Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cannot remove Virtumondo spyware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cannot remove Virtumondo spyware

Unread postby ekimt7 » June 4th, 2010, 1:40 pm

I have tried Spyware Doctor/microsoft Live scanner/spybot search and destroy/spyhunter but nothing worked. Here is my HijackThis log, can anyone help ? I have been searching online for 3 days for a solution without success. Thanks !

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:30 AM, on 6/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\IIS Resources\DebugDiag\DbgSVC.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\ooRexx\rxapi.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iconic Tray\it.exe
C:\WINDOWS\system32\msdtc.exe
C:\PROGRA~1\EDITPL~1\EDITPLUS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\SAS\SAS9~1.1\SAS.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
G:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\DOCUME~1\mickael\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
G:\PortableApps\PidginPortable\PidginPortable.exe
G:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe
G:\TEMP APPS\FixVundo.exe
C:\Documents and Settings\mickael\My Documents\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: 127.0.0.4 WRes
O1 - Hosts: 127.0.0.5 DartBuild-PC
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iconic Tray] C:\Program Files\Iconic Tray\it.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4832014855
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://files.iamvd.com/nortel_cacheable/iewiper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpr.local
O17 - HKLM\Software\..\Telephony: DomainName = jpr.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jpr.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jpr.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Portal.Service - PortalSoft, Inc. - C:\3.4\3.4\Server\build\Debug\Portal.Server.exe
O23 - Service: RXAPI - Rexx Language Association - C:\Program Files\ooRexx\rxapi.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
ekimt7
Active Member
 
Posts: 5
Joined: June 4th, 2010, 1:36 pm
Advertisement
Register to Remove

Re: Cannot remove Virtumondo spyware

Unread postby MWR 3 day Mod » June 7th, 2010, 9:48 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Cannot remove Virtumondo spyware

Unread postby askey127 » June 9th, 2010, 9:22 am

ekimt7,
Hi and welcome to Malware Removal
Sorry for the delay in answering your request.
We have had more logs than we could handle in a timely manner.

If you still wish to receive help and are not receiving it elsewhere, please proceed as follows:

Please do not install, scan, or remove anything unless I ask.
Go to Start, Control Panel, Security Center
Tell me in your reply what it reports for Antivirus, both the program name and status.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

So we are looking for tha answers to my questions above, and the contents of the two reports from the RSIT scanner.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot remove Virtumondo spyware

Unread postby ekimt7 » June 9th, 2010, 12:07 pm

Thanks for the reply.
The Anti virus program running is AVG 8, windows reports that it is currently up to date and virus scanning is on.
Here are the 2 logs from RSIT.exe:

info.txt:
info.txt logfile of random's system information tool 1.06 2010-06-09 08:52:53

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5545F877-D35D-446A-AF17-BD2A658372EE}\setup.exe" -l0x9 -uninst -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79FDDC7B-B906-4F9F-93C4-31D3131AACAB}\setup.exe" -l0x9 -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{830E3A05-174C-4E7B-88AC-CCC3231D9DF4}\setup.exe" -l0x9 -uninst
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{938C2F16-C827-46AC-B100-D2DA1D88BB31}\setup.exe" -l0x9 -uninst -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93D813CE-EDF2-4FE8-9069-56EF079AE92F}\setup.exe" -l0x9 -uninst -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{956EA876-4827-468C-9B06-21CEACE60339}\setup.exe" -l0x9 -uninst -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC48B33F-5EA3-4546-9648-9EA5B39F56B2}\setup.exe" -l0x9 -uninst -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF36BCC7-A9C3-4CB1-86F2-3BA75FDC0AFB}\setup.exe" -l0x9 -uninst -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1720 DriverTools-->MsiExec.exe /X{E0EF2CC7-74B3-4FA8-B0F0-0854CDF9F22F}
1720 LPSU-->MsiExec.exe /X{195A9413-6FB1-46EB-9085-DFB09C0EA03C}
1720 Pubs-->MsiExec.exe /X{04F281F0-A8ED-4110-B997-50029B8BECA9}
1720 x86_HBP-->MsiExec.exe /X{D58457B7-F96A-4D61-89CE-3D0A58996FAE}
1720 x86_PS-->MsiExec.exe /X{DF622553-7662-45B6-BF04-4D3D6D05B3FF}
ActiveXplorer 4.0-->"C:\Program Files\ActiveXplorer\uninstall.exe"
ActiveXplorer 4.x .NET Assemblies Analysis-->MsiExec.exe /I{CDA64886-8D83-4FB6-BF28-6CFD518771EA}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.2.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->MsiExec.exe /I{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Beyond Compare Version 2.5-->"C:\Program Files\Beyond Compare 2\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom ASF Management Applications-->MsiExec.exe /I{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}
Broadcom Management Programs-->MsiExec.exe /X{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Browser Defender 2.0.6.15-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CopyTrans Suite Remove Only-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Reports Basic Runtime for Visual Studio 2008-->MsiExec.exe /X{CE26F10F-C80F-4377-908B-1B7882AE2CE3}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Dell ETS Factory Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\setup.exe" -l0x9
Dell Software Uninstall-->C:\Program Files\Dell_HostCD\Install\x86\Uninstall.exe
EditPlus 2-->C:\Program Files\EditPlus 2\remove.exe
Expert AutoStats version 4.9-->"C:\4N6XPRT\unins000.exe"
Exterminate It!-->C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®-->MsiExec.exe /X{A638EC76-65C3-4F82-BA68-D105DDA393E7}
FreeCommander 2009.02a-->"C:\Program Files\FreeCommander\unins000.exe"
GDR 4053 for SQL Server Analysis Services 2005 ENU (KB970892)-->C:\WINDOWS\OLAP9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Reporting Services 2005 ENU (KB970892)-->C:\WINDOWS\RS9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth Plug-in-->MsiExec.exe /X{961034C0-58DF-11DF-97FD-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPL Ghostscript 8.64-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.64\uninstal.txt"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Iconic Tray (remove only)-->C:\Program Files\Iconic Tray\uninstall.exe
IIS Diagnostics Toolkit January 2006 (x86)-->MsiExec.exe /I{30EFFF0C-573D-46FB-8AD5-20051225261A}
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
IZArc 3.7-->"C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Development Kit 6 Update 12-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160120}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Platform SDK (3790.1830)-->MsiExec.exe /I{BA96A695-E9CE-4B2A-919A-540B73E7A78E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Analysis Services-->MsiExec.exe /I{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}
Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Reporting Services-->MsiExec.exe /I{E930E839-998E-42F9-97E2-71FC960DB1B7}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Tool Web Package : OLEVIEW.EXE-->MsiExec.exe /X{F8C366C2-66A9-4F5C-A8A7-5108A0251F58}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
NCSA Case Catalog-->MsiExec.exe /X{40E5ED3A-BA73-4672-B2AD-113963B36693}
Nero 7 Essentials-->MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
NTI Shadow-->"C:\Program Files\InstallShield Installation Information\{81DCEC2B-E069-4985-978B-3230292AB744}\setup.exe" -removeonly
NTI Shadow-->C:\Program Files\InstallShield Installation Information\{81DCEC2B-E069-4985-978B-3230292AB744}\setup.exe -runfromtemp -l0x0409
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Open Object Rexx-->"C:\Program Files\ooRexx\uninstall.exe"
Open Workbench-->MsiExec.exe /I{1E9A9E08-0366-45EE-9B66-51852F8D9812}
Paradox Data Editor 2.3-->"C:\Program Files\PDE\unins000.exe"
PCVINA 32-BIT-->C:\pcvina\UNWISE.EXE C:\pcvina\INSTALL.LOG
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Portal4Law-->MsiExec.exe /I{AB2798FD-7A0C-45E5-8B89-AE7C8AB4637B}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
R for Windows 2.9.1-->"C:\Program Files\R\R-2.9.1\unins000.exe"
SAS 9.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68624FB8-2512-46B5-9664-64366DCCB3EB}\setup.exe" -l0x9 uninstall
SAS Enterprise Guide 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2C3ED42-0070-4213-9E12-66C404BBA0E7}\setup.exe" -l0x9 -removeonly "uninstall"
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.1)-->C:\Program Files\SAS\Shared Files\JRE\1.4.1\_uninst\Uninst.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976323)-->"C:\WINDOWS\$NtUninstallKB976323$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SkillSoft Course Manager-->C:\Program Files\SkillSoft\client\OCMStart.exe uninstall SkillSoft
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
SQLXML4-->MsiExec.exe /I{8415F660-5FDC-4601-97DD-43A783600F4B}
Subversion 1.4.6-r28521-->"C:\Program Files\Subversion\unins000.exe"
TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
tools-freebsd-->MsiExec.exe /X{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}
tools-linux-->MsiExec.exe /X{D102611A-6466-4101-A51D-51069303AC65}
tools-windows-->MsiExec.exe /X{FFD9383C-01D5-4897-A954-43AF599AED30}
TortoiseSVN 1.6.7.18415 (32 bit)-->MsiExec.exe /X{5DC6B387-DCD5-4B66-B866-434020FF2ECC}
TXTcollector 2.0.1-->"C:\Program Files\TXTcollector\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Visual Studio Web Authoring Component (KB945140)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {F9DE79A2-9049-4589-9787-815147371581}
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Player-->C:\Documents and Settings\All Users\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe -x
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows Small Business Server 2008 ClientAgent-->MsiExec.exe /I{492F8345-095D-467F-926C-278870D93ECF}
Windows Small Business Server 2008 WMI Provider-->MsiExec.exe /I{838257FC-952A-467B-86BF-21DB6B137A3F}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.6.14.0-->"C:\Program Files\WinMerge\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
xdocdiff-->C:\WINDOWS\eiunin21.exe "C:\Program Files\xdocdiff\install.DAT"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.4 WayneResnick
127.0.0.5 DartBuild-PC

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: AVG Anti-Virus Network Edition

======System event log======

Computer Name: ARES
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.

Record Number: 18666
Source Name: Disk
Time Written: 20100428083537.000000-420
Event Type: error
User:

Computer Name: ARES
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.

Record Number: 18665
Source Name: Disk
Time Written: 20100428083536.000000-420
Event Type: error
User:

Computer Name: ARES
Event Code: 51
Message: An error was detected on device \Device\Harddisk3\D during a paging operation.

Record Number: 18664
Source Name: Disk
Time Written: 20100428083514.000000-420
Event Type: warning
User:

Computer Name: ARES
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0019B92C2B99. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 18663
Source Name: Dhcp
Time Written: 20100427170849.000000-420
Event Type: warning
User:

Computer Name: ARES
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 18659
Source Name: Fastfat
Time Written: 20100426095119.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: ARES
Event Code: 107
Message: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Record Number: 126
Source Name: Report Server Windows Service (MSSQLSERVER)
Time Written: 20100528030241.000000-420
Event Type: error
User:

Computer Name: ARES
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 49
Source Name: EvntAgnt
Time Written: 20100517084222.000000-420
Event Type: warning
User:

Computer Name: ARES
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 48
Source Name: EvntAgnt
Time Written: 20100517084222.000000-420
Event Type: warning
User:

Computer Name: ARES
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 47
Source Name: Microsoft Fax
Time Written: 20100517084222.000000-420
Event Type: warning
User:

Computer Name: ARES
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 46
Source Name: Microsoft Fax
Time Written: 20100517084222.000000-420
Event Type: warning
User:

======Environment variables======

"APR_ICONV_PATH"=C:\Program Files\Subversion\iconv
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Subversion\bin;C:\Program Files\ooRexx;C:\Program Files\SAS\Shared Files\Formats;C:\Program Files\pcvina;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.REX
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"REXX_HOME"=C:\Program Files\ooRexx
"TEMP"=%SystemRoot%\TEMP
"TKPATHIA32"=C:\Program Files\SAS\Shared Files\ICU
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"lib"=C:\Program Files\SQLXML 4.0\bin\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
ekimt7
Active Member
 
Posts: 5
Joined: June 4th, 2010, 1:36 pm

Re: Cannot remove Virtumondo spyware

Unread postby ekimt7 » June 9th, 2010, 12:08 pm

log.txt:

Logfile of random's system information tool 1.07 (written by random/random)
Run by mickael at 2010-06-09 08:52:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 116 GB (49%) free of 238 GB
Total RAM: 3326 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:49 AM, on 6/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\IIS Resources\DebugDiag\DbgSVC.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\ooRexx\rxapi.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iconic Tray\it.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\EditPlus 2\editplus.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\SAS\SAS9~1.1\SAS.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
G:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\DOCUME~1\mickael\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\PortableApps\PidginPortable\PidginPortable.exe
G:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\Documents and Settings\mickael\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\mickael.exe
C:\WINDOWS\system32\verclsid.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: 127.0.0.4 WayneResnick
O1 - Hosts: 127.0.0.5 DartBuild-PC
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iconic Tray] C:\Program Files\Iconic Tray\it.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6087.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4832014855
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://files.iamvd.com/nortel_cacheable/iewiper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jpr.local
O17 - HKLM\Software\..\Telephony: DomainName = jpr.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jpr.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jpr.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Portal.Service - PortalSoft, Inc. - C:\3.4\3.4\Server\build\Debug\Portal.Server.exe
O23 - Service: RXAPI - Rexx Language Association - C:\Program Files\ooRexx\rxapi.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10940 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\File Helper.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1135352823-189835422-2719615305-1174Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1135352823-189835422-2719615305-1174UA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3A9D5792-121F-404A-BF6E-311EF895EB24}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-07-25 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-18 2046816]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2010-05-11 1287120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Iconic Tray"=C:\Program Files\Iconic Tray\it.exe [2009-04-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\mickael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-08 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LxrAutorun]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-03-19 5248312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]
ICO.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power DVD Player]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2010-01-22 64048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymrvawfm]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\DKabcoms.exe"="C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Portal4Law\Portal.Client.exe"="C:\Program Files\Portal4Law\Portal.Client.exe:*:Enabled:Portal.Client"
"C:\Documents and Settings\mickael\Local Settings\Temp\Portal.Client.Launcher.exe"="C:\Documents and Settings\mickael\Local Settings\Temp\Portal.Client.Launcher.exe:*:Enabled:Portal.Client.Launcher"
"H:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe"="H:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin"
"C:\Program Files\VMware\VMware Player\vmware-authd.exe"="C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\SAS\SAS 9.1\sas.exe"="C:\Program Files\SAS\SAS 9.1\sas.exe:*:Enabled:SAS 9.1 for Windows"
"C:\WINDOWS\system32\DKabcoms.exe"="C:\WINDOWS\system32\DKabcoms.exe:*:Enabled:Dell Enhanced TCP/IP"
"C:\Program Files\Remote Terminal for DARTdevices\plink.exe"="C:\Program Files\Remote Terminal for DARTdevices\plink.exe:*:Enabled:Command-line SSH, Telnet, and Rlogin client"
"C:\Program Files\Portal Client\Portal.Client.exe"="C:\Program Files\Portal Client\Portal.Client.exe:*:Enabled:Portal.Client"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\3.4\3.4\Server\build\Debug\Portal.Server.exe"="C:\3.4\3.4\Server\build\Debug\Portal.Server.exe:*:Enabled:Portal.Server"
"C:\3.4\3.4\Client\build\Debug\Portal.Client.vshost.exe"="C:\3.4\3.4\Client\build\Debug\Portal.Client.vshost.exe:*:Enabled:vshost.exe"
"C:\3.4\3.4\Client\build\Debug\Portal.Client.exe"="C:\3.4\3.4\Client\build\Debug\Portal.Client.exe:*:Enabled:Portal.Client"
"C:\Program Files\Common Files\Microsoft Shared\DevServer\9.0\WebDev.WebServer.EXE"="C:\Program Files\Common Files\Microsoft Shared\DevServer\9.0\WebDev.WebServer.EXE:*:Enabled:WebDev.WebServer.exe"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe"="C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface)"
"C:\Documents and Settings\mickael\Local Settings\Temp\Portal.Client.Launcher.exe"="C:\Documents and Settings\mickael\Local Settings\Temp\Portal.Client.Launcher.exe:*:Enabled:Portal.Client.Launcher"
"C:\Program Files\Portal4Law\Portal.Client.exe"="C:\Program Files\Portal4Law\Portal.Client.exe:*:Enabled:Portal.Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"G:\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="G:\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Bonjour\wow\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="C:\Program Files\Bonjour\wow\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe"="G:\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"G:\PortableApps\ThunderbirdPortableTest\App\Thunderbird\thunderbird.exe"="G:\PortableApps\ThunderbirdPortableTest\App\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Bonjour\wow\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="C:\Program Files\Bonjour\wow\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Bonjour\wow\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"="C:\Program Files\Bonjour\wow\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe"="G:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin"
"H:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe"="H:\PortableApps\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin"
"C:\Program Files\Bonjour\wow\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"="C:\Program Files\Bonjour\wow\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"H:\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe"="H:\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"H:\PortableApps\ThunderbirdPortableTest\App\Thunderbird\thunderbird.exe"="H:\PortableApps\ThunderbirdPortableTest\App\Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Bonjour\wow\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"="C:\Program Files\Bonjour\wow\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\mickael\Desktop\hfs.exe"="C:\Documents and Settings\mickael\Desktop\hfs.exe:*:Enabled:hfs"
"G:\PortableApps\TeamViewerPortable\App\teamviewer\TeamViewer.exe"="G:\PortableApps\TeamViewerPortable\App\teamviewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"G:\PortableApps\uTorrentPortable\App\utorrent\uTorrent.exe"="G:\PortableApps\uTorrentPortable\App\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"G:\xampp\mysql\bin\mysqld.exe"="G:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"C:\Documents and Settings\mickael\Local Settings\Apps\2.0\4DKO2HJ0.ZVN\X3D9RRE0.2H4\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe"="C:\Documents and Settings\mickael\Local Settings\Apps\2.0\4DKO2HJ0.ZVN\X3D9RRE0.2H4\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe:*:Enabled:Curse Client 4.0"
"G:\PortableApps\FileZillaPortable\App\filezilla\filezilla.exe"="G:\PortableApps\FileZillaPortable\App\filezilla\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\VMware\VMware Player\vmware-authd.exe"="C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\KompoZerPortable\App\kompozer\kompozer.exe"="C:\KompoZerPortable\App\kompozer\kompozer.exe:*:Enabled:Composer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\mickael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\mickael\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:chrome.exe"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\wow\Launcher.exe"="C:\Program Files\wow\Launcher.exe:*:Enabled:Launcher"
"G:\PortableApps\TeamViewerPortable\TeamViewer.exe"="G:\PortableApps\TeamViewerPortable\TeamViewer.exe:*:Enabled:TeamViewer"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e92c46c6-0531-11df-8374-0019b92c2b99}]
shell\explore\command - H:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Ghost.exe Bak
shell\open\command - H:\recycle.{645FF040-5081-101B-9F08-00AA002F954E}\Ghost.exe Bak


======List of files/folders created in the last 1 months======

2010-06-09 08:52:34 ----D---- C:\Program Files\trend micro
2010-06-09 08:52:33 ----D---- C:\rsit
2010-06-04 16:10:00 ----D---- C:\Program Files\Exterminate It!
2010-06-04 11:40:54 ----D---- C:\WINDOWS\LastGood
2010-06-04 10:43:33 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-06-03 14:00:15 ----D---- C:\Program Files\Windows Live Safety Center
2010-06-03 10:51:02 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-06-03 10:51:02 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-06-03 10:51:02 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-06-03 10:51:02 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-06-03 10:51:02 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-06-03 10:51:02 ----A---- C:\WINDOWS\BDTSupport.dll
2010-06-03 10:47:38 ----D---- C:\Program Files\Spyware Doctor
2010-06-03 10:47:38 ----D---- C:\Program Files\Common Files\PC Tools
2010-06-03 10:47:38 ----D---- C:\Documents and Settings\mickael\Application Data\PC Tools
2010-06-03 10:47:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-06-03 10:34:00 ----D---- C:\!KillBox
2010-06-03 10:03:10 ----D---- C:\VundoFix Backups
2010-06-03 10:03:10 ----A---- C:\VundoFix.txt
2010-06-03 09:52:35 ----SHD---- C:\Config.Msi
2010-06-03 09:07:36 ----D---- C:\Program Files\Enigma Software Group
2010-06-03 09:07:10 ----D---- C:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-03 09:07:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-02 17:15:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-06-02 17:15:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-01 11:04:55 ----A---- C:\WINDOWS\rlpolk.ini
2010-06-01 11:04:13 ----A---- C:\WINDOWS\rlpolk.dll
2010-06-01 10:40:18 ----D---- C:\pcvina
2010-05-28 17:06:20 ----D---- C:\TaskCoachPortable
2010-05-28 08:39:42 ----D---- C:\WINDOWS\SQLTools9_KB970892_ENU
2010-05-28 08:37:51 ----D---- C:\WINDOWS\RS9_KB970892_ENU
2010-05-28 08:36:59 ----D---- C:\WINDOWS\OLAP9_KB970892_ENU
2010-05-28 08:34:31 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2010-05-25 16:11:53 ----D---- C:\Files
2010-05-24 09:57:09 ----A---- C:\WINDOWS\system32\sdu1ml3.dll
2010-05-24 09:57:08 ----A---- C:\WINDOWS\system32\sdu1mci.exe
2010-05-24 09:57:08 ----A---- C:\WINDOWS\system32\sdu1mci.dll
2010-05-24 09:48:23 ----A---- C:\WINDOWS\system32\softcoin.dll
2010-05-24 09:48:23 ----A---- C:\WINDOWS\system32\gencoin.dll
2010-05-24 09:12:08 ----A---- C:\WINDOWS\system32\dlxbuzil.dll
2010-05-17 08:45:34 ----D---- C:\Documents and Settings\mickael\Application Data\Windows Small Business Server
2010-05-16 13:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-16 13:53:22 ----D---- C:\Program Files\Windows Small Business Server

======List of files/folders modified in the last 1 months======

2010-06-09 08:52:40 ----D---- C:\WINDOWS\Temp
2010-06-09 08:52:34 ----RD---- C:\Program Files
2010-06-09 08:34:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-09 08:33:48 ----D---- C:\WINDOWS\system32\inetsrv
2010-06-09 00:45:50 ----D---- C:\WINDOWS\security
2010-06-08 23:34:15 ----D---- C:\WINDOWS
2010-06-08 19:31:03 ----HD---- C:\$AVG8.VAULT$
2010-06-08 17:33:44 ----HD---- C:\WINDOWS\inf
2010-06-08 15:23:19 ----D---- C:\WINDOWS\system32
2010-06-08 12:03:19 ----D---- C:\Program Files\Portal4Law
2010-06-08 10:23:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-04 11:11:05 ----D---- C:\WINDOWS\system32\drivers
2010-06-03 17:13:08 ----D---- C:\Documents and Settings\mickael\Application Data\vlc
2010-06-03 15:33:03 ----D---- C:\Documents and Settings\mickael\Application Data\dvdcss
2010-06-03 14:29:03 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-03 14:14:19 ----D---- C:\WINDOWS\Registration
2010-06-03 14:13:24 ----SHD---- C:\WINDOWS\CSC
2010-06-03 14:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2010-06-03 14:00:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-03 10:48:00 ----SHD---- C:\WINDOWS\Installer
2010-06-03 10:47:57 ----D---- C:\WINDOWS\WinSxS
2010-06-03 10:47:38 ----D---- C:\Program Files\Common Files
2010-06-03 10:09:31 ----D---- C:\Documents and Settings\mickael\Application Data\Thunderbird
2010-06-03 10:09:31 ----D---- C:\Documents and Settings\mickael\Application Data\Mozilla
2010-06-03 09:52:40 ----SD---- C:\Documents and Settings\mickael\Application Data\Microsoft
2010-06-03 09:02:41 ----D---- C:\Program Files\Mozilla Firefox
2010-06-02 21:16:47 ----D---- C:\WINDOWS\system32\FxsTmp
2010-06-02 17:33:20 ----ASH---- C:\boot.ini
2010-06-02 17:33:20 ----A---- C:\WINDOWS\win.ini
2010-06-02 17:33:20 ----A---- C:\WINDOWS\system.ini
2010-06-02 16:57:28 ----D---- C:\WINDOWS\Prefetch
2010-06-02 16:02:59 ----HD---- C:\Program Files\wow
2010-06-02 09:52:46 ----D---- C:\Documents and Settings\mickael\Application Data\VMware
2010-06-01 10:40:15 ----D---- C:\WINDOWS\system
2010-05-28 12:02:53 ----RSD---- C:\WINDOWS\assembly
2010-05-28 12:02:53 ----D---- C:\WINDOWS\Microsoft.NET
2010-05-28 08:41:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-28 08:41:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-28 08:41:23 ----D---- C:\Program Files\Microsoft SQL Server
2010-05-26 08:33:15 ----D---- C:\temp
2010-05-24 12:26:42 ----D---- C:\dell
2010-05-17 16:57:34 ----D---- C:\Documents and Settings\mickael\Application Data\Apple Computer
2010-05-17 08:40:00 ----D---- C:\Documents and Settings
2010-05-17 08:05:23 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-16 13:55:33 ----SHD---- C:\WINDOWS\system32\dllcache
2010-05-16 13:55:32 ----D---- C:\Program Files\Outlook Express
2010-05-12 14:15:08 ----D---- C:\Program Files\RocketDock
2010-05-11 14:13:12 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-26 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 dvdmmg;dvdmmg; \??\C:\WINDOWS\system32\drivers\dvdmmg.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2010-01-22 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-08-28 156160]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2010-01-22 16560]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2010-01-22 31280]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASFIPmon;Broadcom ASF IP Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-03-17 65536]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-31 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-31 297752]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 DbgSvc;Debug Diagnostic Service; C:\Program Files\IIS Resources\DebugDiag\DbgSVC.Exe [2006-01-13 304208]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 95592]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2009-05-27 14950232]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-05-27 13672]
R2 RXAPI;RXAPI; C:\Program Files\ooRexx\rxapi.exe [2007-10-30 61440]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-01-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2010-01-22 334384]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2010-01-22 395824]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
S2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2006-01-09 49152]
S2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 dkab_device;dkab_device; C:\WINDOWS\system32\DKabcoms.exe [2006-10-21 508824]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Portal.Service;Portal.Service; C:\3.4\3.4\Server\build\Debug\Portal.Server.exe [2008-10-24 469504]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2009-10-12 191024]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

-----------------EOF-----------------
ekimt7
Active Member
 
Posts: 5
Joined: June 4th, 2010, 1:36 pm

Re: Cannot remove Virtumondo spyware

Unread postby askey127 » June 9th, 2010, 12:48 pm

ekimt7,
This looks a lot like a business computer.
Tell me about that.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Cannot remove Virtumondo spyware

Unread postby ekimt7 » June 9th, 2010, 1:56 pm

I have a home business indeed
ekimt7
Active Member
 
Posts: 5
Joined: June 4th, 2010, 1:36 pm

Re: Cannot remove Virtumondo spyware

Unread postby askey127 » June 9th, 2010, 2:28 pm

I am sorry, but the policy of this forum does not allow helping remove infections from business computers.
That is true regardless of whether the machine is part of a corporation or just a single unit used for a family business.

The online anti-malware community primarily serves home users, and is not ideally suited to deal with situations that are best handled by a company's own IT department, or a commercial PC Security/Repair service. All companies have their own set of policies and procedures for handling situations like this. Since this computer has been identified as infected, you are advised to seek the assistance of your company's IT department or a commercial PC Security/Repair service to handle the situation.

In addition, there are data protection laws in many countries. If the machine is suspected of being "owned" or taken over by an outside force, and it has sensitive data stored on it, it could be a reportable incident under data protection laws. For instance, it is possible that a machine could have credit card data, or other sensitive customer information that could now be compromised.

Since this issue involves a machine that is used for business purposes, our policy is that it falls outside the scope of this forum. Therefore, this topic is now closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware