Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anti-virus scan problems - AVG, Malware bytes Anti-malware,

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 21st, 2010, 4:37 pm

Hi leostar

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 21st, 2010, 7:56 pm

Hi Melboy,

Sorry for the delay, I've been at a weekend course and trying to run the suggested Rootrepeal in the evening and early morning. Unfortunately I can't get it to work either. I'm only coming across problems. It says "initializing, please .." and then it brings up a window saying there isn't enough virtual memory and freezes the whole PC. I have to use reboot at that point because it can't be closed and nothing else works. I don't know how to make more virtual memory. I've recently run scan disk to fix any errors, defragged etc. but it hasn't helped any. I have 15 GB free space so I don't understand this problem; I've opened only it at one time so it's not like other applications are using memory.

What can you advise, please?
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 22nd, 2010, 1:22 pm

Hi Rachel

See if you can run the online scan. (don't forget to temporarily disable AVG). Then re-run RSIT for me. (Take note of the slightly different instructions for running it).

Let me know if you have any problems with any of the steps.




ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!




RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click Start > Run
  • Copy/paste the following into the run box & click OK
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply


In your next reply:
  1. Eset Online Scanner log
  2. RSIT log.txt
  3. RSIT info.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 23rd, 2010, 8:10 am

Good morning Melboy,
Here is the ESET Scanner log. It appears to show 8 threats. I don't know if they really are threats. For example, Wild Tangent games came on the computer at its origin. So perhaps these are false positives or maybe something attached itself to Spybot. I'll leave that to you to determine. It certainly looks like the PC is full of viruses. That would explain its problems.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent19.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Owner\Desktop\downloads\New Folder (Johann)\Xvid Mpeg-4 Video Codec V 2.1 (Xvid Divx Dx50)(3)(2).exe probably a variant of Win32/StartPage trojan
C:\Documents and Settings\Owner\Desktop\downloads\Slingo\SlingoQuestSetup.exe a variant of Win32/FenomenGame application
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{520682BF-0796-481A-AAB4-4E13F899C96E}\Microsoft\Outlook Express\Inbox.dbx Win32/AutoRun.FakeAlert.P worm
C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2.exe a variant of Win32/ReflexiveArcade application
C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2.exe.backup a variant of Win32/ReflexiveArcade application
C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe a variant of Win32/ReflexiveArcade application
C:\Program Files\Slingo Quest\SlingoQuest.exe a variant of Win32/ReflexiveArcade application

I'll do the RSIT next.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 23rd, 2010, 8:15 am

RSIT ? I've just realized that the run box does not appear before continue. I click on it the icon on my desktop, I click on Run to start and the next screen is the continue option and then it gives the log results in seconds. Where do I insert the command you've given me to copy?
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 23rd, 2010, 4:28 pm

Hi Rachel

Did you rename this yourself?

C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe

Some of these games whilst not being malicious themselves do install adware along with the game. You need to be careful what you are downloading, where you download them from and read the EULA for what you are agreeing too.



Check a file
  • Go to VirusTotal or Jotti's
    C:\Documents and Settings\Owner\Desktop\downloads\New Folder (Johann)\Xvid Mpeg-4 Video Codec V 2.1 (Xvid Divx Dx50)(3)(2).exe
  • Copy/Paste the path and filename above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.




    RSIT (Random's System Information Tool)

    • Ensure rsit.exe is on your desktop
    • Click on start > Run

      Image

    • Copy/paste the following into the run box & click OK
      "%userprofile%\desktop\rsit.exe" /info

      Image

    • Click Continue at the disclaimer screen
    • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
    • Copy & paste the contents of both logs in your next reply



In your next reply:
  1. RSIT log.txt
  2. RSIT info.txt
  3. VirusTotal/Jotti results.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 23rd, 2010, 4:55 pm

Also I've only got the log.txt results. THere is no other scan.

Here's what it shows anyway.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-23 08:16:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (15%) free of 110 GB
Total RAM: 959 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:43 AM, on 3/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7382 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-13 2059544]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
C:\PROGRA~1\Pinnacle\INSTAN~1\SHARED~1\Pixie\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AAATC-KDOZV-GBILA-KRVCA []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
VTAgentReboot.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoFileAssociate"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe"="C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe:*:Enabled:ACDSee 7.0 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 months======

2010-03-22 17:35:03 ----D---- C:\Program Files\ESET
2010-03-15 17:18:34 ----DC---- C:\rsit
2010-03-13 16:52:38 ----D---- C:\Program Files\Cobian Backup 9
2010-03-13 12:15:59 ----D---- C:\Program Files\Cobian Backup 8
2010-03-13 09:06:11 ----N---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-10 22:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 18:29:47 ----N---- C:\WINDOWS\system32\uxtuneup.dll

======List of files/folders modified in the last 1 months======

2099-09-19 14:30:21 ----D---- C:\WINDOWS\MSBN
2010-03-23 08:12:15 ----D---- C:\WINDOWS\Prefetch
2010-03-23 07:49:20 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-22 23:28:11 ----D---- C:\WINDOWS\Temp
2010-03-22 17:35:03 ----AD---- C:\Program Files
2010-03-22 15:41:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-22 09:44:24 ----SD---- C:\WINDOWS\Tasks
2010-03-22 06:46:01 ----D---- C:\Program Files\Mozilla Firefox
2010-03-21 03:50:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-20 21:13:20 ----D---- C:\WINDOWS\system32\drivers
2010-03-19 08:54:55 ----D---- C:\WINDOWS\Minidump
2010-03-19 08:54:55 ----D---- C:\WINDOWS
2010-03-17 17:07:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-17 17:07:12 ----D---- C:\WINDOWS\system32
2010-03-16 21:50:16 ----D---- C:\Program Files\GameHouse
2010-03-16 20:36:10 ----D---- C:\Program Files\PopCap Games
2010-03-16 17:26:25 ----A---- C:\a.txt
2010-03-16 17:05:47 ----D---- C:\Program Files\Hormonal Forecaster
2010-03-14 20:41:43 ----D---- C:\Program Files\eMule
2010-03-14 20:38:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 16:52:01 ----HD---- C:\Config.Msi
2010-03-10 22:09:01 ----HD---- C:\WINDOWS\inf
2010-03-10 22:08:50 ----D---- C:\Program Files\Movie Maker
2010-03-10 22:07:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 22:01:49 ----SHD---- C:\WINDOWS\Installer
2010-03-09 18:30:06 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-03-08 04:28:10 ----RD---- C:\WINDOWS\Web
2010-03-06 00:11:43 ----N---- C:\WINDOWS\NeroDigital.ini
2010-03-02 18:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\GenuTax
2010-03-02 01:30:12 ----N---- C:\WINDOWS\system32\MRT.exe
2010-02-27 17:25:46 ----C---- C:\WINDOWS\control.ini
2010-02-27 16:37:56 ----N---- C:\WINDOWS\solfire5.ini
2010-02-27 16:37:56 ----D---- C:\solfire
2010-02-25 06:22:28 ----N---- C:\WINDOWS\system32\TURegOpt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-13 242696]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2005-07-08 28672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-09 2560]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2005-11-05 18816]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-03-05 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-12-01 39488]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2005-07-08 99584]
S1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2004-07-19 52720]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-06 1181328]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-09 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 23rd, 2010, 5:18 pm

Ah, thank you thank you thank you for that explanation of the run window for RSIT and this virus checker.

I don't remember renaming that file (C:\Program Files\Big Kahuna Reef 2\Big Kahuna Reef 2_AVG_RESTORED.exe) but I could have, I suppose.

Here are the results from Virustotal.

File Xvid_Mpeg-4_Video_Codec_V_2.1__Xv received on 2010.03.23 20:57:31 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 11/42 (26.2%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.23 -
AhnLab-V3 5.0.0.2 2010.03.23 -
AntiVir 8.2.1.196 2010.03.23 ADSPY/StartPage.ATU
Antiy-AVL 2.0.3.7 2010.03.23 -
Authentium 5.2.0.5 2010.03.23 -
Avast 4.8.1351.0 2010.03.23 -
Avast5 5.0.332.0 2010.03.23 -
AVG 9.0.0.787 2010.03.23 -
BitDefender 7.2 2010.03.23 -
CAT-QuickHeal 10.00 2010.03.23 -
ClamAV 0.96.0.0-git 2010.03.23 -
Comodo 4360 2010.03.23 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.03.23 -
eSafe 7.0.17.0 2010.03.23 -
eTrust-Vet 35.2.7385 2010.03.23 -
F-Prot 4.5.1.85 2010.03.23 -
F-Secure 9.0.15370.0 2010.03.23 -
Fortinet 4.0.14.0 2010.03.22 W32/StartPage!tr
GData 19 2010.03.23 -
Ikarus T3.1.1.80.0 2010.03.23 -
Jiangmin 13.0.900 2010.03.23 -
K7AntiVirus 7.10.1004 2010.03.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.03.23 -
McAfee 5929 2010.03.23 Generic StartPage
McAfee+Artemis 5929 2010.03.23 Generic StartPage
McAfee-GW-Edition 6.8.5 2010.03.23 Ad-Spyware.StartPage.ATU
Microsoft 1.5605 2010.03.23 -
NOD32 4969 2010.03.23 probably a variant of Win32/StartPage
Norman 6.04.10 2010.03.23 StartPage.DSP
nProtect 2009.1.8.0 2010.03.23 -
Panda 10.0.2.2 2010.03.23 Adware/StartPage.ATU
PCTools 7.0.3.5 2010.03.23 -
Prevx 3.0 2010.03.23 -
Rising 22.40.01.04 2010.03.23 -
Sophos 4.51.0 2010.03.23 Mal/Generic-A
Sunbelt 6031 2010.03.22 -
Symantec 20091.2.0.41 2010.03.23 -
TheHacker 6.5.2.0.242 2010.03.23 -
TrendMicro 9.120.0.1004 2010.03.23 -
VBA32 3.12.12.2 2010.03.23 -
ViRobot 2010.3.23.2240 2010.03.23 -
VirusBuster 5.0.27.0 2010.03.23 -
Additional information
File size: 299520 bytes
MD5...: 10572600778f403d920538580f8f0c99
SHA1..: bd087d639403b6117fd4777482622942de60249e
SHA256: cddea86cec1e78a1778c804fa89c90ddf10eef946431f0c44acaf3b80fb8cab7
ssdeep: 6144:7W2+va9wWjofITiDoq0xAnsLZubO9Lk5PkoPCvEfQ7zdNSt:/jofIxx6YSo
LERfmdG
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5ae4
timedatestamp.....: 0x3d6dda86 (Thu Aug 29 08:25:42 2002)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x86e6 0x8800 6.62 c74ed182e4adff2ba953bef6e995e941
.data 0xa000 0x1be4 0x400 4.18 730893b14fc930a187215e7fb53bc0a5
.rsrc 0xc000 0x41000 0x40200 7.87 92dc6347a136941098bedce79d698822

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GetProcAddress, GlobalUnlock, GlobalLock, GlobalAlloc, FreeResource, CloseHandle, LoadResource, SizeofResource, FindResourceA, ReadFile, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, LockResource, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalFree
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Win32 Cabinet Self-Extractor
original name: WEXTRACT.EXE
internal name: Wextract
file version.: 6.00.2800.1106 (xpsp1.020828-1920)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): CAB.


AND RSIT log:
I have to go re-download this because it's not in my list of programs. It's on my desktop only and I can't get the run command there. I"m going to submit this now. I'll come back with the RSIT log and info reports.

Thanks again for your patience Melboy. I appreciate all your help.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 23rd, 2010, 5:23 pm

Hi Rachel

Navigate to C:\RSIT\info.txt and see if its there.

Don't worry - you're doing fine. These things aren't easy sometimes.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 23rd, 2010, 5:28 pm

RSIT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-23 17:21:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 16 GB (15%) free of 110 GB
Total RAM: 959 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:08 PM, on 3/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Documents and Settings\Owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ca8.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file)
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file)
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file)
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file)
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file)
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file)
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file)
O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VTAgentReboot.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1163709375
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7316 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-11 114688]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-13 2059544]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-07-28 4841472]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-14 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Registration-INSDVD.lnk]
C:\PROGRA~1\Pinnacle\INSTAN~1\SHARED~1\Pixie\RegTool.exe INSDVD,INSDVD,register,EN,0,serial=ABDPG-AAATC-KDOZV-GBILA-KRVCA []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
VTAgentReboot.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoFileAssociate"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe"="C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe:*:Enabled:ACDSee 7.0 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 months======

2010-03-23 17:15:27 ----DC---- C:\rsit
2010-03-22 17:35:03 ----D---- C:\Program Files\ESET
2010-03-15 17:18:34 ----DC---- C:\Program Files\rsit
2010-03-13 16:52:38 ----D---- C:\Program Files\Cobian Backup 9
2010-03-13 12:15:59 ----D---- C:\Program Files\Cobian Backup 8
2010-03-13 09:06:11 ----N---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-10 22:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 18:29:47 ----N---- C:\WINDOWS\system32\uxtuneup.dll

======List of files/folders modified in the last 1 months======

2099-09-19 14:30:21 ----D---- C:\WINDOWS\MSBN
2010-03-23 17:16:11 ----D---- C:\WINDOWS\Prefetch
2010-03-23 17:10:27 ----AD---- C:\Program Files
2010-03-23 16:46:07 ----D---- C:\Documents and Settings\Owner\Application Data\Skype
2010-03-23 14:11:33 ----D---- C:\WINDOWS\Temp
2010-03-22 15:41:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-22 09:44:24 ----SD---- C:\WINDOWS\Tasks
2010-03-22 06:46:01 ----D---- C:\Program Files\Mozilla Firefox
2010-03-21 03:50:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-20 21:13:20 ----D---- C:\WINDOWS\system32\drivers
2010-03-19 08:54:55 ----D---- C:\WINDOWS\Minidump
2010-03-19 08:54:55 ----D---- C:\WINDOWS
2010-03-17 17:07:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-17 17:07:12 ----D---- C:\WINDOWS\system32
2010-03-16 21:50:16 ----D---- C:\Program Files\GameHouse
2010-03-16 20:36:10 ----D---- C:\Program Files\PopCap Games
2010-03-16 17:26:25 ----A---- C:\a.txt
2010-03-16 17:05:47 ----D---- C:\Program Files\Hormonal Forecaster
2010-03-14 20:41:43 ----D---- C:\Program Files\eMule
2010-03-14 20:38:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 16:52:01 ----HD---- C:\Config.Msi
2010-03-10 22:09:01 ----HD---- C:\WINDOWS\inf
2010-03-10 22:08:50 ----D---- C:\Program Files\Movie Maker
2010-03-10 22:07:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 22:01:49 ----SHD---- C:\WINDOWS\Installer
2010-03-09 18:30:06 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-03-08 04:28:10 ----RD---- C:\WINDOWS\Web
2010-03-06 00:11:43 ----N---- C:\WINDOWS\NeroDigital.ini
2010-03-02 18:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\GenuTax
2010-03-02 01:30:12 ----N---- C:\WINDOWS\system32\MRT.exe
2010-02-27 17:25:46 ----C---- C:\WINDOWS\control.ini
2010-02-27 16:37:56 ----N---- C:\WINDOWS\solfire5.ini
2010-02-27 16:37:56 ----D---- C:\solfire
2010-02-25 06:22:28 ----N---- C:\WINDOWS\system32\TURegOpt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-13 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-13 242696]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2005-07-08 28672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512]
R2 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-08-09 2560]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2005-11-05 18816]
R3 GearAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-03-05 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2005-12-01 39488]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]
R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2005-07-08 99584]
S1 Cdr4_2K;Cdr4_2K; C:\WINDOWS\system32\drivers\Cdr4_2K.sys [2004-07-19 52720]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]
S3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-17 391424]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
S3 ATHFMWDL;D-Link predator Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-26 260736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-07-28 77824]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-06 1181328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2000-08-06 65602]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-09 435016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


RSIT TEXT

info.txt logfile of random's system information tool 1.06 2010-03-23 17:21:10

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
602PC SUITE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6DFC4B13-4489-4A59-AF95-12628A86FA76}\Setup.exe" -l0x9 -UNINSTALL -UNINSTALL
ACD Media Support Package 1.0-->MsiExec.exe /X{C531F248-1EC0-4C5D-A32C-A16672929B42}
ACDSee 7.0 PowerPack-->MsiExec.exe /I{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}
Acs PC Atlas Manual-->"C:\Pcatlas\manual\IsStub32.exe" -fC:\Pcatlas\manual\DeIsL1.isu -cC:\Pcatlas\manual\_ISREG32.DLL
ACS PC Atlas-->C:\WINDOWS\IsUninst.exe -fC:\PCATLAS\UninPCAt.isu
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 5.0 Limited Edition-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.0 LE\DeIsL1.isu" -c"C:\Program Files\Adobe\Photoshop 5.0 LE\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AtamA 2.1-->MsiExec.exe /I{4B2A1963-2253-4BFB-B606-ADE7BAABCEC5}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Big Kahuna Reef 2 - Chain Reaction-->"C:\Program Files\Big Kahuna Reef 2\ReflexiveArcade\unins000.exe"
Blackhawk Striker-->"C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -UninstallItem {95572122-186D-412B-9B5D-71C70BD51234}
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\357ECB62-CD36-4B63-B57E-769D0CA174F4\Uninstall.exe"
BlasterBall Wild from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\28BA89E7-2F60-4BE7-BAA2-7949EB3FE527\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BookWorm Deluxe 1.0y-->C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log
Bounce Out-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDEC8492-94F7-43E3-8C7C-29CA97B3CE95}\Setup.exe"
Burn4Free CD & DVD 1.1.5.0-->"C:\Program Files\Burn4Free\unins000.exe"
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
CodeBaby Player (Remove Only) 1.0.2.19-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\codebaby.1.0.2.19.inf,DefaultUninstall,5
Collapse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75F66C39-B41E-11D5-B743-00D0B74C4519}\Setup.exe"
Collectorz.com Photo Collector-->C:\PROGRA~1\COLLEC~1.COM\PHOTOC~1\UNWISE.EXE C:\PROGRA~1\COLLEC~1.COM\PHOTOC~1\INSTALL.LOG
Colour@Home II-->C:\WINDOWS\iun6002.exe "C:\Program Files\CILPaint\Colour@Home II\irunin.ini"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dark Orbit from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7841B68B-B7DD-408E-8B45-D5CA39608185\Uninstall.exe"
DFX for MUSICMATCH-->C:\PROGRA~1\DFX\MUSICM~1\UNWISE.EXE C:\PROGRA~1\DFX\MUSICM~1\INSTALL.LOG
Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\63272979-21F0-48EF-9B97-A83DBC05BE39\Uninstall.exe"
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD Copy Plus-->MsiExec.exe /I{2E661193-B28F-4D59-A534-9E0D294B39F8}
DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"
DVD43 v3.6.2-->"C:\Program Files\dvd43\unins000.exe"
DVDx 2.0-->"C:\Program Files\DVDx\unins000.exe"
DVDXCopy Platinum 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
Dynomite Deluxe 2.71-->C:\Program Files\PopCap Games\Dynomite Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Dynomite Deluxe\Install.log"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" ADDREMOVEDLG
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Excavation from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DF479CEA-34C0-460F-9B56-93BCE4CD4086\Uninstall.exe"
GearDrivers-->rundll32.exe C:\WINDOWS\system32\UNINSTALL\UninstWDM.dll,UninstInitialize
GemMaster 3 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC\Uninstall.exe"
GenuTax Standard-->MsiExec.exe /I{EE587598-F063-424B-8DB5-621E8EB3E015}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hormonal Forecaster v 5.2 (C:\Program Files\Hormonal Forecaster\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hormonal Forecaster\ST6UNST.001"
Hormonal Forecaster v 5.2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hormonal Forecaster\ST6UNST.000"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hoyle Card Games 5-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 5\Uninst.isu"
hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
HP Deskjet printer preloaded drivers-->MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Digital Imaging Album Printing 1.0-->MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Memories Disc-->MsiExec.exe /X{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}
HP Photo and Imaging 1.2 - Photosmart Cameras-->MsiExec.exe /X{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photosmart printers preloaded drivers-->MsiExec.exe /X{9E88DAA4-1352-4272-BA3A-897668408400}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HTML Slideshow Powertoy for Windows XP-->MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Image Uploader for PC-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nikon\Image Uploader for PC\Uninst.isu"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Janus 3 Demo All Modules-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\J3FDemo\ST5UNST.LOG"
Janus 3.0 Update 23 Apr 2003-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Janus\ST5UNST.LOG"
Jigsaw 2 Manual-->"C:\JigSaw2\JS2UserGuide\IsStub32.exe" -fC:\JigSaw2\JS2UserGuide\DeIsL1.isu -cC:\JigSaw2\JS2UserGuide\_ISREG32.DLL
JigSaw v2-->C:\WINDOWS\uninst.exe -fC:\JIGSAW\DeIsL1.isu -cC:\JIGSAW\_ISREG32.DLL
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware-->"C:\Program Files\rMalwarebytes' Anti-Malware\unins000.exe"
Match-Up!-->MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Carioca Rummy-->MsiExec.exe /I{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Internet Explorer Administration Kit 5-->rundll32 advpack.dll,LaunchINFSection ieak5.inf,IEAK.Uninstall
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Web Components-->MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801033}
Nimo Codecs Pack v4.4 (Remove Only)-->"C:\Program Files\NimoCodec Pack\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Philips Device Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x9 -removeonly
Philips Device Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57F06897-6735-4B97-9DF3-DE8BC27879D4}\setup.exe" -l0x9 -removeonly
Pinnacle Hollywood FX 4.6-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX 4.6\uninstal.log
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F61F2821-694C-475F-99AB-6AF2EFDF40FD} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RingMaster from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8c9c48d7-2d03-4a1f-a303-5bd22ccabae1\Uninstall.exe"
Roxio Backup MyPC-->MsiExec.exe /X{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SF5 Manual-->"C:\Solfire\SF5manual\IsStub32.exe" -fC:\Solfire\SF5manual\DeIsL1.isu -cC:\Solfire\SF5manual\_ISREG32.DLL
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShowBiz DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x9
Simple Backup for My Pictures-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Slingo Quest-->"C:\Program Files\Slingo Quest\ReflexiveArcade\unins000.exe"
Snowboard Extreme from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\753FE96B-D926-4B6C-BCFB-CC59153D004A\Uninstall.exe"
Solar Fire v5-->C:\WINDOWS\uninst.exe -fc:\solfire\DeIsL1.isu -cc:\solfire\_ISREG32.DLL
Solar Maps Manual-->"C:\Solfire\SolarMapsManual\IsStub32.exe" -fC:\Solfire\SolarMapsManual\DeIsL1.isu -cC:\Solfire\SolarMapsManual\_ISREG32.DLL
Space Rocks from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9FA01E11-9015-4140-B10A-5C6AA949B2FC\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 8-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x9 UNINSTALL
Super Gem Drop-->C:\PROGRA~1\GAMEHO~1\GemDrop\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GemDrop\INSTALL.LOG
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
toolkit-->c:\Windows\HPTK\unhptkit.exe
Travelaxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}\setup.exe"
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Virtual Warfare from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4F0AE1FB-4082-4A27-8363-05D292D92FB0\Uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
WildTangent Channel Manager-->C:\Program Files\WildTangent\DDC\DDCManager\Uninstall.exe
WildTangent GameChannel (remove only)-->"C:\Program Files\WildTangent\Apps\uninstallgamechannel.exe"
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Windows XP Creativity Fun Packs - Windows XP Power Toys-->MsiExec.exe /X{485E6526-EA98-4F04-925A-67424D12E1E2}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Windows XP Video Screensaver Powertoy-->C:\WINDOWS\System32\unins000.exe
Windows XP Winter Fun Pack for Windows Movie Maker 2-->MsiExec.exe /I{FFC5C6DA-6BC0-47C1-9EC0-8E1A1294E4F7}
WinPatrol-->MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect Productivity Pack-->c:\WINDOWS\Corel\Uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WOW Love-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{831053E0-79D4-11D4-B1C4-0050BAAABBFD}\Setup.exe"
WOW-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7EC08D3-419E-4568-B59A-82D652450D48}\Setup.exe"
XviD MPEG-4 video codec v2.1-->RunDLL32.exe advpack.dll,LaunchINFSection xvid.inf, UnInstall
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Zuma Deluxe! 1.0-->C:\WINDOWS\iun6002.exe "C:\Documents and Settings\Owner\Desktop\Downloads\irunin.ini"

=====HijackThis Backups=====

O2 - BHO: (no name) - {D60E38EA-36A4-3D12-683A-41C122B274BF} - (no file) [2010-03-17]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2010-03-17]
O2 - BHO: (no name) - {546EB25A-6A5D-99EF-7458-F82F8D257E62} - (no file) [2010-03-17]
O2 - BHO: (no name) - {AD1C10AB-B823-DD59-CC22-04E0B321DD28} - (no file) [2010-03-17]
O2 - BHO: (no name) - {820EE400-4068-7AC4-7934-F519A5AC7D69} - (no file) [2010-03-17]
O2 - BHO: (no name) - {44C9969F-4DCD-2E8D-1242-7959041A25AB} - (no file) [2010-03-17]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2010-03-17]
O4 - HKLM\..\Policies\Explorer\Run: [zNWTP9zg1X] C:\Documents and Settings\All Users\Application Data\uxwnajwj\ixgpevct.exe [2010-03-17]
O2 - BHO: (no name) - {57087586-1D03-1EF0-AC05-C1E652E44817} - (no file) [2010-03-17]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [2010-03-17]
O2 - BHO: (no name) - {36791C41-EE2D-4A40-AF45-24A5ABA6D46E} - (no file) [2010-03-17]
O2 - BHO: (no name) - {7585DA5E-00B8-A6A6-588F-E650C178A259} - (no file) [2010-03-17]
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u [2010-03-17]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26731
Source Name: DCOM
Time Written: 20100131000028.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{2509ABBC-871E-42E5-A27B-F7DA394B1897}

Record Number: 26730
Source Name: DCOM
Time Written: 20100131000028.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26729
Source Name: DCOM
Time Written: 20100131000015.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{FCA02D56-BF9D-4591-AD41-E59AF763C64A}

Record Number: 26728
Source Name: DCOM
Time Written: 20100130232902.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

Computer Name: YOUR-O0KWKW9JWC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service TuneUp.UtilitiesSvc with arguments ""
in order to run the server:
{2509ABBC-871E-42E5-A27B-F7DA394B1897}

Record Number: 26727
Source Name: DCOM
Time Written: 20100130232901.000000-300
Event Type: error
User: YOUR-O0KWKW9JWC\Owner

=====Application event log=====

Computer Name: YOUR-O0KWKW9JWC
Event Code: 3003
Message:
Record Number: 3933
Source Name: WinDefendRtp
Time Written: 20090723181251.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 4356
Message: The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.
Record Number: 3931
Source Name: EventSystem
Time Written: 20090723181119.000000-240
Event Type: warning
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.

Record Number: 3926
Source Name: MSSQLServer
Time Written: 20090723181111.000000-240
Event Type: warning
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 5000
Message:
Record Number: 3908
Source Name: MPSampleSubmission
Time Written: 20090721022141.000000-240
Event Type: error
User:

Computer Name: YOUR-O0KWKW9JWC
Event Code: 5000
Message:
Record Number: 3904
Source Name: MPSampleSubmission
Time Written: 20090720022248.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PCToolsDir"=C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\HP Pavilion PC Tools
"VERSION"=3.0.1
"SESSIONID"=1085197815365wuws07-l5eb489:fcc3ddb77d:173f
"COLLECTIONID"=COL5123
"ITEMID"=dj-17724-8
"UPDATEDIR"=C:\DOCUME~1\Owner\LOCALS~1\Temp\rad2B9AB.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.1.1
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"602ALBUM_EXE"=C:\Program Files\Software602\602Pro PC SUITE\602Album\602Album.exe
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------


Shall I go one by one with the Virustotal to see all the 8 threats or is that one the only interesting one?

Thank you.
Rachel
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 23rd, 2010, 7:38 pm

Shall I go one by one with the Virustotal to see all the 8 threats

No need to. We'll deal with them in due course.

Other than the stated problem with AVG and the problems with the anti-rootkit scans I've asked you to run (GMER and RootRepeal), how does the computer run generally?


I want to try and get an ARK scan. Try the one below. Let me know if you have problems.


SysProt AntiRootkit©

Please download SysProt AntiRootkit© by swatkat and save it to your desktop.

  • Scroll down to the bottom of the page linked to above and click on SysProt.zip Download under the Attachments section to save the file.
  • Unzip it into a folder on your desktop and enter it, then double click on SysProt.exe to start the program.
  • Go to the Log tab and check (tick) all items listed in the Write to log box.
  • Check Hidden Objects Only at the bottom of the window too.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear. Select Scan root drive only and click Start.
  • When completed, you will be prompted showing the location of SysProtLog.txt, which is the same folder SysProt.exe was extracted to.
  • Post the contents of the log in your reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 24th, 2010, 2:00 pm

Hi Melboy, Ok, I'll run that when I get home and see how the AVG or Malware scan runs. I did remember last night that I re-installed that bigkahuna program either last summer or the summer before. I don't remember if I changed the name to 2 though. Just thought you'd want to know.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby melboy » March 24th, 2010, 2:08 pm

Hi Rachel

Don't run Malwarebytes or AVG. Just get me the SysProt scan for now.

In the meantime also do this:

http://forums.malwarebytes.org/index.ph ... ntry167851

  • Open AVG and click on Tools and select Advanced Settings
  • Click on Resident Shield
  • Click on Exceptions then click Add Path
  • Exclude the following directories:

C:\Program Files\Malwarebytes' Anti-Malware


Click on Add List then copy and paste the text inside the CODE box exactly as written into the AVG window.

Code: Select all
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 24th, 2010, 5:24 pm

Voilà the scan results:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ECAC6000
Module End: ECADE000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A33000
Module End: F7A35000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F74D787E
Driver Base: F74D7000
Driver End: F74E6000
Driver Name: Lbd.sys

Function Name: ZwSetValueKey
Address: F74D7BFE
Driver Base: F74D7000
Driver End: F74E6000
Driver Name: Lbd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:3574
Remote Address: CPE-75-80-254-119.DC.RES.RR.COM:48648
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2678
Remote Address: QY-IN-F137.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2677
Remote Address: PV-IN-F102.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2676
Remote Address: QY-IN-F99.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2675
Remote Address: QY-IN-F99.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2674
Remote Address: QY-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2673
Remote Address: QY-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:2571
Remote Address: QY-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:33367
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Last.fm\LastFM.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:32213
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Last.fm\LastFM.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:27015
Remote Address: LOCALHOST:4482
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:4482
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:2180
Remote Address: LOCALHOST:2179
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:2179
Remote Address: LOCALHOST:2180
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:2177
Remote Address: LOCALHOST:2176
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:2176
Remote Address: LOCALHOST:2177
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: YOUR-O0KWKW9JWC:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:45609
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: YOUR-O0KWKW9JWC.GATEWAY.2WIRE.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:2312
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:45609
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: YOUR-O0KWKW9JWC:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Program Files\eMule\Incoming\Classical\Carmen- Habanera-Georges Bizet (Victoria De Los A´Ngeles)-The Best Opera Album In The World Ever! Disc 2.mp3
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\Program Files\eMule\Incoming\Intuition +\Caroline Myss - Self-Esteem\Caroline Myss - Self-Esteem\Caroline Myss - Three Levels of Power and How to Use Them (1 to 4) - (Complete) (Self Help Audio Book)\Caroline Myss - Three Levels of Power and How to Use
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}
Status: Access denied
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm

Re: Anti-virus scan problems - AVG, Malware bytes Anti-malware,

Unread postby leostar » March 24th, 2010, 5:30 pm

Ok, thanks for the AVG tip. I've done that. (The hidden files were as they should be already.)

Merci.
leostar
Regular Member
 
Posts: 34
Joined: March 9th, 2010, 9:30 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware