Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anti-virus scan problems - AVG, Malware bytes Anti-malware,

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 9th, 2010, 9:46 pm

Hi,

Here are my HJT and uninstall logfiles below.

The problem: Malware bytes, AVG and Spybot Search and Destroy seem to show no problem results. However, the computer is showing that it hasn't been scanned with AVG since Dec 18 although I've seen AVG scan and finish scanning several times a week. Around December 18 the PC started getting very slow. Also the Anti-Malware program has difficulty running. And to add to my suspicions, we now have an icon at the bottom right of the screen for a SQL server service manager which we never did anything to ask for. (We're not running more than one computer in the house; there's no network.) I"m wondering if we've been attacked by malware that manages to bipass these anti-virus programs. Can you please help? Thank you in advance. Rachel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:27 PM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride

= *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [zNWTP9zg1X] C:\Documents and Settings\All

Users\Application Data\uxwnajwj\ixgpevct.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1

\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1

\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80

\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program

Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-

47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... web_site.c

ab?1171163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-

Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program

Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software -

C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software -

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7203 bytes


602PC SUITE
ACD Media Support Package 1.0
ACDSee 7.0 PowerPack
ACS PC Atlas
Acs PC Atlas Manual
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop Album 2.0 Starter Edition
Apple Mobile Device Support
Apple Software Update
AtamA 2.1
Audacity 1.2.6
AVG Free 9.0
Bejeweled 2 Deluxe 1.0
Bejeweled Deluxe 1.861
Big Kahuna Reef 2 - Chain Reaction
Blackhawk Striker
Blasterball 2 from Hewlett-Packard Desktops (remove only)
BlasterBall Wild from Hewlett-Packard Desktops (remove only)
Bonjour
BookWorm Deluxe 1.0y
Bounce Out
Burn4Free CD & DVD 1.1.5.0
Calculator Powertoy for Windows XP
CmdHere Powertoy For Windows XP
CodeBaby Player (Remove Only) 1.0.2.19
Collapse
Collectorz.com Photo Collector
Colour@Home II
Compatibility Pack for the 2007 Office system
Dark Orbit from Hewlett-Packard Desktops (remove only)
DFX for MUSICMATCH
Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)
DivX
DivX Player
DVD Copy Plus
DVD X Rescue
DVD43 v3.6.2
DVDx 2.0
DVDXCopy Platinum 3.2.1
Dynomite Deluxe 2.71
eMule
Enhanced Multimedia Keyboard Solution
EPSON Copy Utility
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Excavation from Hewlett-Packard Desktops (remove only)
GearDrivers
GemMaster 3 from Hewlett-Packard Desktops (remove only)
GenuTax Standard
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hormonal Forecaster v 4.0
Hormonal Forecaster v 5.2
Hormonal Forecaster v 5.2 (C:\Program Files\Hormonal Forecaster\)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hoyle Card Games 5
hp deskjet 3600
HP Deskjet printer preloaded drivers
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Memories Disc
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photo and Imaging 2.0 - Deskjet Series
HP Photosmart printers preloaded drivers
hp print screen utility
HTML Slideshow Powertoy for Windows XP
Image Resizer Powertoy for Windows XP
Image Uploader for PC
InCD
Intel(R) Extreme Graphics Driver
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Janus 3 Demo All Modules
Janus 3.0 Update 23 Apr 2003
Jigsaw 2 Manual
JigSaw v2
Last.fm 1.5.4.24567
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Shockwave Player
Magnifier Powertoy for Windows XP
Malwarebytes' Anti-Malware
Match-Up!
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Carioca Rummy
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer Administration Kit 5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Resource Kit
Microsoft Office XP Web Components
Microsoft SQL Server Desktop Engine
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.8)
Mozilla Thunderbird (2.0.0.9)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicmatch® Jukebox
Nero 7 Demo
Nimo Codecs Pack v4.4 (Remove Only)
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
OmniPass
PC-Doctor for Windows
PDFCreator
Philips Device Manager
Philips Device Plug-in
Pinnacle Hollywood FX 4.6
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RingMaster from Hewlett-Packard Desktops (remove only)
Roxio Backup MyPC
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SF5 Manual
Shockwave
ShowBiz DVD
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
Skype 2.5
Slideshow Generator Powertoy for Windows XP
Slingo Quest
Snowboard Extreme from Hewlett-Packard Desktops (remove only)
Solar Fire v5
Solar Maps Manual
Space Rocks from Hewlett-Packard Desktops (remove only)
Spybot - Search & Destroy
Studio 8
Super Gem Drop
Timershot Powertoy for Windows XP
toolkit
Travelaxe
TuneUp Utilities
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Veetle TV 0.9.16
Virtual Desktop Manager Powertoy for Windows XP
Virtual Warfare from Hewlett-Packard Desktops (remove only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
Weblink
WildTangent Channel Manager
WildTangent GameChannel (remove only)
WinAce Archiver
Windows XP Creativity Fun Packs - Windows XP Power Toys
Windows XP Service Pack 3
Windows XP Video Screensaver Powertoy
Windows XP Winter Fun Pack for Windows Movie Maker 2
WinPatrol
WinZip
WordPerfect Productivity Pack
WordPerfect Productivity Pack
WOW
WOW Love
XviD MPEG-4 Video Codec
XviD MPEG-4 video codec v2.1
Zuma Deluxe! 1.0

leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm
Advertisement
Register to Remove

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 13th, 2010, 9:44 am

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backing up using Cobian Backup.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


============================================


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

eMule

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate eMule and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.



Turn Off WordWrap

  • Click Start > All Programs > Accessories > Notepad
  • On the menu bar in Notepad select Format
  • Click on WordWrap so it appears UNchecked
  • Close notepad



CKScanner
Download CKScanner from here
  • Important - Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)


In your next reply:
  1. RSIT log.txt
  2. RSIT info.txt
  3. CKFiles.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 13th, 2010, 12:42 pm

Hi Melboy,
Thank you for looking into my computer problem.

I"m having problem with the first step -the Cobian backup. I downloaded the version 8 black moon as suggested but I"m getting this error message when backing up my C:

3/13/2010 11:36:21 AM **** Backup for "Backup 2" started ****
3/13/2010 11:36:24 AM Creating or updating the archive "G:\c:// 2010-03-13 11;36;24.zip"
ERR 3/13/2010 11:36:43 AM Error while creating or updating the archive "G:\c:// 2010-03-13 11;36;24.zip": Cannot create file "G:\c:\ 2010-03-13 11;36;24.zip". The filename, directory name, or volume label syntax is incorrect
3/13/2010 11:36:43 AM **** Backup for "Backup 2" ended. 0 file(s) were backed up. (Elapsed time: 0 hour(s), 0 minute(s), 19 second(s)) ****
ERR 3/13/2010 11:36:43 AM The backup contains 1 error(s)

I've tried twice now. I don't know if this is a problem on my end and how to fix it or if this is because version 8 is no longer current and receiving updates. On the site they mention there is a beta version 9.

Can you please suggest what I do here? I've got a G: hard drive plugged in with plenty of GB space (70GB free). I thought that would be the best place to put the backup. Could it be that it doesn't have enough room? Should I move to version 9 beta of Cobian?

Thanks in advance. Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 13th, 2010, 1:15 pm

Hi Rachel.

The Bleeping Computer Tutorial is meant as a suggestion for those that don't have a means to backup otherwise. By all means try Cobian Backup 9 if you wish to use Cobian Backup.

If you have other means to backup your system, feel free to use that instead.


Then complete the steps below the from "With reference to Malware Removal's P2P Programs Policy, please uninstall...etc" as they are.


Let me know if you have any further problems.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 16th, 2010, 8:33 am

Hi, We're finally back up - disabled site for a day. Here are my logs.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-15 17:18:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 MB (0%) free of 110 GB
Total RAM: 959 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:08 PM, on 3/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Desktop\CKScanner.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [zNWTP9zg1X] C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7825 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-04-19 271936]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-13 2059544]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"zNWTP9zg1X"=C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-17 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
C:\PROGRA~1\Pinnacle\INSTAN~1\SHARED~1\Pixie\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AAATC-KDOZV-GBILA-KRVCA []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
VTAgentReboot.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoFileAssociate"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe"="C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe:*:Enabled:ACDSee 7.0 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE"="C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9a03d5b-569c-11dd-95fc-000c6e7413b9}]
shell\AutoRun\command - G:\setupSNK.exe


======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 months======

2010-03-15 17:18:34 ----DC---- C:\rsit
2010-03-13 16:52:38 ----D---- C:\Program Files\Cobian Backup 9
2010-03-13 12:15:59 ----D---- C:\Program Files\Cobian Backup 8
2010-03-13 09:06:11 ----N---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-10 22:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 18:29:47 ----N---- C:\WINDOWS\system32\uxtuneup.dll
2010-02-23 22:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-18 16:40:55 ----D---- C:\Program Files\Veetle

======List of files/folders modified in the last 1 months======

2099-09-19 14:30:21 ----D---- C:\WINDOWS\MSBN
2010-03-15 17:18:33 ----D---- C:\WINDOWS\Prefetch
2010-03-15 17:17:17 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-15 13:42:15 ----D---- C:\WINDOWS\Temp
2010-03-15 09:43:44 ----SD---- C:\WINDOWS\Tasks
2010-03-15 07:06:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 02:49:50 ----D---- C:\Program Files\Mozilla Firefox
2010-03-14 20:41:43 ----D---- C:\Program Files\eMule
2010-03-14 20:38:45 ----D---- C:\WINDOWS\system32
2010-03-14 20:38:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 16:52:44 ----D---- C:\WINDOWS
2010-03-13 16:52:38 ----AD---- C:\Program Files
2010-03-13 16:52:01 ----HD---- C:\Config.Msi
2010-03-13 09:07:15 ----D---- C:\WINDOWS\system32\drivers
2010-03-10 22:09:01 ----HD---- C:\WINDOWS\inf
2010-03-10 22:08:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 22:08:50 ----D---- C:\Program Files\Movie Maker
2010-03-10 22:07:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 22:01:49 ----SHD---- C:\WINDOWS\Installer
2010-03-09 18:30:06 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-03-09 01:00:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 04:28:10 ----RD---- C:\WINDOWS\Web
2010-03-07 21:04:37 ----N---- C:\a.txt
2010-03-06 00:11:43 ----N---- C:\WINDOWS\NeroDigital.ini
2010-03-02 18:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\GenuTax
2010-03-02 01:30:12 ----N---- C:\WINDOWS\system32\MRT.exe
2010-02-27 17:25:46 ----C---- C:\WINDOWS\control.ini
2010-02-27 16:37:56 ----N---- C:\WINDOWS\solfire5.ini
2010-02-27 16:37:56 ----D---- C:\solfire
2010-02-25 06:22:28 ----N---- C:\WINDOWS\system32\TURegOpt.exe
2010-02-23 22:00:47 ----N---- C:\WINDOWS\imsins.BAK
2010-02-20 04:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2010-02-19 09:26:22 ----D---- C:\Program Files\rMalwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-13 242696]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2005-07-08 28672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-09 2560]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2005-11-05 18816]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-03-05 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-12-01 39488]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2005-07-08 99584]
S1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2004-07-19 52720]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-06 1181328]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-09 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-03-15 17:19:18

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
602PC SUITE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DFC4B13-4489-4A59-AF95-12628A86FA76}\Setup.exe" -l0x9 -UNINSTALL -UNINSTALL
ACD Media Support Package 1.0-->MsiExec.exe /X{C531F248-1EC0-4C5D-A32C-A16672929B42}
ACDSee 7.0 PowerPack-->MsiExec.exe /I{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}
Acs PC Atlas Manual-->"C:\Pcatlas\manual\IsStub32.exe" -fC:\Pcatlas\manual\DeIsL1.isu -cC:\Pcatlas\manual\_ISREG32.DLL
ACS PC Atlas-->C:\WINDOWS\IsUninst.exe -fC:\PCATLAS\UninPCAt.isu
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.0 Limited Edition-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0 LE\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AtamA 2.1-->MsiExec.exe /I{4B2A1963-2253-4BFB-B606-ADE7BAABCEC5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Bejeweled Deluxe 1.861-->C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Big Kahuna Reef 2 - Chain Reaction-->"C:\Program Files\Big Kahuna Reef 2\ReflexiveArcade\unins000.exe"
Blackhawk Striker-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {95572122-186D-412B-9B5D-71C70BD51234}
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\357ECB62-CD36-4B63-B57E-769D0CA174F4\Uninstall.exe"
BlasterBall Wild from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\28BA89E7-2F60-4BE7-BAA2-7949EB3FE527\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BookWorm Deluxe 1.0y-->C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log
Bounce Out-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDEC8492-94F7-43E3-8C7C-29CA97B3CE95}\Setup.exe"
Burn4Free CD & DVD 1.1.5.0-->"C:\Program Files\Burn4Free\unins000.exe"
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
CodeBaby Player (Remove Only) 1.0.2.19-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.19.inf,DefaultUninstall,5
Collapse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75F66C39-B41E-11D5-B743-00D0B74C4519}\Setup.exe"
Collectorz.com Photo Collector-->C:\PROGRA~1\COLLEC~1.COM\PHOTOC~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\PHOTOC~1\INSTALL.LOG
Colour@Home II-->C:\WINDOWS\iun6002.exe "C:\Program Files\CILPaint\Colour@Home II\irunin.ini"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dark Orbit from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7841B68B-B7DD-408E-8B45-D5CA39608185\Uninstall.exe"
DFX for MUSICMATCH-->C:\PROGRA~1\DFX\MUSICM~1\UNWISE.EXE C:\PROGRA~1\DFX\MUSICM~1\INSTALL.LOG
Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\63272979-21F0-48EF-9B97-A83DBC05BE39\Uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Copy Plus-->MsiExec.exe /I{2E661193-B28F-4D59-A534-9E0D294B39F8}
DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"
DVD43 v3.6.2-->"C:\Program Files\dvd43\unins000.exe"
DVDx 2.0-->"C:\Program Files\DVDx\unins000.exe"
DVDXCopy Platinum 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
Dynomite Deluxe 2.71-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
Excavation from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DF479CEA-34C0-460F-9B56-93BCE4CD4086\Uninstall.exe"
GearDrivers-->rundll32.exe C:\WINDOWS\system32\UNINSTALL\UninstWDM.dll,UninstInitialize
GemMaster 3 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC\Uninstall.exe"
GenuTax Standard-->MsiExec.exe /I{EE587598-F063-424B-8DB5-621E8EB3E015}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hormonal Forecaster v 4.0-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hormonal Forecaster\ST6UNST.LOG"
Hormonal Forecaster v 5.2 (C:\Program Files\Hormonal Forecaster\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hormonal Forecaster\ST6UNST.001"
Hormonal Forecaster v 5.2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hormonal Forecaster\ST6UNST.000"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hoyle Card Games 5-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 5\Uninst.isu"
hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
HP Deskjet printer preloaded drivers-->MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Digital Imaging Album Printing 1.0-->MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}
HP Photo and Imaging 1.2 - Photosmart Cameras-->MsiExec.exe /X{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photosmart printers preloaded drivers-->MsiExec.exe /X{9E88DAA4-1352-4272-BA3A-897668408400}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HTML Slideshow Powertoy for Windows XP-->MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Image Uploader for PC-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nikon\Image Uploader for PC\Uninst.isu"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Janus 3 Demo All Modules-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\J3FDemo\ST5UNST.LOG"
Janus 3.0 Update 23 Apr 2003-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Janus\ST5UNST.LOG"
Jigsaw 2 Manual-->"C:\JigSaw2\JS2UserGuide\IsStub32.exe" -fC:\JigSaw2\JS2UserGuide\DeIsL1.isu -cC:\JigSaw2\JS2UserGuide\_ISREG32.DLL
JigSaw v2-->C:\WINDOWS\uninst.exe -fC:\JIGSAW\DeIsL1.isu -cC:\JIGSAW\_ISREG32.DLL
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware-->"C:\Program Files\rMalwarebytes' Anti-Malware\unins000.exe"
Match-Up!-->MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Carioca Rummy-->MsiExec.exe /I{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Internet Explorer Administration Kit 5-->rundll32 advpack.dll,LaunchINFSection ieak5.inf,IEAK.Uninstall
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801033}
Nimo Codecs Pack v4.4 (Remove Only)-->"C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Philips Device Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x9 -removeonly
Philips Device Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57F06897-6735-4B97-9DF3-DE8BC27879D4}\setup.exe" -l0x9 -removeonly
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RingMaster from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8c9c48d7-2d03-4a1f-a303-5bd22ccabae1\Uninstall.exe"
Roxio Backup MyPC-->MsiExec.exe /X{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SF5 Manual-->"C:\Solfire\SF5manual\IsStub32.exe" -fC:\Solfire\SF5manual\DeIsL1.isu -cC:\Solfire\SF5manual\_ISREG32.DLL
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShowBiz DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x9
Simple Backup for My Pictures-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Slingo Quest-->"C:\Program Files\Slingo Quest\ReflexiveArcade\unins000.exe"
Snowboard Extreme from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\753FE96B-D926-4B6C-BCFB-CC59153D004A\Uninstall.exe"
Solar Fire v5-->C:\WINDOWS\uninst.exe -fc:\solfire\DeIsL1.isu -cc:\solfire\_ISREG32.DLL
Solar Maps Manual-->"C:\Solfire\SolarMapsManual\IsStub32.exe" -fC:\Solfire\SolarMapsManual\DeIsL1.isu -cC:\Solfire\SolarMapsManual\_ISREG32.DLL
Space Rocks from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9FA01E11-9015-4140-B10A-5C6AA949B2FC\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 8-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL
Super Gem Drop-->C:\PROGRA~1\GAMEHO~1\GemDrop\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GemDrop\INSTALL.LOG
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
toolkit-->c:\Windows\HPTK\unhptkit.exe
Travelaxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}\setup.exe"
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Virtual Warfare from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4F0AE1FB-4082-4A27-8363-05D292D92FB0\Uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
WildTangent GameChannel (remove only)-->"C:\Program Files\WildTangent\Apps\uninstallgamechannel.exe"
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows XP Creativity Fun Packs - Windows XP Power Toys-->MsiExec.exe /X{485E6526-EA98-4F04-925A-67424D12E1E2}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Video Screensaver Powertoy-->C:\WINDOWS\System32\unins000.exe
Windows XP Winter Fun Pack for Windows Movie Maker 2-->MsiExec.exe /I{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}
WinPatrol-->MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Productivity Pack-->c:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WOW Love-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{831053E0-79D4-11D4-B1C4-0050BAAABBFD}\Setup.exe"
WOW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7EC08D3-419E-4568-B59A-82D652450D48}\Setup.exe"
XviD MPEG-4 video codec v2.1-->RunDLL32.exe advpack.dll,LaunchINFSection xvid.inf, UnInstall
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Zuma Deluxe! 1.0-->C:\WINDOWS\iun6002.exe "C:\Documents and Settings\Owner\Desktop\Downloads\irunin.ini"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26377
Source Name: DCOM
Time Written: 20100124222136.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26376
Source Name: DCOM
Time Written: 20100124210650.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{2509ABBC-871E-42E5-A27B-F7DA394B1897}

Record Number: 26375
Source Name: DCOM
Time Written: 20100124210638.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26374
Source Name: DCOM
Time Written: 20100124210612.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26373
Source Name: DCOM
Time Written: 20100124200019.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

=====Application event log=====

Computer Name: YOUR-O0KWKW9JWC
Event Code: 1001
Message: Fault bucket 1116954496.

Record Number: 3629
Source Name: Application Hang
Time Written: 20090602212347.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 1002
Message: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3628
Source Name: Application Hang
Time Written: 20090602212123.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 1002
Message: Hanging application emule.exe, version 0.49.1.27, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3622
Source Name: Application Hang
Time Written: 20090602115230.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 3003
Message:
Record Number: 3621
Source Name: WinDefendRtp
Time Written: 20090601223439.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 3619
Source Name: EventSystem
Time Written: 20090601223243.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCToolsDir"=C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\HP Pavilion PC Tools
"VERSION"=3.0.1
"SESSIONID"=1085197815365wuws07-l5eb489:fcc3ddb77d:173f
"COLLECTIONID"=COL5123
"ITEMID"=dj-17724-8
"UPDATEDIR"=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad2B9AB.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.1.1
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"602ALBUM_EXE"=C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
THank you again for looking Melboy.
Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 16th, 2010, 8:34 am

And here is the CKscanner log.



CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\owner\desktop\downloads\hormonal forecaster v4.0h 8 kb 6.02.06 crack keygen serial.zip
c:\documents and settings\owner\desktop\downloads\solar fire v5.1.2 with solar maps 3.07 cracked.zip
c:\documents and settings\owner\desktop\downloads\winrar v3.40 final crack-keygen win rar.zip
c:\documents and settings\owner\desktop\downloads\winzip v9.0 final crack-keygen win.zip
c:\documents and settings\owner\desktop\downloads\602 pro pc suite\602 pro pc lan suite multi keygen.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd 7.0 media support package 18b.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd media support package 1.0.msi
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd see 7 power pack serial.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems acdsee v7 key.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems acdsee v7.0.47 powerpack crack serial key.rar
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems ltd setup launcher setup exe acdsee 8 media support package.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee 7.0 licence code.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee 7.0 licence.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdseev7.0andacdseev7.0powerpackalllanguagespatchbidjan.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0.47powerpackkeygencore.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0powerpackcrackdigerati.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\lmclient.dll
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\serial-acd systems acdsee v7.0.47 powerpack serial number.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems acdsee v7.0.62 powerpack\acd systems acdsee v7.0.62 powerpack install.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems acdsee v7.0.62 powerpack\acd systems acdsee v7.0.62 powerpack install.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acd systems acdsee v7.0.62 powerpack\serials.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee 7.0 crack\acdsee 7.0 crack.rar
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee 7.0 crack\lmclient.dll
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl.rar
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\acdsee.7.universal_pl[www.amnezja.org].exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\acdseepowerpack.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\crack.rar
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\digerati.nfo
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\file_id.diz
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee powerpack v7.0 crack&serial pl\acdsee_powerpack_v7.0+crack&serial pl\serial.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee v7.0 build 47 crack keygen serial\vincere ai casin= online.htm
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee v7.0 build 47 crack keygen serial\win casino online secret.htm
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee v7.0 build 47 crack keygen serial\acdsee.v7.0.build.47_crk-fff\crack.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee cracks\acdsee v7.0 build 47 crack keygen serial\acdsee.v7.0.build.47_crk-fff\crack.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee 7.0.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee 7.doc
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdseepowerpack7.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\install note.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\lmclient.dll
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack\acdsee 7.0.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack\acdsee 7.doc
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack\acdseepowerpack7.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack\install note.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsee powerpack 7\acdsee v7.0 powerpack + crack\lmclient.dll
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdseev7.0andacdseev7.0powerpackalllanguagespatchbidjan\keygen.nfo
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdseev7.0andacdseev7.0powerpackalllanguagespatchbidjan\acdsee 7.0 & acdsee 7.0 powerpack - all languages\acdsee 7.0 & acdsee 7.0 powerpack - all languages.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0.47powerpackkeygencore\core.nfo
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0.47powerpackkeygencore\file_id.diz
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0.47powerpackkeygencore\keygen.exe
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\acdsystemsacdseev7.0.47powerpackkeygencore\keygen.nfo
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\new 8.0\acd systems acdsee 8.0 keygen.zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\new 8.0\acdsee 8.0 (serial for instal full serial acd product activation).txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\new 8.0\acd systems acdsee 8.0 keygen\vb2.dll
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\unused\2 seriale acd see 7.0 powerpack.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\unused\acd systems acdsee v7.0.43 key.txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\unused\acd systems acdsee v7.0.62 powerpack with working serials (activation works).zip
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\unused\acdsee 8.0 (serial for instal full serial acd product activation)(3).txt
c:\documents and settings\owner\desktop\downloads\acdsee 7.0.61 powerpack crack\unused\acdsee 8.0 (serial for instal full serial acd product activation).txt
c:\documents and settings\owner\desktop\downloads\adope photoshop album\2 adobe photoshop album 2.0 keygen.rar
c:\documents and settings\owner\desktop\downloads\astrology for lovers3\keygen.nfo
c:\documents and settings\owner\desktop\downloads\astrology for lovers3\wow astrology for lovers crack keygen 2.0(by chary).zip
c:\documents and settings\owner\desktop\downloads\astroworld\astroworld 2001 prime edition 6.2.0.2 english cracked-tsrh.zip
c:\documents and settings\owner\desktop\downloads\bejeweled 1.6\zone!(astropop-bejeweled-hexic-mahjong-mozaki-roketmania-zuma-alchemy-atomica-chainz-cubix-pixelus)all deluxe withcrackorserial.rar
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad.rar
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional homeopathic software - full specification.htm
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional repertory software screen shots.htm
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional software for homeopaths.htm
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara.txt
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\caraprodemo.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara_professional_v1[1].4_r2.zip
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\complete repertory for cara homeopathic software.htm
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\coughs n colds -c20oct01.zip
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\kentlectures.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\liltherap.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\litestdmanual.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\murphysglands.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\phatakmm.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\promanual.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\protrialguideweb.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\setup14r2.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\soul.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\synoptic1.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\synoptic2.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\thematic.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional homeopathic software - full specification_files\miccant.css
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional repertory software screen shots_files\miccant.css
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara professional software for homeopaths_files\miccant.css
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara_professional_v1[1].4_r2\cara 1.4 keygen.exe
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\cara_professional_v1[1].4_r2\crack.nfo
c:\documents and settings\owner\desktop\downloads\cara\cara pro homöopathie homoeopathie homeopathy complete keygen plus-updates - jamad\cara pro\complete repertory for cara homeopathic software_files\miccant.css
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (crackpatch for all modules - works).rar
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (wmp musicmatch crack).rar
c:\documents and settings\owner\desktop\downloads\dfx music\dfx v7.010 for musicmatch jukebox keygen.zip
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (crackpatch for all modules - works)\bm-dfx7.exe
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (crackpatch for all modules - works)\dfx7.nfo
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (wmp musicmatch crack)\dfx 7.0 (crackpatch for all modules - works).rar
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (wmp musicmatch crack)\dfx 7.0 (crackpatch for all modules - works)\bm-dfx7.exe
c:\documents and settings\owner\desktop\downloads\dfx music\dfx 7.0 (wmp musicmatch crack)\dfx 7.0 (crackpatch for all modules - works)\dfx7.nfo
c:\documents and settings\owner\desktop\downloads\dfx music\dfx v7.010 for musicmatch jukebox keygen\dfx v7.010 for musicmatch jukebox_keygen.exe
c:\documents and settings\owner\desktop\downloads\gamehousebigkahunareef2chainreactionserialbalcrnepal\keygen.nfo
c:\documents and settings\owner\desktop\downloads\homeo cara\homeo cara pro_homeopathy_complete_keygen_plus-updates.zip
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional homeopathic software - full specification.htm
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional repertory software screen shots.htm
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional software for homeopaths.htm
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara.txt
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara_professional_v1[1].4_r2.zip
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\complete repertory for cara homeopathic software.htm
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\coughs n colds -c20oct01.zip
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional homeopathic software - full specification_files\miccant.css
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional homeopathic software - full specification_files\thumbs.db
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional repertory software screen shots_files\miccant.css
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\cara professional software for homeopaths_files\miccant.css
c:\documents and settings\owner\desktop\downloads\homeo cara\cara pro_homeopathy_complete_keygen_plus-updates\complete repertory for cara homeopathic software_files\miccant.css
c:\documents and settings\owner\desktop\downloads\hormonal forecaster\hormonalforecasterv4.0fdedicatedtombencserialphell\keygen.nfo
c:\documents and settings\owner\desktop\downloads\janus\(astrology janus v3.0 upgrade 23.04.03 crack only).zip
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack.exe
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\astrology.janus.v3.0.upgrade.23.04.03-crack.only.zip
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\draft gol marketing strategy - march 24-2003.doc
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\instructions.txt
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\j30ud230403.exe
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\j3fdallmodules.exe
c:\documents and settings\owner\desktop\downloads\janus\janus astrology software with update 2003 and crack\leer antes de instalar nada.txt
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\astrology.janus.v3.0.upgrade.23.04.03-crack.only.zip
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\csc.nfo
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\file_id.diz
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\ident.dat
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\instructions.txt
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\j30ud230403.exe
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\j3fdallmodules.exe
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\keygen.nfo
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\leer antes de instalar nada.txt
c:\documents and settings\owner\desktop\downloads\janus\janus software and crack old\tsrh.nfo
c:\documents and settings\owner\desktop\downloads\luxor game\luxor 1.0 crack.exe
c:\documents and settings\owner\desktop\downloads\new folder (johann)\x software video vault v3.0.0.0180 winall cracked-kinetic.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\(astrology - astrologie) - janus astrology software with update 2003 crack.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\(astrology - astrologie) solar fire addon - solar maps 3.0.7 cracked by jan.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\astrology-canopus astrologia 2003 crack only.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\astrology-canopus astrologia 2003 crack only.zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\astroworld 2001 prime edition 6.2.0.2 english cracked-tsrh.zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\crack musicmatch jukebox plus v8.2.00081.zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\homeo cara pro homeopathy complete keygen plus-updates.zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\kepler 7.0 pro only cracked-tsrh.zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\musicmatch jukebox plus v8.2 with serial and crack.exe
c:\documents and settings\owner\desktop\downloads\new folder rachel\solar fire addon - solar maps 3.0.7 cracked by jan.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\winzip 9.0 keygen.rar
c:\documents and settings\owner\desktop\downloads\new folder rachel\wow astrology for lovers crack keygen 2.0(by chary).zip
c:\documents and settings\owner\desktop\downloads\new folder rachel\astroworld 2001 prime edition 6.2.0.2 english cracked-tsrh\astroworld60eng.exe
c:\documents and settings\owner\desktop\downloads\new folder rachel\world of wisdom 3.5 - astrocalendar 1.1(astrology - program)\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh.zip
c:\documents and settings\owner\desktop\downloads\new janus\astrology.janus.v3.0.upgrade.23.04.03-crack.only.zip
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack.exe
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack\astrology.janus.v3.0.upgrade.23.04.03-crack.only.zip
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack\instructions.txt
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack\j30ud230403.exe
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack\j3fdallmodules.exe
c:\documents and settings\owner\desktop\downloads\new janus\janus astrology software with update 2003 and crack\leer antes de instalar nada.txt
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack (1).exe
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack\astrology.janus.v3.0.upgrade.23.04.03-crack.only.zip
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack\instructions.txt
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack\j30ud230403.exe
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack\j3fdallmodules.exe
c:\documents and settings\owner\desktop\downloads\new janus 2\janus astrology software with update 2003 and crack\leer antes de instalar nada.txt
c:\documents and settings\owner\desktop\downloads\reflexive games - big kahuna reef 2 keygen(tested & works)\bigkahunareef2setup.exe
c:\documents and settings\owner\desktop\downloads\reflexive games - big kahuna reef 2 keygen(tested & works)\reflexive games - big kahuna reef 2 keygen(tested & works).rar
c:\documents and settings\owner\desktop\downloads\reflexive games - big kahuna reef 2 keygen(tested & works)\reflexive keygen.exe
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked.rar
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan.rar
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan\etvfy32.dll
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan\readme.txt
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan\sm3.iso
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan\sm307.exe
c:\documents and settings\owner\desktop\downloads\solar fire 5.12\solar fire v5.1.2 with solar maps 3.07 cracked\solar fire addon - solar maps 3.0.7_cracked by jan\sm3chng.rtf
c:\documents and settings\owner\desktop\downloads\solar fire deluxe 6\solar fire 6.0.21 keyfiletsrh\keygen.nfo
c:\documents and settings\owner\desktop\downloads\solar fire deluxe 6\solar fire deluxe 6.0.24\solar fire deluxe 6.0.24\crack\instructions.txt
c:\documents and settings\owner\desktop\downloads\solar fire deluxe 6\solar fire deluxe 6.0.24\solar fire deluxe 6.0.24\crack\solfire.usr
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen.zip
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter 2000 keygen.zip
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen\cr-hi200.zip
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen\horoscopeinterp32.exe
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen\cr-hi200\core.nfo
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen\cr-hi200\cr-hi200.exe
c:\documents and settings\owner\desktop\downloads\wow interpreter\wow horoscope interpreter -includes working keygen\cr-hi200\file_id.diz
c:\documents and settings\owner\favorites\software updates\! keygen.us ! cracks, serial numbers, keygens. unlock your software..url
c:\documents and settings\owner\favorites\software updates\bestcracks - cracks, serial numbers, keygens, patches, warez, games, software crack, crackz. www.crackway.com.url
c:\documents and settings\owner\my documents\downloaded stuff misc\crack.exe
c:\documents and settings\owner\my documents\downloaded stuff misc\keygen.nfo
c:\documents and settings\owner\my documents\downloaded stuff misc\musicmatch jukebox plus v8.2 crack keygen.exe
c:\documents and settings\owner\my documents\downloaded stuff misc\popcap zuma deluxe! v1.0 (crack).exe
c:\documents and settings\owner\my documents\downloaded stuff misc\bookworm deluxe with keygen\winbwsetup-yahoo.exe
c:\documents and settings\owner\my documents\downloaded stuff misc\roxio cd creator\roxio easy media creator 7 crack + serial (1).rar
c:\documents and settings\owner\my documents\downloaded stuff misc\roxio cd creator\roxio easy media creator 7.5 keygen.exe
c:\documents and settings\owner\my documents\my music\adobe photoshop 9 cs2 - english crack.rar
c:\documents and settings\owner\my documents\my music\astrology - solar fire 6 0 29 solar maps 3 0 12 - cracked.exe
c:\documents and settings\owner\my documents\my music\tuneup utilities 2010 keygen.rar
c:\documents and settings\owner\my documents\my music\my shared folder\janus astrology software with update 2003 and crack.exe
c:\documents and settings\owner\my documents\my music\my shared folder\roxio easy media creator 7 keygen + cracks only new!!!.exe
c:\documents and settings\owner\my documents\my music\my shared folder\solar.fire.5.1.2.crack-tsrh.exe
c:\program files\emule\incoming\adobe photoshop 9 cs2 - english crack.rar
c:\program files\emule\incoming\astro - astroworld 50 (lpnz) castellano aleman atlas manual crack.rar
c:\program files\emule\incoming\astrology - solar fire 6 0 29 solar maps 3 0 12 - cracked.exe
c:\program files\emule\incoming\dvdxstudio v1.0 winall incl keygen-virility.rar
c:\program files\emule\incoming\janus 3.0 professional astrology full crack.zip
c:\program files\emule\incoming\tuneup utilities 2010 keygen.rar
c:\program files\emule\incoming\all (15) popcap games with keygens 2004.05.04 (alchemy astropop atomica bejeweled big money bookworm dynomite mummy maze ningpo mahjong noah\bejeweled.deluxe.1.861.windows.setup.exe
c:\program files\emule\incoming\all (15) popcap games with keygens 2004.05.04 (alchemy astropop atomica bejeweled big money bookworm dynomite mummy maze ningpo mahjong noah\ningpo.mahjong.deluxe.1.04.windows.setup.exe
c:\program files\emule\incoming\all (15) popcap games with keygens 2004.05.04 (alchemy astropop atomica bejeweled big money bookworm dynomite mummy maze ningpo mahjong noah\seven.seas.deluxe.1.13.windows.setup.exe
c:\program files\emule\incoming\counterspy crack\counterspy crack.txt
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_boinc.bakerlab.org_rosetta.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_burp.boinc.dk.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_einstein.phys.uwm.edu.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_www.climateprediction.net.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_www.primegrid.com.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\account_www.ufluids.net.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\client_state.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\client_state_prev.xml
c:\program files\emule\incoming\microsoft windows live onecare keygen\do_fp
c:\program files\emule\incoming\microsoft windows live onecare keygen\gui_rpc_auth.cfg
c:\program files\emule\incoming\microsoft windows live onecare keygen\libcurl.dll
c:\program files\emule\incoming\microsoft windows live onecare keygen\libeay32.dll
c:\program files\emule\incoming\microsoft windows live onecare keygen\run.bat
c:\program files\emule\incoming\microsoft windows live onecare keygen\ssleay32.dll
c:\program files\emule\incoming\microsoft windows live onecare keygen\sysupd.exe
c:\program files\emule\incoming\microsoft windows live onecare keygen\upd.reg
c:\program files\emule\incoming\microsoft windows live onecare keygen\zlib1.dll
c:\program files\emule\incoming\serial keygen crack generator windows live onecare\serial.keygen.crack.generator.windows live onecare\pour preuve mon relevé de compte paypal.htm
c:\program files\emule\incoming\serial keygen crack generator windows live onecare\serial.keygen.crack.generator.windows live onecare\soldi - come arricchirsi con internet senza sito e guadagnare tanto denaro!!.doc
c:\program files\gamehouse\jewel quest\audio\st_win3_crackle.ogg
c:\program files\hormonal forecaster\icons\cracker.ico
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
c:\program files\popcap games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\popcap games\bejeweled deluxe\sounds\firecrackle.ogg
c:\unzipped\astrology.janus.v3.0.upgrade.23.04.03-crack.only\ident.dat
c:\unzipped\astrology.janus.v3.0.upgrade.23.04.03-crack.only\instructions.txt
c:\unzipped\bejeweled2 crack - popcap[1] bejeweled 2 deluxe v1.0 cracked-explosion(1)\readme.html
c:\unzipped\bejeweled2 crack - popcap[1] bejeweled 2 deluxe v1.0 cracked-explosion(1)\popcap.bejeweled.2.deluxe.v1.0.cracked-explosion\explosion.nfo
c:\unzipped\bejeweled2 crack - popcap[1] bejeweled 2 deluxe v1.0 cracked-explosion(1)\popcap.bejeweled.2.deluxe.v1.0.cracked-explosion\file_id.diz
c:\unzipped\bejeweled2 crack - popcap[1] bejeweled 2 deluxe v1.0 cracked-explosion(1)\popcap.bejeweled.2.deluxe.v1.0.cracked-explosion\winbej2.exe
c:\unzipped\crack popcap games - astropop deluxe 1.0\winap.exe
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus-1.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus-1.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus-2.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus-2.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus0.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus0.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus1.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus1.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus10.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus10.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus11.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus11.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus12.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus12.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus13.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus13.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus14.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus14.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus15.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus15.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus16.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus16.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus17.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus17.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus18.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus18.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus19.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus19.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus2.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus2.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus20.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus20.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus21.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus21.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus22.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus22.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus23.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus23.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus24.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus24.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus25.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus25.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus26.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus26.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus27.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus27.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus28.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus28.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus29.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus29.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus3.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus3.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus30.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus30.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus4.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus4.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus5.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus5.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus6.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus6.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus7.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus7.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus8.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus8.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus9.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\bonus9.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\demo.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\descriptor.xcf
c:\unzipped\crack popcap games - astropop deluxe 1.0\data\descriptor.xcf.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\properties\partner.xml
c:\unzipped\crack popcap games - astropop deluxe 1.0\properties\partner.xml.sig
c:\unzipped\crack popcap games - astropop deluxe 1.0\properties\resources.xml
c:\unzipped\crack popcap games - bejeweled 2 deluxe 1.0\winbej2.exe
c:\unzipped\crack popcap games - insaniquarium deluxe 1.0\insaniquariumdeluxe.exe
c:\unzipped\crack popcap games - insaniquarium deluxe 1.0\properties\partner.xml
c:\unzipped\crack popcap games - insaniquarium deluxe 1.0\properties\partner.xml.sig
c:\unzipped\crack popcap games - pixelus deluxe 1.0\pixelus.exe
c:\unzipped\popcap bejeweled deluxe 2 1.0 crack\bejeweled 2 install.exe
c:\unzipped\popcap bejeweled deluxe 2 1.0 crack\crack.txt
c:\unzipped\popcap bejeweled deluxe 2 1.0 crack\partner.xml
c:\unzipped\popcap bejeweled deluxe 2 1.0 crack\partner.xml.sig
c:\unzipped\popcap bejeweled deluxe 2 1.0 crack\winbej2.exe
c:\unzipped\popcap games (astropop bejeweled 2 dynomite insaniquarium pixelus zuma)\crack popcap games - astropop deluxe 1.0.zip
c:\unzipped\popcap games (astropop bejeweled 2 dynomite insaniquarium pixelus zuma)\crack popcap games - bejeweled 2 deluxe 1.0.zip
c:\unzipped\popcap games (astropop bejeweled 2 dynomite insaniquarium pixelus zuma)\crack popcap games - insaniquarium deluxe 1.0.zip
c:\unzipped\popcap games (astropop bejeweled 2 dynomite insaniquarium pixelus zuma)\crack popcap games - pixelus deluxe 1.0.zip
c:\unzipped\popcap games (astropop bejeweled 2 dynomite insaniquarium pixelus zuma)\crack popcap games - zuma deluxe 1.0.exe
c:\unzipped\wintipper2002v3.1.1eminence\keygen.nfo
c:\unzipped\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh\file_id.diz
c:\unzipped\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh\tsrh.nfo
c:\unzipped\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh.exe
c:\unzipped\world.of.wisdom.3.5.-.astrocalendar.1.1.crack-tsrh\wowrg.bin
scanner sequence 3.ZZ.11
----- EOF -----
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 16th, 2010, 1:48 pm

Cracks / Keygens / Warez

Illegal software detected!


Your log indicates the presence and usage of one or more of the above. This is one surefire way to infect your computer. Visiting crack sites/warez sites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware. In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.
The distribution and use of cracked copies of software is illegal in almost every developed country.

Please read the Forum Guidelines.
The use of "cracked" files is theft clear and simple.

This forum does not support the use of stolen software, nor will it "aid and abet" in its use. If your helper detects the presence of cracked software on your computer, you will be asked to remove it at once.

Failure to do so will result in the closure of your topic.

If you remove the cracked software in order to be helped, and at some future time return seeking help and are found to have more cracked software on your computer, you will be denied help, and details of your computer may be forwarded to the appropriate authorities.

The software will have to be removed before we can continue. Be aware that the tools we use can and will detect such software. If there are more such new findings after this, the topic will also be closed.

Please post back to confirm the removal of the illegal items.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 16th, 2010, 9:59 pm

Wow, there was a lot of garbage on here. I've done a lot of deleting. Here are the new logs.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-16 21:52:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (12%) free of 110 GB
Total RAM: 959 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:15 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
C:\Documents and Settings\Owner\Desktop\CKScanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [zNWTP9zg1X] C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7755 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-04-19 271936]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-13 2059544]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"zNWTP9zg1X"=C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-17 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
C:\PROGRA~1\Pinnacle\INSTAN~1\SHARED~1\Pixie\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AAATC-KDOZV-GBILA-KRVCA []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
VTAgentReboot.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoFileAssociate"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe"="C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe:*:Enabled:ACDSee 7.0 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE"="C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9a03d5b-569c-11dd-95fc-000c6e7413b9}]
shell\AutoRun\command - G:\setupSNK.exe


======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 months======

2010-03-15 17:18:34 ----DC---- C:\rsit
2010-03-13 16:52:38 ----D---- C:\Program Files\Cobian Backup 9
2010-03-13 12:15:59 ----D---- C:\Program Files\Cobian Backup 8
2010-03-13 09:06:11 ----N---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-10 22:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 18:29:47 ----N---- C:\WINDOWS\system32\uxtuneup.dll
2010-02-23 22:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-18 16:40:55 ----D---- C:\Program Files\Veetle

======List of files/folders modified in the last 1 months======

2099-09-19 14:30:21 ----D---- C:\WINDOWS\MSBN
2010-03-16 21:52:13 ----D---- C:\Program Files\Mozilla Firefox
2010-03-16 21:50:16 ----D---- C:\Program Files\GameHouse
2010-03-16 21:17:40 ----D---- C:\WINDOWS\Prefetch
2010-03-16 20:36:10 ----D---- C:\Program Files\PopCap Games
2010-03-16 20:34:32 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-16 20:33:20 ----D---- C:\WINDOWS\Temp
2010-03-16 17:26:25 ----A---- C:\a.txt
2010-03-16 17:05:47 ----D---- C:\Program Files\Hormonal Forecaster
2010-03-15 09:43:44 ----SD---- C:\WINDOWS\Tasks
2010-03-15 07:06:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-14 20:41:43 ----D---- C:\Program Files\eMule
2010-03-14 20:38:45 ----D---- C:\WINDOWS\system32
2010-03-14 20:38:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 16:52:44 ----D---- C:\WINDOWS
2010-03-13 16:52:38 ----AD---- C:\Program Files
2010-03-13 16:52:01 ----HD---- C:\Config.Msi
2010-03-13 09:07:15 ----D---- C:\WINDOWS\system32\drivers
2010-03-10 22:09:01 ----HD---- C:\WINDOWS\inf
2010-03-10 22:08:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-10 22:08:50 ----D---- C:\Program Files\Movie Maker
2010-03-10 22:07:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 22:01:49 ----SHD---- C:\WINDOWS\Installer
2010-03-09 18:30:06 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-03-09 01:00:11 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 04:28:10 ----RD---- C:\WINDOWS\Web
2010-03-06 00:11:43 ----N---- C:\WINDOWS\NeroDigital.ini
2010-03-02 18:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\GenuTax
2010-03-02 01:30:12 ----N---- C:\WINDOWS\system32\MRT.exe
2010-02-27 17:25:46 ----C---- C:\WINDOWS\control.ini
2010-02-27 16:37:56 ----N---- C:\WINDOWS\solfire5.ini
2010-02-27 16:37:56 ----D---- C:\solfire
2010-02-25 06:22:28 ----N---- C:\WINDOWS\system32\TURegOpt.exe
2010-02-23 22:00:47 ----N---- C:\WINDOWS\imsins.BAK
2010-02-20 04:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2010-02-19 09:26:22 ----D---- C:\Program Files\rMalwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-13 242696]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2005-07-08 28672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-09 2560]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2005-11-05 18816]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-03-05 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-12-01 39488]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2005-07-08 99584]
S1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2004-07-19 52720]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-06 1181328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-09 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
scanner sequence 3.AA.11
----- EOF -----

The RSIT program didn't bring up the info file in notepad this time. I"m not sure how else to bring it up. Maybe it doesn't need to this time?

What's also odd is that I did a search of the PC on Saturday looking for notepad to turn off the word wrap and the PC couldn't find it. But I see this log was in notepad.

ANyway, thanks again for looking into this.
Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 17th, 2010, 9:31 am

Hi Rachel

Do you know what the following file is?

C:\a.txt


We need to temporarily disable WinPatrol so it doesn't interfere with our fixes.

Disable WinPatrol
  • Locate the WinPatrol Image icon in the system tray and right-click it and select Options...
  • In the list near the bottom of the window, uncheck Automatically run WinPatrol when computer starts.
  • Close WinPatrol Window
  • Right-click Image in System Tray and select Exit Program



Fix HijackThis entries
  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
      O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
      O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
      O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
      O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
      O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
      O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
      O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Policies\Explorer\Run: [zNWTP9zg1X] C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

REBOOT



SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :dir
    C:\WINDOWS\MSBN /sub
    C:\Documents and Settings\All Users\Application Data\uxwnajwj /sub

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



In your next reply:
  1. MBAM log
  2. SystemLook.txt
  3. A fresh HijackThis log (Do a system scan and save a log file) and a description of how the computer is running now.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 17th, 2010, 5:13 pm

Thanks again for sticking with me, Melboy. I know with the time difference this may feel slow to you. I appreciate your time and knowledge.

Here are the results of these tests.


Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 2535148 bytes

User: NetworkService
->Temp folder emptied: 1281976 bytes
->Temporary Internet Files folder emptied: 74966193 bytes

User: Owner
->Temp folder emptied: 283753188 bytes
->Temporary Internet Files folder emptied: 18080790 bytes
->Java cache emptied: 10369236 bytes
->FireFox cache emptied: 173019858 bytes
->Flash cache emptied: 2916475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
%systemroot%\System32\dllcache .tmp files removed: 33792 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66756 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23935390 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35210 bytes

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:59 on 17/03/2010 by Owner (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\MSBN - Parameters: "/sub"

---Files---
Framd.exe -----c 178536 bytes [07:13 20/02/2003] [07:13 20/02/2003]
INFCACHE.1 -----c 4376 bytes [06:19 10/04/2003] [18:30 19/09/2099]
MN-510_HP.cat -----c 8488 bytes [07:40 20/02/2003] [07:40 20/02/2003]
MN-510_HP.inf -----c 11568 bytes [10:16 06/02/2003] [10:16 06/02/2003]
MN-510_HP.PNF -----c 17656 bytes [06:19 10/04/2003] [18:30 19/09/2099]
MSBN.Exe -----c 65536 bytes [07:13 20/02/2003] [07:13 20/02/2003]
MSBN.ini -----c 35 bytes [07:34 20/02/2003] [07:34 20/02/2003]
MSBN.msi -----c 4158976 bytes [07:34 20/02/2003] [07:34 20/02/2003]
MSBNRes.dll -----c 2015232 bytes [07:34 20/02/2003] [07:34 20/02/2003]
MSBN_CoInst_HP.dll -----c 53248 bytes [10:19 06/02/2003] [10:19 06/02/2003]
setup.exe -----c 65536 bytes [03:12 23/02/2003] [03:12 23/02/2003]
_setup.exe -----c 131072 bytes [07:34 20/02/2003] [07:34 20/02/2003]

C:\WINDOWS\MSBN\Drivers d----- [06:14 10/04/2003]
MSWUSB51.sys -----c 51712 bytes [12:41 15/07/2002] [12:41 15/07/2002]

C:\Documents and Settings\All Users\Application Data\uxwnajwj - Parameters: "/sub"

---Files---
None found.

No folders found.

-=End Of File=-

I'll put the MBAM results separately in case it does reboot and I lose the OldTime log.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 17th, 2010, 6:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:33 PM, on 3/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\rMalwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7199 bytes



Here's the MBAM log.

Malwarebytes' Anti-Malware 1.44
Database version: 3878
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/17/2010 6:09:15 PM
mbam-log-2010-03-17 (18-09-15).txt

Scan type: Quick Scan
Objects scanned: 123221
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I checked that file in C: and it's a list of titles from a program that I opened yesterday. I didn't ask for it knowingly but I don't know the program well.

Computer behaviour: The first time I tried to run MBAM, it froze on me. I tried to use CNTL-ALT_DEL to close the program but it would not close. So I decided to shut down the computer and it was hanging on the "shutting down windows" blue page for 10 minutes before I finally used the PC's off switch to close it down. So there's still something off about this program. I will try the AVG scan later and report on that too.

Anyway, I hope this gives you the full picture, Melboy. What does it tell you? Is the PC virus-free from what you see?
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 17th, 2010, 9:57 pm

Ok, Melboy, I can now tell you that the AVG Anti-virus scanned the PC and yet it still says that it hasn't been used to scan since December 18, 2009. So I'm still wondering if it has been affected along with MBAM by something instructing them not to work properly. I haven't used the PC much since all the deleting and sending you reporting tool logs so I haven't noticed anything else to tell you about its behaviour.

Thank you and have a good day, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 18th, 2010, 1:43 pm

Hi Rachel


Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


In your next reply:
  1. GMER log
  2. Eset Online Scanner log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 19th, 2010, 10:00 am

Hi Melboy,

There is definitely a problem. The computer cannot finish the GMER scan. I've had a few blue screen errors where it shuts down the PC in the middle of the scan, and a number of times where the program froze and whole PC was frozen as a result (I tried the Contrl=Alt-dEL to see if it was working and it froze too), one where GMER said not responding and the other times it just wouldn't respond and I couldn't even do a re-start. I had to press the Off button.

Please advise.
Thank you, Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 19th, 2010, 1:04 pm

Hi Rachel

Ok, no problem - we'll try RootRepeal if you're having trouble with GMER.



RootRepeal
Download RootRepeal.zip from here & unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
      Drivers
      Files
      Processes
      SSDT
      Stealth Objects
      Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File then Exit to close the program


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



In your next reply:
  1. RootRepeal.txt
  2. Eset Online Scanner log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware