----DC---- C:\Obama
2010-01-23 23:01:21 ----DC---- C:\Documents and Settings\TENMEG\Application Data\SiteClasses
2010-01-23 13:04:48 ----DC---- C:\Documents and Settings\TENMEG\Application Data\Sites
2010-01-23 12:05:34 ----SHD---- C:\WINDOWS\Installer
2010-01-23 12:05:33 ----DC---- C:\Config.Msi
2010-01-23 11:58:09 ----DC---- C:\AstroCamera
2010-01-23 11:44:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 11:42:23 ----D---- C:\WINDOWS\system32
2010-01-23 09:57:55 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-23 09:56:13 ----DC---- C:\Program Files\Common Files\Adobe
2010-01-23 09:55:40 ----DC---- C:\Program Files\Adobe
2010-01-23 09:53:00 ----D---- C:\WINDOWS\WinSxS
2010-01-22 14:46:51 ----A---- C:\WINDOWS\imsins.BAK
2010-01-22 14:26:19 ----SHD---- C:\System Volume Information
2010-01-22 14:26:19 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 13:04:15 ----D---- C:\WINDOWS\security
2010-01-22 12:02:04 ----D---- C:\WINDOWS\system32\dllcache
2010-01-22 12:01:51 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 12:48:07 ----DC---- C:\HP External HardDisk
2010-01-21 12:36:09 ----SDC---- C:\Documents and Settings\TENMEG\Application Data\Microsoft
2010-01-21 10:52:39 ----A---- C:\WINDOWS\bizpub32.INI
2010-01-21 10:08:13 ----HD---- C:\WINDOWS\inf
2010-01-21 09:49:38 ----D---- C:\Program Files\Internet Explorer
2010-01-21 09:49:19 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 09:11:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-21 08:47:32 ----DC---- C:\Qoobox
2010-01-21 08:40:51 ----AC---- C:\WINDOWS\system.ini
2010-01-21 08:34:07 ----D---- C:\WINDOWS\AppPatch
2010-01-21 08:34:06 ----DC---- C:\Program Files\Common Files
2010-01-21 08:23:05 ----DC---- C:\desktop
2010-01-19 18:20:13 ----DC---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2010-01-19 18:20:01 ----DC---- C:\Program Files\NCH Swift Sound
2010-01-19 17:05:47 ----DC---- C:\Documents and Settings\TENMEG\Application Data\mjusbsp
2010-01-18 12:44:23 ----DC---- C:\Documents and Settings\TENMEG\Application Data\Intuit
2010-01-18 12:38:49 ----A---- C:\WINDOWS\QUICKEN.INI
2010-01-15 15:51:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 12:58:19 ----D---- C:\WINDOWS\network diagnostic
2010-01-08 10:56:50 ----D---- C:\WINDOWS\system32\NtmsData
2010-01-05 12:40:12 ----DC---- C:\HJT Log 12_24
2010-01-05 12:15:58 ----SD---- C:\WINDOWS\Tasks
2010-01-04 17:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-26 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-26 108552]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-27 1345536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-08-08 376320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-01 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-01 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-20 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter; C:\WINDOWS\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S3 AdfuUd;USB 2.0 (FS) ADFU Device; C:\WINDOWS\System32\Drivers\AdfuUd.sys [2004-09-16 12634]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 cmuda2;C-Media USB Audio Interface; C:\WINDOWS\system32\drivers\cmuda2.sys [2004-01-05 705536]
S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 44256]
S3 cpuz128;cpuz128; \??\C:\DOCUME~1\TENMEG\LOCALS~1\Temp\cpuz_x32.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-21 1035008]
S3 lgatbus;LG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-05-19 16772]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 RTCore32;RTCore32; \??\C:\Program Files\RightMark Memory Analyzer\RTCore32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SMNDIS5;SMNDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SWMX00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys []
S3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-06-09 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-27 376832]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-26 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-26 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-23 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-27 182768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-10-11 102400]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 25th, 2010, 5:09 pm

Hi George,
Things looks pretty good. :)
However it looks like the database used in the last MBAM scan was out of date.
The database used in your scan was (3572) current database, as of this post (3638) . Please UPDATE MBAM and rescan.

If this MBAM scan is clean, we'll do some final cleanup and I'll give some recommendations for keeping your computer more secure.
Thanks for hanging in there. :)

Step 1.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button.
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check everything to be removed, except the System Volume entries
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 2.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. New updated MBAM scan results
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 28th, 2010, 1:00 pm

3 Day Response
Hey George?
It has been more than 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » January 29th, 2010, 3:52 pm

Hi WingMan -Attached is the Malware updated full scan .

1.Any problem executing the instructions? - NO PROBLEMS
2.New updated MBAM scan results - MALWARE TXT LOG ATTACHED
3.How is the computer behaving? - COMPUTER OPERATES NORMALLY - NO PROBLEMS TO REPORT

SORRY - I JUST GOT BUSY ON OTHER PROJECTS WHERE I NEEDED THE COMPUTER & FULL SCAN TAKES HOURS.

THANKS - GEORGE/TENMEG


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Malwarebytes' Anti-Malware 1.44
Database version: 3657
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/29/2010 12:43:14 PM
mbam-log-2010-01-29 (12-43-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 247606
Time elapsed: 1 hour(s), 13 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » January 29th, 2010, 4:51 pm

Hello George/tenmeg,
MBAM was clean... all other logs looked good too. It took a while but...
Congratulations... your computer now appears to be malware free! :)
Unless you have other malware related issues, let's do some final cleanup.

Step 1.
ComboFix - Cleanup
Make sure ComboFix.exe is on your desktop!
  1. Press the Windows Key + R or Click Start...select Run from the menu.
  2. Copy and paste the following into the text entry box:
    Combofix /Uninstall
  3. Click the OK button. (See image below as reference.)
Image

Step 2.
OTC
Let's perform some housekeeping and cleanup some of the tools we used.
Please download OTC.exe... by OldTimer. Save it to your desktop.
  1. Double click on OTC.exe.
    If you receive the "Open File - Security Warning" prompt, press "Run".
  2. Click on CleanUp!.
  3. Click "Yes" to the Begin cleanup process? prompt.
  4. Click "Yes" ... when prompted to reboot the computer to remove files.
Your computer should restart automatically. If it doesn't, please do so manually.

Step 3.
Create a new - clean SRP (System Restore Point)
Now that you're clean, it's a great time to create a new, clean SRP and remove any old, possibly compromised, entries.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like All Clean... then press the Create... button.
  4. When finished... press the Close...button.
Remove old SRP entries
  1. Now... Go to Start > Run... type in: cleanmgr...press the OK...button.
    The Disk Cleanup begins "calculating" space savings by compressing old files. This could take several minutes.
  2. When available... select the More Options... tab.
  3. In the System Restore section... Press the Clean up...button.
  4. Reply Yes to the prompt. Press the X to close and exit.
    All existing restore points will be deleted... except the new one you just created.

You have ERUNT... this is handy, in case Windows System Restore fails. Check the readme.txt file to see how to make daily backups.

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this already. Very good scanner, use it often, check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

Spybot Search and Destroy
Can provide some additional protection with the Immunize feature.
Download it from © Safer Networking Ltd. Just choose a mirror and off you go.
A Spybot tutorial can be found Here.

SpywareBlaster
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Can be used to manage startup items and provide protection for HOSTS files and more...
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol... provides limited real-time protection)

Firetrust SiteHound
You can find information and download it from © Firetrust Ltd

3rd Party Firewall
If you have one installed, great, make sure it's enabled and functioning properly.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world.
Firewalls protect against hackers and malicious intruders.
If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in both directions... from one of these excellent vendors:
  1. Comodo (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
  2. ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
  3. Ashampoo
  4. Agnitum
  5. Sunbelt/Kerio ... (30 day free trial)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that
any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a very basic firewall.
This firewall is NO replacement for a dedicated software solution.
Remember to install and have active, only one firewall at the same time.


Read, stay informed.
Please check out these articles:
Tony Klein's "How did I get infected in the first place?"
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post.
Once I receive you reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.


Stay Safe! 8)
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » February 1st, 2010, 7:47 am

3 Day Response
Hello George :)
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
If you do not reply to this thread within 24 hours, it will be closed!
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby tenmeg » February 2nd, 2010, 4:58 am

Hi WingMan - I was out of town - I was able to run and perform the following:

1 - ComboFix - Cleanup
2 - OTC.exe
3 - Create a new SRP
4 - Remove old SRP entries
5 - I attempted to run both Secunia Software Inspector & F-Secure Health Check but neither seemed to work - Secunia stated that it could not find or load my Java Applet - both programs required JAVA to be present - I checked Control Panel and it said I have Java 6 Update 18?? Is there a distinct between what they call a Java Applet and Java 6 or are they one and the same?

6 - I already had Win Xp Update enabled for automatic updates.
7 - Downloaded COMODO firewall to replace my Windows XP firewall.
8 - I have used other virus programs but found Malwarebytes to be the best.


Thank you for all of your help - I have used your web site in the past for various problems but your instructions and support was exceptional in detail and throughness that went way beyond any prior experiences thank you, thank you . . .George/TENMEG
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Installer Services & Windows Restore have stopped working

Unread postby Wingman » February 2nd, 2010, 9:29 am

Hello George/tenmeg
Thanks for posting back... good job on what you've done to help protect your computer. :thumbright:
tenmeg wrote:5 - I attempted to run both Secunia Software Inspector & F-Secure Health Check but neither seemed to work - Secunia stated that it could not find or load my Java Applet - both programs required JAVA to be present - I checked Control Panel and it said I have Java 6 Update 18?? Is there a distinct between what they call a Java Applet and Java 6 or are they one and the same?
Evidently the Secunia link had changed... the Secunia link was pointing to an Online Scanner... what you want is the Secunia Personal Software Inspector... this does not use Java. I can't explain the F-Secure (strictly an online scan) issue... make sure you have Java enabled, check you Internet Settings in IE ... but I have changed my links for these 2 software products... here are links to both, that you can try again. The Secunia product actually installs on your computer and you can run it from week to week so it can check for any updates or patches.
Secunia Personal Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

tenmeg wrote:Thank you for all of your help - I have used your web site in the past for various problems but your instructions and support was exceptional in detail and throughness that went way beyond any prior experiences thank you, thank you . . .George/TENMEG
Wow... thank you sir. :sunny: My teachers will be glad to hear this.

Thanks for hanging in there. :) I now will request this topic be closed, as resolved.

Glad we could help.
Surf Safely!! ;)
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Installer Services & Windows Restore have stopped working

Unread postby Gary R » February 2nd, 2010, 12:27 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware