Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with malware removal just added uninstall list

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 2nd, 2010, 5:44 pm

comp seems to be running okay.. tried a couple different sites and i didnt get any redirects-yet. so what should i do from here to make sure this comp stays clean??




2010/08/16 10:58:50.0921 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23
2010/08/16 10:58:50.0921 ================================================================================
2010/08/16 10:58:50.0921 SystemInfo:
2010/08/16 10:58:50.0921
2010/08/16 10:58:50.0921 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/16 10:58:50.0921 Product type: Workstation
2010/08/16 10:58:50.0921 ComputerName: SELF-29AB0C6D32
2010/08/16 10:58:50.0921 UserName: debra
2010/08/16 10:58:50.0921 Windows directory: C:\WINDOWS
2010/08/16 10:58:50.0921 System windows directory: C:\WINDOWS
2010/08/16 10:58:50.0921 Processor architecture: Intel x86
2010/08/16 10:58:50.0921 Number of processors: 2
2010/08/16 10:58:50.0921 Page size: 0x1000
2010/08/16 10:58:50.0921 Boot type: Normal boot
2010/08/16 10:58:50.0921 ================================================================================
2010/08/16 10:58:51.0125 Initialize success
2010/08/16 10:58:54.0218 ================================================================================
2010/08/16 10:58:54.0218 Scan started
2010/08/16 10:58:54.0218 Mode: Manual;
2010/08/16 10:58:54.0218 ================================================================================
2010/08/16 10:58:55.0281 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/16 10:58:55.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/16 10:58:55.0484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/16 10:58:55.0562 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/08/16 10:58:55.0625 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2010/08/16 10:58:55.0781 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/08/16 10:58:55.0890 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/16 10:58:56.0046 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
2010/08/16 10:58:56.0062 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/16 10:58:56.0093 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/16 10:58:56.0171 AtcL002 (cba10ed5a5981fe6122b6e7460df939b) C:\WINDOWS\system32\DRIVERS\l251x86.sys
2010/08/16 10:58:56.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/16 10:58:56.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/16 10:58:56.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/16 10:58:56.0390 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/16 10:58:56.0437 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/16 10:58:56.0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/16 10:58:56.0546 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/16 10:58:56.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/16 10:58:56.0703 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/16 10:58:56.0750 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/16 10:58:56.0796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/16 10:58:56.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/16 10:58:56.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/16 10:58:56.0906 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/16 10:58:56.0968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/16 10:58:57.0000 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/16 10:58:57.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/16 10:58:57.0046 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/16 10:58:57.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/16 10:58:57.0187 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/08/16 10:58:57.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/16 10:58:57.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/16 10:58:57.0375 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/16 10:58:57.0437 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/16 10:58:57.0468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/16 10:58:57.0500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/16 10:58:57.0578 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/16 10:58:57.0593 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/16 10:58:57.0609 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/16 10:58:57.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/16 10:58:57.0734 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/16 10:58:57.0968 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/16 10:58:58.0250 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/16 10:58:58.0500 IntcAzAudAddService (83e8ff9bf94f1024b73d091ef4f86abe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/16 10:58:58.0562 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/16 10:58:58.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/16 10:58:58.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/16 10:58:58.0640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/16 10:58:58.0671 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/16 10:58:58.0687 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/16 10:58:58.0734 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/16 10:58:58.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/16 10:58:58.0812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/16 10:58:58.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/16 10:58:58.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/16 10:58:59.0046 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/16 10:58:59.0109 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/16 10:58:59.0187 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/08/16 10:58:59.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/16 10:58:59.0312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/16 10:58:59.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/16 10:58:59.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/16 10:58:59.0437 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/16 10:58:59.0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/16 10:58:59.0531 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/16 10:58:59.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/16 10:58:59.0703 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/16 10:58:59.0765 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/16 10:58:59.0859 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/08/16 10:58:59.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/16 10:58:59.0968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/16 10:59:00.0140 NAVAP (2ad1063012e368cfbfa9b722b956da69) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
2010/08/16 10:59:00.0171 NAVAPEL (cf6d11461d60de5580da9d63886bf05f) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
2010/08/16 10:59:00.0312 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVENG.sys
2010/08/16 10:59:00.0406 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVEX15.sys
2010/08/16 10:59:00.0765 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/16 10:59:00.0828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/16 10:59:00.0843 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/16 10:59:00.0875 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/16 10:59:00.0890 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/16 10:59:00.0937 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/16 10:59:00.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/16 10:59:00.0984 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/16 10:59:01.0031 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/16 10:59:01.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/16 10:59:01.0078 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/16 10:59:01.0156 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/16 10:59:01.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/16 10:59:01.0203 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/16 10:59:01.0234 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/16 10:59:01.0281 ousb2hub (aa0d7d842419ba184c5000903bd1abb2) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
2010/08/16 10:59:01.0343 ousbehci (9409728ead0c902c2b650c36ccfd7376) C:\WINDOWS\system32\Drivers\ousbehci.sys
2010/08/16 10:59:01.0359 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/16 10:59:01.0375 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/16 10:59:01.0406 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/16 10:59:01.0484 PCGenFAM (69027a9610dfad4143d7ed09e9742025) C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys
2010/08/16 10:59:01.0546 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/16 10:59:01.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/16 10:59:01.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/16 10:59:01.0812 Pnp680r (c10f672b794dc67c96ae1392bfec8585) C:\WINDOWS\system32\DRIVERS\pnp680r.sys
2010/08/16 10:59:01.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/16 10:59:01.0875 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/16 10:59:01.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/16 10:59:02.0000 PxHelp20 (e70bf61ff293370b58909fc9727c8187) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/16 10:59:02.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/16 10:59:02.0468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/16 10:59:02.0515 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/16 10:59:02.0531 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/16 10:59:02.0593 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/16 10:59:02.0656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/16 10:59:02.0718 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/16 10:59:02.0828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/16 10:59:02.0890 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/16 10:59:02.0984 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/08/16 10:59:03.0125 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/16 10:59:03.0140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/16 10:59:03.0218 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/16 10:59:03.0250 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/16 10:59:03.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/16 10:59:03.0312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/16 10:59:03.0375 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/16 10:59:03.0421 SoC PC-Camera Service (0c9187b87c1fc96d78094bead9b4df3b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2010/08/16 10:59:03.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/16 10:59:03.0609 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/16 10:59:03.0656 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/16 10:59:03.0718 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/16 10:59:03.0765 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/16 10:59:03.0781 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/16 10:59:03.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/16 10:59:03.0968 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
2010/08/16 10:59:04.0015 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/16 10:59:04.0062 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/16 10:59:04.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/16 10:59:04.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/16 10:59:04.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/16 10:59:04.0312 UBFWNet (9c93235868b792721a6d186af0c1dd82) C:\WINDOWS\system32\DRIVERS\ubfwnet.sys
2010/08/16 10:59:04.0406 ubohci (3f1d67e8b582fd6879931415413ae976) C:\WINDOWS\system32\DRIVERS\ubohci.sys
2010/08/16 10:59:04.0421 ubsbm (08368447b8c4bac234cc96dbd1b309df) C:\WINDOWS\system32\DRIVERS\ubsbm.sys
2010/08/16 10:59:04.0437 ubumapi (8ad380366dadf92cf859e02487b220cf) C:\WINDOWS\system32\DRIVERS\ubumapi.sys
2010/08/16 10:59:04.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/16 10:59:04.0531 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/16 10:59:04.0593 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/16 10:59:04.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/16 10:59:04.0734 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/16 10:59:04.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/16 10:59:04.0828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/16 10:59:04.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/16 10:59:04.0921 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/16 10:59:05.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/16 10:59:05.0125 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/16 10:59:05.0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/16 10:59:05.0203 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/08/16 10:59:05.0296 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/08/16 10:59:05.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/16 10:59:05.0453 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/16 10:59:05.0546 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/16 10:59:05.0593 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/16 10:59:05.0625 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/16 10:59:05.0656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/16 10:59:05.0687 ================================================================================
2010/08/16 10:59:05.0687 Scan finished
2010/08/16 10:59:05.0687 ================================================================================
2010/08/16 10:59:17.0265 ================================================================================
2010/08/16 10:59:17.0265 Scan started
2010/08/16 10:59:17.0265 Mode: Manual;
2010/08/16 10:59:17.0265 ================================================================================
2010/08/16 10:59:17.0609 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/16 10:59:17.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/16 10:59:17.0781 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/16 10:59:17.0812 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/08/16 10:59:17.0890 AFD (4d43e74f2a1239d53929b82600f1971c) C:\WINDOWS\System32\drivers\afd.sys
2010/08/16 10:59:18.0093 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/08/16 10:59:18.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/16 10:59:18.0468 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
2010/08/16 10:59:18.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/16 10:59:18.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/16 10:59:18.0640 AtcL002 (cba10ed5a5981fe6122b6e7460df939b) C:\WINDOWS\system32\DRIVERS\l251x86.sys
2010/08/16 10:59:18.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/16 10:59:18.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/16 10:59:18.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/16 10:59:18.0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/16 10:59:18.0859 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/16 10:59:18.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/16 10:59:18.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/16 10:59:18.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/16 10:59:19.0203 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/16 10:59:19.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/16 10:59:19.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/16 10:59:19.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/16 10:59:19.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/16 10:59:19.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/16 10:59:19.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/16 10:59:19.0609 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/16 10:59:19.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/16 10:59:19.0656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/16 10:59:19.0734 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/16 10:59:19.0796 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
2010/08/16 10:59:19.0843 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/16 10:59:19.0859 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/16 10:59:19.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/16 10:59:19.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/16 10:59:20.0015 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/16 10:59:20.0062 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/16 10:59:20.0109 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/16 10:59:20.0109 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/16 10:59:20.0156 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/16 10:59:20.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/16 10:59:20.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/16 10:59:20.0562 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/16 10:59:20.0625 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/16 10:59:20.0953 IntcAzAudAddService (83e8ff9bf94f1024b73d091ef4f86abe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/16 10:59:21.0062 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/16 10:59:21.0093 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/16 10:59:21.0125 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/16 10:59:21.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/16 10:59:21.0171 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/16 10:59:21.0218 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/16 10:59:21.0281 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/16 10:59:21.0359 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/16 10:59:21.0375 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/16 10:59:21.0453 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/16 10:59:21.0500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/16 10:59:21.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/16 10:59:21.0640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/16 10:59:21.0734 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/08/16 10:59:21.0796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/16 10:59:21.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/16 10:59:21.0875 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/16 10:59:21.0953 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/16 10:59:22.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/16 10:59:22.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/16 10:59:22.0218 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/16 10:59:22.0234 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/16 10:59:22.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/16 10:59:22.0375 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/16 10:59:22.0500 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/08/16 10:59:22.0562 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/16 10:59:22.0640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/16 10:59:22.0796 NAVAP (2ad1063012e368cfbfa9b722b956da69) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys
2010/08/16 10:59:22.0796 NAVAPEL (cf6d11461d60de5580da9d63886bf05f) C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS
2010/08/16 10:59:22.0953 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVENG.sys
2010/08/16 10:59:23.0031 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVEX15.sys
2010/08/16 10:59:23.0203 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/16 10:59:23.0265 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/16 10:59:23.0281 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/16 10:59:23.0296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/16 10:59:23.0312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/16 10:59:23.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/16 10:59:23.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/16 10:59:23.0484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/16 10:59:23.0531 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/16 10:59:23.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/16 10:59:23.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/16 10:59:23.0796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/16 10:59:23.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/16 10:59:23.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/16 10:59:23.0890 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/16 10:59:23.0968 ousb2hub (aa0d7d842419ba184c5000903bd1abb2) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
2010/08/16 10:59:24.0000 ousbehci (9409728ead0c902c2b650c36ccfd7376) C:\WINDOWS\system32\Drivers\ousbehci.sys
2010/08/16 10:59:24.0015 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/16 10:59:24.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/16 10:59:24.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/16 10:59:24.0125 PCGenFAM (69027a9610dfad4143d7ed09e9742025) C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys
2010/08/16 10:59:24.0156 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/16 10:59:24.0312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/16 10:59:24.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/16 10:59:24.0656 Pnp680r (c10f672b794dc67c96ae1392bfec8585) C:\WINDOWS\system32\DRIVERS\pnp680r.sys
2010/08/16 10:59:24.0687 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/16 10:59:24.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/16 10:59:24.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/16 10:59:24.0796 PxHelp20 (e70bf61ff293370b58909fc9727c8187) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/16 10:59:24.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/16 10:59:25.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/16 10:59:25.0093 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/16 10:59:25.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/16 10:59:25.0171 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/16 10:59:25.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/16 10:59:25.0265 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/16 10:59:25.0312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/16 10:59:25.0343 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/16 10:59:25.0421 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/08/16 10:59:25.0546 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/16 10:59:25.0562 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/16 10:59:25.0625 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/16 10:59:25.0656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/16 10:59:25.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/16 10:59:25.0718 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/16 10:59:25.0796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/16 10:59:25.0828 SoC PC-Camera Service (0c9187b87c1fc96d78094bead9b4df3b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2010/08/16 10:59:25.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/16 10:59:26.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/16 10:59:26.0046 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/16 10:59:26.0109 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/08/16 10:59:26.0156 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/16 10:59:26.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/16 10:59:26.0281 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/16 10:59:26.0437 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
2010/08/16 10:59:26.0484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/16 10:59:26.0531 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/16 10:59:26.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/16 10:59:26.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/16 10:59:26.0718 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/16 10:59:26.0765 UBFWNet (9c93235868b792721a6d186af0c1dd82) C:\WINDOWS\system32\DRIVERS\ubfwnet.sys
2010/08/16 10:59:26.0843 ubohci (3f1d67e8b582fd6879931415413ae976) C:\WINDOWS\system32\DRIVERS\ubohci.sys
2010/08/16 10:59:26.0875 ubsbm (08368447b8c4bac234cc96dbd1b309df) C:\WINDOWS\system32\DRIVERS\ubsbm.sys
2010/08/16 10:59:26.0890 ubumapi (8ad380366dadf92cf859e02487b220cf) C:\WINDOWS\system32\DRIVERS\ubumapi.sys
2010/08/16 10:59:26.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/16 10:59:27.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/16 10:59:27.0093 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/16 10:59:27.0125 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/16 10:59:27.0171 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/16 10:59:27.0218 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/16 10:59:27.0281 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/16 10:59:27.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/16 10:59:27.0359 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/16 10:59:27.0453 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/16 10:59:27.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/16 10:59:27.0546 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/16 10:59:27.0593 vulfnths (c0f55cc0903cfdc819f6d857402b697c) C:\WINDOWS\System32\Drivers\vulfnth.sys
2010/08/16 10:59:27.0640 vulfntrs (545d98a7f61af1c7c4ad38b8f333e0b7) C:\WINDOWS\System32\Drivers\vulfntr.sys
2010/08/16 10:59:27.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/16 10:59:27.0734 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/16 10:59:27.0796 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/16 10:59:27.0875 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/16 10:59:27.0921 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/16 10:59:27.0968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/16 10:59:28.0015 ================================================================================
2010/08/16 10:59:28.0015 Scan finished
2010/08/16 10:59:28.0015 ================================================================================

ComboFix 10-10-01.07 - debra 10/02/2010 17:24:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1484 [GMT -4:00]
Running from: c:\documents and settings\debra\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 21:20 . 2010-10-02 21:20 -------- d-----w- c:\windows\LastGood
2010-10-02 21:15 . 2010-10-02 21:15 -------- d-----w- C:\_OTL
2010-10-01 19:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 19:54 . 2010-10-01 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 19:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 23:46 . 2010-09-30 23:46 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-25 20:19 . 2010-09-25 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-09-12 15:39 . 2010-09-12 15:39 -------- d-----w- c:\program files\EMET
2010-09-07 13:43 . 2010-09-07 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-09-07 13:43 . 2010-09-07 13:43 -------- d-----w- c:\program files\Panda USB Vaccine
2010-09-06 14:39 . 2010-09-20 12:07 -------- d-----w- c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 21:16 . 2010-06-23 07:17 4959136 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-10-01 19:54 . 2009-08-14 01:12 -------- d-----w- c:\documents and settings\debra\Application Data\Malwarebytes
2010-10-01 19:54 . 2009-08-14 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-30 23:59 . 2010-03-21 18:06 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-30 09:15 . 2009-04-20 23:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-24 21:47 . 2010-05-30 13:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-22 23:16 . 2010-05-03 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 21:06 . 2010-05-03 15:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-15 20:43 . 2009-04-21 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-09 15:35 . 2010-09-09 15:35 46448 ----a-w- c:\windows\apppatch\AppPatch64\EMET64.dll
2010-09-09 15:35 . 2010-09-09 15:35 43888 ----a-w- c:\windows\apppatch\EMET.dll
2010-08-31 22:25 . 2010-08-31 22:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-08-31 22:23 . 2009-05-03 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-28 20:18 . 2010-08-28 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-27 22:34 . 2010-08-27 22:34 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-25 22:13 . 2009-05-25 03:55 -------- d-----w- c:\program files\Java
2010-08-23 11:14 . 2010-08-23 11:14 96 ----a-w- C:\pwd_vault.dat
2010-08-21 18:14 . 2009-04-20 21:06 -------- d-----w- c:\program files\Google
2010-08-19 08:25 . 2010-08-16 15:51 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-17 13:17 . 2008-04-14 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 15:51 . 2010-08-16 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-16 15:51 . 2010-08-16 15:51 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-15 15:00 . 2010-07-11 16:35 -------- d-----w- c:\program files\Billeo
2010-08-08 18:32 . 2010-08-08 18:32 61440 ----a-w- c:\documents and settings\debra\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-62caeb72-n\decora-sse.dll
2010-08-08 18:32 . 2010-08-08 18:32 503808 ----a-w- c:\documents and settings\debra\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4adf190b-n\msvcp71.dll
2010-08-08 18:32 . 2010-08-08 18:32 499712 ----a-w- c:\documents and settings\debra\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4adf190b-n\jmc.dll
2010-08-08 18:32 . 2010-08-08 18:32 348160 ----a-w- c:\documents and settings\debra\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4adf190b-n\msvcr71.dll
2010-08-08 18:32 . 2010-08-08 18:32 12800 ----a-w- c:\documents and settings\debra\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-62caeb72-n\decora-d3d.dll
2010-08-08 16:52 . 2010-08-08 16:52 -------- d-----w- c:\program files\Microsoft.NET
2010-08-08 15:22 . 2010-08-08 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-05 21:22 . 2010-08-05 21:22 -------- d-----w- c:\program files\Trend Micro
2010-07-27 19:42 . 2010-07-27 19:42 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-27 19:42 . 2010-07-27 19:42 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-27 19:42 . 2010-07-27 19:42 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-27 19:42 . 2010-07-27 19:42 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-27 19:42 . 2010-07-27 19:42 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-27 19:42 . 2010-07-27 19:42 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-27 19:42 . 2010-07-27 19:42 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-27 19:42 . 2010-07-27 19:42 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-27 19:42 . 2010-07-07 18:26 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-22 15:49 . 2008-04-14 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-21 23:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-08 21:06 . 2010-07-08 21:07 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-08 21:06 . 2010-07-08 21:07 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-31 14:37 . 2009-08-30 20:28 21 ----a-w- c:\program files\Common Files\appop.log
2010-05-24 15:43 . 2010-05-24 15:43 2 --shatr- c:\windows\winstart.bat
2009-04-20 21:03 . 2009-04-20 21:03 8 --sh--r- c:\windows\system32\697C466700.sys
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-26_12.13.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 19:08 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-07-12 19:08 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2009-09-16 21:55 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-09-16 21:55 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2009-04-20 01:24 . 2010-09-22 09:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-20 01:24 . 2010-09-29 09:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-29 09:16 . 2010-09-29 09:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-04-20 01:24 . 2010-09-22 09:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-06-04 23:01 . 2010-09-02 21:24 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 23:01 . 2010-09-29 17:47 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2009-04-20 21:36 . 2010-09-15 20:40 35552200 c:\windows\system32\MRT.exe
+ 2009-04-20 21:36 . 2010-09-10 18:34 35552200 c:\windows\system32\MRT.exe
+ 2010-09-29 17:47 . 2010-09-29 17:47 20303872 c:\windows\Installer\1d3d318.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [6/21/2010 9:29 AM 179656]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [8/31/2009 9:02 AM 46080]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [6/17/2010 7:14 PM 338464]
R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [11/8/2006 3:49 AM 16384]
R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [11/8/2006 3:50 AM 37888]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [8/31/2009 9:02 AM 56960]
R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [11/30/2006 4:25 AM 91648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/2/2009 4:28 PM 1684736]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/26/2009 2:53 PM 18560]
S3 gupdate1ca29aea165fa46;Google Update Service (gupdate1ca29aea165fa46);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2009 4:15 PM 133104]
S3 LSICIMProvider;LSICIMProvider;c:\program files\LSICim\javaserv.exe [8/31/2009 9:41 AM 69632]
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [12/5/2006 3:37 AM 24576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 20:15]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-30 20:15]

2010-10-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2010-10-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-10-02 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-09-07 20:45]

2010-10-02 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-492894223-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2010-10-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-492894223-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{10F31AF9-7D8F-44B2-935E-1AEE982D53D5}.job
- c:\windows\system32\msfeedssync.exe [2008-07-12 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\debra\Application Data\Mozilla\Firefox\Profiles\xycdoetz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\debra\Application Data\Mozilla\Firefox\Profiles\xycdoetz.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.01.06.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-492894223-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-02 17:29:38
ComboFix-quarantined-files.txt 2010-10-02 21:29
ComboFix2.txt 2010-09-26 14:49
ComboFix3.txt 2010-09-26 12:14

Pre-Run: 191,063,314,432 bytes free
Post-Run: 191,036,739,584 bytes free

- - End Of File - - C1382E087E5640F363162776194417A5

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3215F20-3212-11D6-9F8B-00D0B743919D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun- deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun- deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun- deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun- deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\AUTOEXEC.BAT moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\debra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\xml\schemas folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\xml\misc folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\xml\data folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\xml folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\tvimages folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\themes\blue folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\themes folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\images folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\tv1 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\search2 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\search1 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\radio1 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\scripts folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\images\ui folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\images\content folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\images folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\css folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2\content folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro2 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\intro1 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data\games1 folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\data folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\debra\Application Data\MP3Rocket folder moved successfully.
C:\TDSSKiller.2.4.1.2_16.08.2010_10.58.50_log.txt moved successfully.
C:\Documents and Settings\debra\Application Data\敎潲䍄敔灭慬整sAppData folder moved successfully.
Folder C:\Documents and Settings\debra\Application Data\敎潲䍄敔灭慬整sAppData\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: debra
->Temp folder emptied: 2354308 bytes
->Temporary Internet Files folder emptied: 35441831 bytes
->Java cache emptied: 150974 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 104294 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 14586 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: debra
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.14.1 log created on 10022010_171559

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF2E3A.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF2E4D.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3986.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3A1B.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3AF1.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3AFC.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3C0C.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temp\~DF3C1B.tmp not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\game_20c[1].js not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\gn_nav2_CW_top._V192565983_[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\icns_pagination._V222502161_[1].png not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\IMG_InactiveSB_Tab[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\inlineskates[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\jquery.countdown.min[1].js not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\MP10000771562_P255045_180X180[1].jpg not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\OOFOGEV3_Thumbnail[1].jpg not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\OOFOGEW1_Thumbnail[1].jpg not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\p13n_generated[2].js not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\p13n_generated[4].js not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\qiOverlay121._V222970125_[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\Resonance[1].aspx not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\result[1].htm not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\s2slogo_77x17[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\s7_114150_imageset_01[1].jpg not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\s7_229126_imageset_02[1].jpg not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\sa_listTop[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\searchCA8SETYK.htm not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\searchCAZ9YYQV.htm not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\s_code[3].js not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\targetList_base._V218317065_[1].gif not found!
File\Folder C:\Documents and Settings\debra\Local Settings\Temporary Internet Files\Content.IE5\VYX86HXS\top_index2_steps[1].jpg not found!

Registry entries deleted on Reboot...
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm
Advertisement
Register to Remove

Re: help with malware removal just added uninstall list

Unread postby jmw3 » October 3rd, 2010, 12:53 am

Hi

Looking good.

ESET Online Scanner
Go here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 3rd, 2010, 12:03 pm

wgen i opened the page to download, i also got that crazy wordlife webpage in my taskbar. when i try to close it from there, it opens up before it will let me close it.
here is the log requested. should i leave this program om the comp? it did ask if i wanted to delete it upon exit, but i just left it cuz i wasn't sure.
thanks :D


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fb391fd8f17f14458953904597fbce52
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-03 03:50:05
# local_time=2010-10-03 11:50:05 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 4987399 4987399 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=108231
# found=2
# cleaned=0
# scan_time=3839
C:\Documents and Settings\debra\My Documents\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\Documents and Settings\debra\My Documents\Nero-9.4.13.2d_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 6th, 2010, 9:43 am

Hello sunny21b,

I apologize for the delay getting back to you. My name is Wingman. jmw3 has been unavoidably pulled away on another matter.
I will be assisting you.
Please allow me some time to review your situation and logs. I will get back to you as soon as possible. Thanks.

Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 6th, 2010, 5:24 pm

thanks
thats cool. i just appreciate the help. :alien:
sunny21b
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 6th, 2010, 6:56 pm

Hello sunny21b,

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please tell me, are you still not able to download MBAM and update it?

Step 1.
ERUNT - Emergency Recovery Utility NT
If you already have this program installed, please proceed to the Run: portion of these instructions.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings...
  4. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
    Say "NO" if prompted or asked if you want to add ERUNT to the Start-Up folder. You can enable this later.
  5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  6. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
You need to be connected to the Internet, so RSIT can download HijackThis, if needed.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    These log files can be found in the C:\RSIT folder
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Answer to my question.
  3. RSIT log.txt and info.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 7th, 2010, 6:30 am

hi
i still could not update malwarebytes. still getting page popups and redirects. didnt have any problems running programs. thanks.
i only ended up with one log tho.

Logfile of random's system information tool 1.08 (written by random/random)
Run by debra at 2010-10-07 06:28:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 182 GB (60%) free of 305 GB
Total RAM: 2039 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:40 AM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
C:\Program Files\LSICim\javaserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\debra\Desktop\RSIT.exe
C:\Program Files\trend micro\debra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0262021093
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Update Service (gupdate1ca29aea165fa46) (gupdate1ca29aea165fa46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LSICIMProvider - Unknown owner - C:\Program Files\LSICim\javaserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 10761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\PandaUSBVaccine.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-492894223-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-492894223-682003330-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{10F31AF9-7D8F-44B2-935E-1AEE982D53D5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-27 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}]
Billeo - C:\Program Files\Billeo\billeo.dll [2010-06-16 3620688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - Billeo - C:\Program Files\Billeo\billeo.dll [2010-06-16 3620688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-10-07 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-07-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun-"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Soluto\Soluto.exe"="C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray"
"C:\Program Files\Soluto\SolutoService.exe"="C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service"
"C:\Program Files\Soluto\SolutoConsole.exe"="C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console"
"C:\Program Files\Soluto\SolutoUpdateService.exe"="C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-10-07 06:22:32 ----D---- C:\rsit
2010-10-07 06:16:54 ----D---- C:\Program Files\ERUNT
2010-10-03 12:16:32 ----SHD---- C:\RECYCLER
2010-10-03 10:42:52 ----D---- C:\Program Files\ESET
2010-10-02 17:29:39 ----D---- C:\WINDOWS\temp
2010-10-02 17:29:38 ----A---- C:\ComboFix.txt
2010-10-02 17:22:17 ----D---- C:\ComboFix
2010-10-02 17:15:59 ----D---- C:\_OTL
2010-10-01 21:06:07 ----A---- C:\traceroute_malwarebytes_cdn.txt
2010-10-01 15:54:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-01 15:54:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-01 15:54:07 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-01 05:16:23 ----ASH---- C:\hiberfil.sys
2010-09-30 17:08:57 ----A---- C:\TDSSKiller.2.4.3.0_30.09.2010_17.08.57_log.txt
2010-09-29 13:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-26 08:09:46 ----A---- C:\Boot.bak
2010-09-26 08:09:41 ----RASHD---- C:\cmdcons
2010-09-26 08:07:09 ----A---- C:\WINDOWS\zip.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWSC.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWREG.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\sed.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\PEV.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\MBR.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\grep.exe
2010-09-26 08:07:04 ----D---- C:\WINDOWS\ERDNT
2010-09-26 08:06:42 ----D---- C:\Qoobox
2010-09-25 16:19:43 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\java.exe
2010-09-15 16:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 16:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 16:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 16:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 16:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 16:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 16:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-12 11:39:53 ----D---- C:\Program Files\EMET

======List of files/folders modified in the last 1 months======

2010-10-07 06:28:39 ----D---- C:\Program Files\Trend Micro
2010-10-07 06:25:41 ----D---- C:\WINDOWS\Prefetch
2010-10-07 06:25:00 ----D---- C:\WINDOWS\system32\config
2010-10-07 06:23:46 ----SD---- C:\WINDOWS\Tasks
2010-10-07 06:16:54 ----RD---- C:\Program Files
2010-10-07 05:22:56 ----A---- C:\WINDOWS\lgfwup.ini
2010-10-06 21:06:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-06 18:08:28 ----RSD---- C:\WINDOWS\assembly
2010-10-06 18:07:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-06 17:52:27 ----D---- C:\WINDOWS
2010-10-06 17:49:49 ----D---- C:\WINDOWS\system32\drivers
2010-10-06 05:50:27 ----D---- C:\Config.Msi
2010-10-06 05:49:53 ----SHD---- C:\WINDOWS\Installer
2010-10-06 05:49:52 ----D---- C:\WINDOWS\system32
2010-10-06 05:49:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-06 05:49:47 ----D---- C:\WINDOWS\WinSxS
2010-10-05 17:36:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-03 10:42:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-02 21:08:10 ----HD---- C:\WINDOWS\inf
2010-10-02 21:08:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-02 17:28:33 ----A---- C:\WINDOWS\system.ini
2010-10-02 17:27:26 ----D---- C:\WINDOWS\AppPatch
2010-10-02 17:27:25 ----D---- C:\Program Files\Common Files
2010-10-02 17:16:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-01 15:54:12 ----D---- C:\Documents and Settings\debra\Application Data\Malwarebytes
2010-10-01 15:54:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-30 19:49:14 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-30 19:45:23 ----D---- C:\Documents and Settings
2010-09-30 17:12:04 ----D---- C:\WINDOWS\Minidump
2010-09-30 05:15:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-26 17:56:06 ----D---- C:\WINDOWS\Network Diagnostic
2010-09-26 08:09:46 ----RASH---- C:\boot.ini
2010-09-24 17:47:02 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-24 15:02:14 ----A---- C:\WINDOWS\cdplayer.ini
2010-09-22 19:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 17:06:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-22 17:02:04 ----D---- C:\Program Files\Mozilla Firefox
2010-09-22 15:30:03 ----A---- C:\WINDOWS\win.ini
2010-09-20 08:07:48 ----D---- C:\Program Files\Panda Security
2010-09-16 19:30:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-15 16:43:11 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 16:43:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 16:43:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 16:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-09-10 14:34:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller; C:\WINDOWS\system32\DRIVERS\pnp680r.sys [2007-07-20 110120]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-01-28 36624]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-12 77568]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 NAVAPEL;NAVAPEL; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS []
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2006-03-01 46080]
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2006-11-08 16384]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2006-11-08 37888]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-22 11776]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2008-10-16 30720]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-14 5069312]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 56960]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2006-11-30 91648]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 PCGenFAM;PCGenFAM; C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-12 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\debra\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2009-11-10 18560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-12 61824]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-07-28 136576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ubfwnet.sys [2006-12-05 24576]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-07-12 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-12 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-06-17 338464]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 LSICIMProvider;LSICIMProvider; C:\Program Files\LSICim\javaserv.exe [2009-08-31 69632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S3 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-13 102400]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
S3 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-10-07 32768]
S3 gupdate1ca29aea165fa46;Google Update Service (gupdate1ca29aea165fa46); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-30 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-24 153376]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S3 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-10-07 647168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF----------------
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 7th, 2010, 11:26 am

Hello sunny21b,

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please tell me, are you still not able to download MBAM and update it?
i still could not update malwarebytes.
Are you still getting the same error message as you were before? The 12007 error? If yes, please try the steps below.

i only ended up with one log tho.
If you are referring to the RSIT "info.txt", log, This log file can be found in the C:\RSIT folder
Please post the "info.txt", file contents in your next reply.


Step 1.
ERUNT - Emergency Recovery Utility NT
If you already have this program installed, please proceed to the Run: portion of these instructions.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings...
  4. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
    Say "NO" if prompted or asked if you want to add ERUNT to the Start-Up folder. You can enable this later.
  5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  6. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Automatically Detect Internet Connection
Please choose the appropriate instructions, for the browser you're using.
Internet Explorer
  1. Open Internet Explorer > click Tools > Internet Options > Connections tab.
  2. Click the LAN Settings... button.
  3. Under the Automatic Configuration section, CHECK the "Automatically detect settings" entry.
  4. Click OK...
  5. Click Apply if applicable... then click OK again.
  6. Close Internet Explorer and -restart- the computer.

Firefox
  1. Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  2. Under the Connection section click on the Settings... button.
  3. CHECK the "Auto-detect proxy settings for this network".
  4. Click OK...
  5. Click Apply if applicable... then click OK again.
  6. Close Firefox and -restart- the computer.

Step 3.
Malwarebytes' Anti-Malware
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM updated? MBAM scan results, if applicable.
  3. RSIT info.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 8th, 2010, 7:09 am

no problem with your instructions. very concise. i got that warning your computer may be infected box again when on the internet. still not able to update malwarebytes. still same error message.

info.txt logfile of random's system information tool 1.08 2010-10-07 06:22:36

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66E0EB37-6024-4872-897A-8E83AF1C87CA}\setup.exe" -l0x9
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Atheros Communications Inc.(R) L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
Atheros Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Billeo-->C:\Program Files\Billeo\uninstall.exe
BlackBerry Device Software Updater-->MsiExec.exe /X{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Broderbund Media Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26346FB6-4F69-453D-95CE-B6BA3A5382F8}\setup.exe" -l0x9 AddRem
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
EMET-->MsiExec.exe /I{61F86239-75C5-45AE-ADE8-916C033E11C1}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ffdshow [rev 2583] [2009-01-05]-->"C:\Program Files\ffdshow\unins000.exe"
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPS Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{219BB7DF-83BA-44C6-A362-D17981FBD285}\Setup.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InCD Reader-->MsiExec.exe /X{A27281BC-98AA-4DC8-AA39-20B9E27B1033}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe Applications-->MsiExec.exe /X{535A4F3D-06C3-446C-A2AA-DBB71EC192B8}
LightScribe System Software-->MsiExec.exe /X{705B639E-FAAF-40D7-AD58-C445321C7C3F}
LightScribe Template Designs - Art Pack 1-->MsiExec.exe /X{2CDB2DCD-1153-4ED4-9D0A-606231CEFE9A}
LightScribe Template Designs - Business Pack 1-->MsiExec.exe /X{0345CF70-FA00-4F4E-A218-0FA494F465A4}
LightScribe Template Designs - Food-n-Family Pack 1-->MsiExec.exe /X{B06EFB5F-FDDC-4DA3-BE5C-3E2A72D5BEAE}
LightScribe Template Designs - Mythology Pack 1-->MsiExec.exe /X{18143CE1-430E-4FF3-A44F-811FD2910929}
LightScribe Template Designs - Tribal Pack 1-->MsiExec.exe /X{272F534A-29A8-40D4-8E0C-2A9A596F808D}
LiveUpdate 1.80 (Symantec Corporation)-->C:\PROGRA~1\Symantec\LiveUpdate\LSETUP.EXE /U
LSI CIM Solution 2.00.00-->"C:\Program Files\LSICim\UninstallerData\Uninstall CIM Solution.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - US Topo v3.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD4203ED-7683-435E-B436-C299773A9936}\setup.exe" -l0x9 AddRemove
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MOV to WMV 1.1-->"C:\Program Files\MOV to WMV\unins000.exe"
MovieShop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F695596-85E6-4224-BC70-538F9036797A}\Setup.exe" -l0x9 /removeme/removeme
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Panda USB Vaccine 1.0.1.4-->"C:\Program Files\Panda USB Vaccine\unins000.exe"
PC Camera-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{02BD1C19-5946-4420-BAE3-F742686B3D43} /l1033
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Soluto-->MsiExec.exe /X{1BB649F1-20BA-4A98-8E75-C55146647D04}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
ubCorePro-->C:\Program Files\InstallShield Installation Information\{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980302)-->"C:\WINDOWS\ie8updates\KB980302-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /X{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}
USB97C210 Driver and Icon-->MsiExec.exe /I{CB4EDFCA-66C5-4C01-AA33-C42A2BCA0584}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell(TM) 1.0 MUI pack-->"C:\WINDOWS\$NtUninstallKB926141$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======Hosts File======

::1 localhost

======System event log======

Computer Name: SELF-29AB0C6D32
Event Code: 7034
Message: The LSICIMProvider service terminated unexpectedly. It has done this 1 time(s).

Record Number: 64737
Source Name: Service Control Manager
Time Written: 20101002171559.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 7031
Message: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Record Number: 64736
Source Name: Service Control Manager
Time Written: 20101002171559.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 7034
Message: The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 64735
Source Name: Service Control Manager
Time Written: 20101002171559.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 7000
Message: The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 64696
Source Name: Service Control Manager
Time Written: 20101002171158.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 7023
Message: The HID Input Service service terminated with the following error:
The specified module could not be found.


Record Number: 64695
Source Name: Service Control Manager
Time Written: 20101002171158.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: SELF-29AB0C6D32
Event Code: 1000
Message: Faulting application spybotsd.exe, version 1.6.2.46, faulting module spybotsd.exe, version 1.6.2.46, fault address 0x00001941.

Record Number: 14497
Source Name: Application Error
Time Written: 20101003131012.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 1002
Message: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 14477
Source Name: Application Hang
Time Written: 20101001194349.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 1001
Message: Fault bucket 1180474431.

Record Number: 14476
Source Name: Application Error
Time Written: 20101001155129.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 1000
Message: Faulting application teatimer.exe, version 1.6.6.32, faulting module teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Record Number: 14475
Source Name: Application Error
Time Written: 20101001155119.000000-240
Event Type: error
User:

Computer Name: SELF-29AB0C6D32
Event Code: 1517
Message: Windows saved user SELF-29AB0C6D32\debra registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14454
Source Name: Userenv
Time Written: 20101001151331.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Windows Resource Kits\Tools;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------




Logfile of random's system information tool 1.08 (written by random/random)
Run by debra at 2010-10-07 06:28:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 182 GB (60%) free of 305 GB
Total RAM: 2039 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:40 AM, on 10/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
C:\Program Files\LSICim\javaserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\debra\Desktop\RSIT.exe
C:\Program Files\trend micro\debra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Billeo - {465E08E7-F005-4389-980F-1D8764B3486C} - C:\Program Files\Billeo\billeo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - C:\Program Files\Billeo\billeo.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\Program Files\Billeo\billeo.dll (HKCU)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirements ... b_srlx.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0262021093
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Update Service (gupdate1ca29aea165fa46) (gupdate1ca29aea165fa46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LSICIMProvider - Unknown owner - C:\Program Files\LSICim\javaserv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe

--
End of file - 10761 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\PandaUSBVaccine.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-492894223-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-492894223-682003330-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{10F31AF9-7D8F-44B2-935E-1AEE982D53D5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-07-27 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}]
Billeo - C:\Program Files\Billeo\billeo.dll [2010-06-16 3620688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - Billeo - C:\Program Files\Billeo\billeo.dll [2010-06-16 3620688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-10-07 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-07-12 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun-"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Soluto\Soluto.exe"="C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray"
"C:\Program Files\Soluto\SolutoService.exe"="C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service"
"C:\Program Files\Soluto\SolutoConsole.exe"="C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console"
"C:\Program Files\Soluto\SolutoUpdateService.exe"="C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-10-07 06:22:32 ----D---- C:\rsit
2010-10-07 06:16:54 ----D---- C:\Program Files\ERUNT
2010-10-03 12:16:32 ----SHD---- C:\RECYCLER
2010-10-03 10:42:52 ----D---- C:\Program Files\ESET
2010-10-02 17:29:39 ----D---- C:\WINDOWS\temp
2010-10-02 17:29:38 ----A---- C:\ComboFix.txt
2010-10-02 17:22:17 ----D---- C:\ComboFix
2010-10-02 17:15:59 ----D---- C:\_OTL
2010-10-01 21:06:07 ----A---- C:\traceroute_malwarebytes_cdn.txt
2010-10-01 15:54:08 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-01 15:54:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-01 15:54:07 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-01 05:16:23 ----ASH---- C:\hiberfil.sys
2010-09-30 17:08:57 ----A---- C:\TDSSKiller.2.4.3.0_30.09.2010_17.08.57_log.txt
2010-09-29 13:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-26 08:09:46 ----A---- C:\Boot.bak
2010-09-26 08:09:41 ----RASHD---- C:\cmdcons
2010-09-26 08:07:09 ----A---- C:\WINDOWS\zip.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWSC.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\SWREG.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\sed.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\PEV.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\NIRCMD.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\MBR.exe
2010-09-26 08:07:09 ----A---- C:\WINDOWS\grep.exe
2010-09-26 08:07:04 ----D---- C:\WINDOWS\ERDNT
2010-09-26 08:06:42 ----D---- C:\Qoobox
2010-09-25 16:19:43 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-24 17:47:15 ----A---- C:\WINDOWS\system32\java.exe
2010-09-15 16:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 16:43:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 16:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 16:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 16:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 16:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 16:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-12 11:39:53 ----D---- C:\Program Files\EMET

======List of files/folders modified in the last 1 months======

2010-10-07 06:28:39 ----D---- C:\Program Files\Trend Micro
2010-10-07 06:25:41 ----D---- C:\WINDOWS\Prefetch
2010-10-07 06:25:00 ----D---- C:\WINDOWS\system32\config
2010-10-07 06:23:46 ----SD---- C:\WINDOWS\Tasks
2010-10-07 06:16:54 ----RD---- C:\Program Files
2010-10-07 05:22:56 ----A---- C:\WINDOWS\lgfwup.ini
2010-10-06 21:06:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-06 18:08:28 ----RSD---- C:\WINDOWS\assembly
2010-10-06 18:07:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-06 17:52:27 ----D---- C:\WINDOWS
2010-10-06 17:49:49 ----D---- C:\WINDOWS\system32\drivers
2010-10-06 05:50:27 ----D---- C:\Config.Msi
2010-10-06 05:49:53 ----SHD---- C:\WINDOWS\Installer
2010-10-06 05:49:52 ----D---- C:\WINDOWS\system32
2010-10-06 05:49:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-06 05:49:47 ----D---- C:\WINDOWS\WinSxS
2010-10-05 17:36:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-03 10:42:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-02 21:08:10 ----HD---- C:\WINDOWS\inf
2010-10-02 21:08:10 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-02 17:28:33 ----A---- C:\WINDOWS\system.ini
2010-10-02 17:27:26 ----D---- C:\WINDOWS\AppPatch
2010-10-02 17:27:25 ----D---- C:\Program Files\Common Files
2010-10-02 17:16:39 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-01 15:54:12 ----D---- C:\Documents and Settings\debra\Application Data\Malwarebytes
2010-10-01 15:54:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-30 19:49:14 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-30 19:45:23 ----D---- C:\Documents and Settings
2010-09-30 17:12:04 ----D---- C:\WINDOWS\Minidump
2010-09-30 05:15:58 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-26 17:56:06 ----D---- C:\WINDOWS\Network Diagnostic
2010-09-26 08:09:46 ----RASH---- C:\boot.ini
2010-09-24 17:47:02 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-09-24 15:02:14 ----A---- C:\WINDOWS\cdplayer.ini
2010-09-22 19:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-22 17:06:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-09-22 17:02:04 ----D---- C:\Program Files\Mozilla Firefox
2010-09-22 15:30:03 ----A---- C:\WINDOWS\win.ini
2010-09-20 08:07:48 ----D---- C:\Program Files\Panda Security
2010-09-16 19:30:07 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-15 16:43:11 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 16:43:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 16:43:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 16:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-09-10 14:34:30 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 Pnp680r;Silicon Image SiI 0680 Medley Raid Controller; C:\WINDOWS\system32\DRIVERS\pnp680r.sys [2007-07-20 110120]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-01-28 36624]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-07-12 77568]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 NAVAPEL;NAVAPEL; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPEL.SYS []
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2006-03-01 46080]
R2 ubsbm;Unibrain 1394 SBM Driver; C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2006-11-08 16384]
R2 ubumapi;Unibrain 1394 FireAPI Driver; C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2006-11-08 37888]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-22 11776]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2008-10-16 30720]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-14 5069312]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 56960]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 ubohci;Unibrain 1394 OHCI Driver; C:\WINDOWS\system32\DRIVERS\ubohci.sys [2006-11-30 91648]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 PCGenFAM;PCGenFAM; C:\WINDOWS\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-12 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\debra\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2009-11-10 18560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2009-08-26 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2009-08-26 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2009-08-26 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100730.002\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-12 61824]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-07-28 136576]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ubfwnet.sys [2006-12-05 24576]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-07-12 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-07-12 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2010-06-17 338464]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 LSICIMProvider;LSICIMProvider; C:\Program Files\LSICim\javaserv.exe [2009-08-31 69632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe []
S3 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-13 102400]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
S3 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-10-07 32768]
S3 gupdate1ca29aea165fa46;Google Update Service (gupdate1ca29aea165fa46); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-30 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-24 153376]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-08-16 73728]
S3 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-10-07 647168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-11-22 69632]
S3 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 8th, 2010, 3:57 pm

Hello sunny21b,
I apologize for the number of steps included this time, just take your time with them and if you have any problems or questions about the steps, please ask first, before executing.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Rkill
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Please download Rkill... by Grinler. Save it to your Desktop.
Alternate download links: Two, Three or Four
  1. Double click on the Rkill Desktop icon.
  2. A command window will open then disappear upon completion, this is normal.
    1. If this does not happen... delete the file, then download and use the next link provided.
    2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know.
    When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  3. Please copy and paste the contents of the rkill.log file, in your next reply.
    Please leave Rkill on the Desktop unless instructed otherwise.
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.


Step 3.
Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Step 4.
Reset IP-Flush DNS-Renew IP
We'll release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0
  2. Save the Notepad file on your desktop...as DNSreset.bat... save type as "All Files"
    Image
    DNSreset.bat <<------------- you should see this on your desktop.
  3. Double click on DNSreset.bat to run it.
    Vista-W7 users: Right click on DNSreset.bat, select "Run As Administrator" to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
  4. The IP address settings should be released and renewed and the DNS cache flushed.

Step 5.
Check - Reset Proxy settings
Malware can alter your proxy settings. If altered, it can affect your ability to browse or download tools required for disinfection.

Internet Explorer Proxy settings:
  1. Open Internet Explorer > click Tools > Internet Options > Connections tab.
  2. Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  3. Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  4. Click OK... then click OK again.
  5. Close Internet Explorer and -restart- the computer.
  6. An example of how to do this with screenshots can be found in steps 3-7 under the section Automated Removal Instructions... in this guide.
Firefox Proxy settings:
  1. Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  2. Under the Connection section click on the Settings... button.
  3. Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  4. Click OK... then click OK again.
  5. Close Firefox and -restart- the computer.
For other browsers, please refer to How to configure browser proxy settings.

Step 6.
Please try MBAM again...
Have you tried running the newer version of MBAM? If not run it, without trying to update, if it will allow it.


Step 7
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RKill - rkill.log.
  3. Security Check - checkup.txt
  4. MBAM scan results?
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 9th, 2010, 11:24 am

hey there- still cannot update malwarebytes. tried to find a newer version to download..couldn't find one. still getting rouge windows showing up in taskbar when on internet.
thanks
sunny21b






This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as debra on 10/09/2010 at 9:16:31.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\debra\Desktop\rkill.scr


Rkill completed on 10/09/2010 at 9:16:33.

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Symantec AntiVirus Client
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 21
Adobe Flash Player 10.0.42.34
Adobe Reader 9.3.4
Mozilla Firefox (3.6.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2010 10:36:25 AM
mbam-log-2010-10-09 (10-36-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 231075
Time elapsed: 1 hour(s), 0 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 9th, 2010, 7:45 pm

Hello sunny21b,

Are these "rogue windows" always the same? What are these rogue windows showing...random popups, fake security products?
Does this happen in Internet Explorer and Firefox? Depending on which browser you experience these "windows" with... reset it using the instructions below.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Reset Internet Explorer Settings
Warning:
When you reset Internet Explorer settings, all add-ons and customizations are deleted, and you basically start with a fresh version of Internet Explorer
.
  1. Exit all programs, including Internet Explorer (if it is running).
  2. Click Start > then click Run.
  3. Type the following command in the Open box, and then press ENTER:
    inetcpl.cpl
    The Internet Options dialog box appears.
  4. Click the Advanced tab.
  5. Under "Reset Internet Explorer settings", click Reset. Then click Reset again.
    When Internet Explorer finishes resetting the settings,
  6. Click Close in the "Reset Internet Explorer Settings" dialog box. Start Internet Explorer again.


Step 3.
Reset Firefox
  1. Go to Start -> All Programs -> Mozilla Firefox ...use the "Mozilla Firefox (Safe Mode)", shortcut.
      If this shortcut is missing, use:
      "Start -> Run" and enter one of the following:
      firefox -safe-mode .... OR
      "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
      You may need to alter the above path, if you installed Firefox to a different location.
      Press the OK...button.

    A Firefox Safe Mode window will open with Safe Mode options. (Refer to image below.)
    Image
  2. Select "Reset all user preferences to Firefox defaults"
  3. Press the "Make Changes and Restart"...button.
    Restarts Firefox...normally, using selected options, these changes ARE permanent. Any user customizations will need to be reapplied.
  4. After Firefox restarts click on "Check for Updates".

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. After resetting your browser, let me know if you are still getting these "rogue windows".
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 10th, 2010, 3:59 pm

hey there-
well i had no prob with instructs. played around on computer,only website that came up in task bar was address 69 31 52 2 (space for .) the page never did complete loading, not sure why, maybe spybot wouldn't let it? so if i am clean, how do i stay this way? malwarebytes still won't update tho. so i might not be out of the woods yet.
thanks
sunny21b
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm

Re: help with malware removal just added uninstall list

Unread postby Wingman » October 11th, 2010, 12:00 pm

Hello sunny21b,

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

The IP address: 69.31.52.2 refers to the ISP below. Is this familiar to you?
ISP: PILOSOFT INC
Domain: PILOSOFT.COM

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Check settings.
Make sure your Internet connections LAN setting is set to automatically detects settings
If you are using a router, you can try resetting your router and also performing the fix found at: How to reset Internet Protocol (TCP/IP)

From what I've seen the inability to update MBAM either comes from using an old version... or having some setting on the computer blocking the updates.
Have you checked your firewall settings to make sure it is not blocking MBAM? One of the things suggested is:
1- Adding the following url to any type web-filter, ad blocking, identity theft protection, 'trusted sites' options or similar to your firewall
data-cdn.mbamupdates.com

Restart the computer normally.

Step 3.
Try MBAM update again... if it updates, please run a full scan. Otherwise, no need.

Step 4.
Please run the ESET Online scan again.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. Checked Internet connections and reset router, if applicable?
  3. MBAM updated
  4. ESET online scan results.
  5. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: help with malware removal just added uninstall list

Unread postby sunny21b » October 13th, 2010, 4:11 pm

wingman-
i still cannot update malwarebytes. when i went to the page for the online scan, it was okay untill i went to download page. a new window then opened up. after a couple of attemts at downloading scan, i was successful. then the scan would get to about 33% and just freeze. when i tried to open up my print shop to work on a project, i got a window saying cannot determine configuration. i'm at a oss here. hope you can help
thanks
sunny21b
sunny21b
Regular Member
 
Posts: 42
Joined: September 21st, 2010, 3:02 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware