Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please review this file...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please review this file...

Unread postby vancehome » April 7th, 2009, 1:55 am

Hello!

Could you please take a look at this HijackThis file to see is anything looks off? This is my daughter's PC and it's had popups in IE forever. I can't figure out what it is. I've patched it, upgraded it. I don't know what else to do. Thank you so much (in advance)for helping us!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:53 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061202
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061202
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [xsaqstg] c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe xsaqstg
O4 - HKCU\..\Run: [uesiwgq] "c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe" uesiwgq
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.27.5/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/defaul ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12778 bytes
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm
Advertisement
Register to Remove

Re: Please review this file...

Unread postby muppy03 » April 10th, 2009, 12:33 am

Hello and welcome to the Malware Removal Forums

I will be assisting you with your Malware issues.

IMPORTANT

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean!
  • If you have any questions or are unsure in anyway, please let me know. I will try my best to help you!
  • Please reply to this thread. Do not start a new topic.
  • As I am still in training, everything that I post to you, must be checked by one of the teachers. Therefore, there may be a slight delay between posts.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please review this file...

Unread postby vancehome » April 10th, 2009, 1:30 am

Thanks!

Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
AGEIA PhysX v2.4.4
AMD Processor Driver
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Banctec Service Agreement
Barbie(TM) as Rapunzel
Belles Beauty Boutique
Bonjour
Bricks of Atlantis
Broadcom Management Programs
Burger Shop
Cake Mania
Cake Mania 2
Chocolatier 2 Secret Ingredients
Clayside
Conexant HDA D110 MDC V.92 Modem
Corel Snapfire Plus
Dell Game Console
Dell Support 3.2.1
Dell Wireless WLAN Card
Digital Content Portal
Digital Line Detect
Disney's Toontown Online
Documentation & Support Launcher
Doggie Dash
Dream Day First Home
Dream Day Wedding Married in Manhattan
EarthLink Setup Files
EducateU
EPSON Printer Software
Escape from Paradise
ESPNMotion
Farm Frenzy
Favorit
Feeding Frenzy 2
Fisher-Price Petshop
Games, Music, & Photos Launcher
Garden Defense
GemMaster Mystic
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
Granny in Paradise
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Horse and Pony Tycoon 1.13
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
ICRAplus
IKEA HomePlanner Kitchen
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
Jigsaw Gallery
Jigsaw Puzzle 2 Mix
Language Arts
Learn2 Player (Uninstall Only)
Magic Match
Map Button (Windows Live Toolbar)
MetaFrame Presentation Server Web Client for Win32
Mevo and The Groove Riders
MH Cursed Valley
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Monkey Business
Monopoly SpongeBob SquarePants Edition
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Mystery Case Files - Huntsville
Mystery of Shark Island
Mystery PI
NetWaiting
NetZeroInstallers
OPERATION MANIA
Otto
Pet Vet 3D Animal Hospital
Posh Shop
PowerDVD 5.7
Puzzle Express
Puzzle Inlay
QuickSet
QuickTime
RealPlayer Basic
Sandlot Games Client Services
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Smart Menus (Windows Live Toolbar)
Sonic Encoders
SpongeBob's Obstacle Odyssey
Spybot - Search & Destroy
Super Collapse! Puzzle Gallery 2
Super Collapse! Puzzle Gallery 3
SweetIM for Messenger 2.5
SweetIM Toolbar for Internet Explorer 3.2
Synaptics Pointing Device Driver
Totem Tribe
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Turtle Odyssey 2
U.B. Funkeys
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Imaging Component
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Service Pack 3
Womens Murder Club
Womens Murder Club 2
Yahoo! Music Jukebox
ZenGems
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm

Re: Please review this file...

Unread postby muppy03 » April 10th, 2009, 8:48 am

Hi there,


Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, after i tell you that your computer is clean.

Next Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.



NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Please reply with:-
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

mbam-log-2009-04-10 (18-20-23).txt

Unread postby vancehome » April 11th, 2009, 3:01 am

Malwarebytes' Anti-Malware 1.36
Database version: 1962
Windows 5.1.2600 Service Pack 3

4/10/2009 6:20:23 PM
mbam-log-2009-04-10 (18-20-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 186427
Time elapsed: 1 hour(s), 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uesiwgq (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Peyton Vogel\Local Settings\Application Data\uesiwgq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Application Data\uesiwgq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Application Data\uesiwgq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Application Data\uesiwgq.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm

RSIT log.txt

Unread postby vancehome » April 11th, 2009, 3:06 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Peyton Vogel at 2009-04-10 23:47:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (59%) free of 52 GB
Total RAM: 894 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:58 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\LUXPOJ0M\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Peyton Vogel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061202
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=1061202
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] "C:\Program Files\Lexmark Toolbar\Temp\setup.exe" ENGLISH "C:\Program Files\Lexmark Toolbar" /ie
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xsaqstg] c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe xsaqstg
O4 - HKCU\..\Run: [uesiwgq] "c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe" uesiwgq
O4 - Startup: hc_tray.lnk = C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b53083.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.27.5/ttinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/defaul ... uncher.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdu_device - Unknown owner - C:\WINDOWS\system32\lxducoms.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12737 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-11-03 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2007-12-17 56360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-22 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-15 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-22 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark Printable Web - C:\Program Files\Lexmark Printable Web\bho.dll [2008-11-03 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-22 251504]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-11-03 372736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-09-22 761947]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe []
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-09-22 282624]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe [2008-06-01 1807960]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2006-12-02 236544]
"DellHelp"=C:\Dell\DellHelp\DellHelp.exe [2004-04-01 1589248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"fssui"=C:\Program Files\Windows Live\Family Safety\fssui.exe [2007-12-17 243240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Lexmark 5600-6600 Series"= []
"lxduUninstallRan"= []
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=C:\Program Files\Lexmark Toolbar\Temp\setup.exe [2008-11-13 98984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-08-28 395776]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-25 68856]
"OE_OEM"=C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe [2006-08-04 321040]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"xsaqstg"=c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe xsaqstg []
"uesiwgq"=c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe uesiwgq []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Documents and Settings\Peyton Vogel\Start Menu\Programs\Startup
hc_tray.lnk - C:\Program Files\Kuma Games\hcsystray\hc_tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-23 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 1 months======

2009-04-10 23:47:45 ----D---- C:\rsit
2009-04-10 22:10:21 ----D---- C:\logs
2009-04-10 22:08:56 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-04-10 22:08:38 ----D---- C:\WINDOWS\LastGood
2009-04-10 22:08:22 ----A---- C:\WINDOWS\system32\lxdudrs.dll
2009-04-10 22:08:22 ----A---- C:\WINDOWS\system32\lxducaps.dll
2009-04-10 22:07:20 ----D---- C:\Program Files\Lexmark Toolbar
2009-04-10 22:02:50 ----D---- C:\Program Files\Lexmark Printable Web
2009-04-10 22:02:10 ----A---- C:\WINDOWS\system32\lxduutil.dll
2009-04-10 22:02:09 ----A---- C:\WINDOWS\system32\lxdujswr.dll
2009-04-10 22:02:07 ----A---- C:\WINDOWS\system32\lxdugf.dll
2009-04-10 22:02:06 ----A---- C:\WINDOWS\system32\lxducomc.dll
2009-04-10 22:01:46 ----D---- C:\Program Files\Lexmark 5600-6600 Series
2009-04-10 18:22:49 ----D---- C:\Avenger
2009-04-10 18:22:49 ----A---- C:\avenger.txt
2009-04-10 12:09:45 ----D---- C:\Documents and Settings\Peyton Vogel\Application Data\Malwarebytes
2009-04-10 12:09:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-10 12:09:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-09 11:05:36 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-08 22:58:21 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-08 22:58:01 ----D---- C:\Program Files\Lavasoft
2009-04-08 22:58:01 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-08 12:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-08 12:33:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-07 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-06 17:27:45 ----D---- C:\WINDOWS\Prefetch
2009-04-06 17:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-06 17:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-06 17:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-06 17:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-06 17:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-06 16:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-06 16:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-06 16:55:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-06 16:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-06 16:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-06 16:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-06 16:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-06 16:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-06 16:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-06 16:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-06 16:43:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-06 16:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-06 16:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-06 16:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-06 16:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-06 16:35:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-06 16:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-06 16:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-06 16:24:12 ----D---- C:\WINDOWS\system32\scripting
2009-04-06 16:24:07 ----D---- C:\WINDOWS\l2schemas
2009-04-06 16:24:06 ----D---- C:\WINDOWS\system32\en
2009-04-06 16:24:05 ----D---- C:\WINDOWS\system32\bits
2009-04-06 16:18:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-06 16:08:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-06 14:03:39 ----D---- C:\WINDOWS\ie8updates
2009-04-06 13:58:42 ----HDC---- C:\WINDOWS\ie8
2009-03-27 12:13:16 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-23 14:59:17 ----D---- C:\Documents and Settings\All Users\Application Data\mevo
2009-03-17 15:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\Enkord
2009-03-15 15:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-15 15:57:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-15 15:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-14 13:20:16 ----D---- C:\Documents and Settings\Peyton Vogel\Application Data\Flood Light Games
2009-03-14 13:20:16 ----D---- C:\Documents and Settings\All Users\Application Data\Flood Light Games

======List of files/folders modified in the last 1 months======

2009-04-10 23:37:38 ----D---- C:\WINDOWS
2009-04-10 22:40:23 ----D---- C:\WINDOWS\system32
2009-04-10 22:39:41 ----HD---- C:\WINDOWS\inf
2009-04-10 22:36:40 ----D---- C:\WINDOWS\system32\FxsTmp
2009-04-10 22:32:15 ----D---- C:\WINDOWS\Temp
2009-04-10 22:22:39 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-10 22:22:38 ----RSD---- C:\WINDOWS\assembly
2009-04-10 22:11:24 ----D---- C:\WINDOWS\system32\dllcache
2009-04-10 22:11:19 ----D---- C:\WINDOWS\system32\drivers
2009-04-10 22:09:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-10 22:09:11 ----D---- C:\WINDOWS\twain_32
2009-04-10 22:07:20 ----D---- C:\Program Files
2009-04-10 22:07:14 ----SHD---- C:\WINDOWS\Installer
2009-04-10 22:07:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-10 22:04:34 ----D---- C:\WINDOWS\WinSxS
2009-04-10 22:03:47 ----D---- C:\Program Files\Internet Explorer
2009-04-10 21:59:45 ----D---- C:\drivers
2009-04-10 19:29:13 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-04-10 18:23:28 ----D---- C:\WINDOWS\Registration
2009-04-10 18:22:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-09 22:21:53 ----D---- C:\Documents and Settings\Peyton Vogel\Application Data\Corel
2009-04-08 23:01:28 ----SD---- C:\WINDOWS\Tasks
2009-04-08 23:00:16 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-08 17:53:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-08 17:52:20 ----D---- C:\WINDOWS\network diagnostic
2009-04-08 12:33:54 ----A---- C:\WINDOWS\imsins.BAK
2009-04-07 11:08:14 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-06 20:15:25 ----D---- C:\Program Files\Trend Micro
2009-04-06 18:52:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 18:51:18 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-06 17:28:52 ----A---- C:\WINDOWS\setuplog.txt
2009-04-06 17:27:16 ----D---- C:\WINDOWS\system32\Setup
2009-04-06 17:27:16 ----D---- C:\WINDOWS\ime
2009-04-06 17:27:15 ----D---- C:\WINDOWS\system32\wbem
2009-04-06 17:27:15 ----D---- C:\WINDOWS\AppPatch
2009-04-06 17:27:14 ----RSD---- C:\WINDOWS\Fonts
2009-04-06 17:27:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 17:26:07 ----D---- C:\WINDOWS\security
2009-04-06 17:08:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-06 16:34:14 ----D---- C:\Program Files\Messenger
2009-04-06 16:24:47 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-06 16:24:46 ----D---- C:\WINDOWS\Help
2009-04-06 16:24:15 ----D---- C:\WINDOWS\system32\usmt
2009-04-06 16:24:15 ----D---- C:\WINDOWS\system32\en-US
2009-04-06 16:24:05 ----D---- C:\WINDOWS\PeerNet
2009-04-06 16:24:04 ----D---- C:\Program Files\Movie Maker
2009-04-06 16:18:31 ----D---- C:\WINDOWS\system32\Restore
2009-04-06 16:18:31 ----D---- C:\WINDOWS\system32\npp
2009-04-06 16:18:31 ----D---- C:\WINDOWS\mui
2009-04-06 16:18:29 ----D---- C:\WINDOWS\msagent
2009-04-06 16:18:27 ----D---- C:\WINDOWS\srchasst
2009-04-06 16:18:25 ----D---- C:\Program Files\NetMeeting
2009-04-06 16:18:23 ----D---- C:\WINDOWS\system32\Com
2009-04-06 16:18:13 ----D---- C:\Program Files\Windows NT
2009-04-06 16:18:13 ----D---- C:\Program Files\Outlook Express
2009-04-06 16:18:05 ----D---- C:\Program Files\Common Files\System
2009-04-06 16:17:09 ----D---- C:\WINDOWS\system32\oobe
2009-04-06 16:17:06 ----D---- C:\WINDOWS\system
2009-04-06 16:08:16 ----D---- C:\WINDOWS\ehome
2009-04-06 15:56:35 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-06 14:07:17 ----D---- C:\WINDOWS\Media
2009-03-27 12:13:16 ----D---- C:\Program Files\Common Files
2009-03-27 12:13:00 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-25 17:13:10 ----D---- C:\Program Files\Oberon Media
2009-03-25 17:13:09 ----D---- C:\Program Files\MSN Games
2009-03-24 21:24:39 ----D---- C:\Documents and Settings\Peyton Vogel\Application Data\MSN6
2009-03-16 22:48:48 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-09 73288]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-12-02 8552]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-03-30 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-03-30 204816]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-03-30 1169240]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-23 1681920]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-09-22 1171464]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-09-22 191872]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-12-19 186592]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-09-23 401408]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 fsssvc;Windows Live OneCare Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 ICRAplus;ICRAplus; C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe [2006-12-29 909312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$MICROSOFTSMLBIZ;MSSQL$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe [2008-12-18 9158656]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-23 380928]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2006-11-21 1472104]
R2 RDFLabel;RDFLabel; C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe [2006-05-22 114688]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-25 345696]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 lxdu_device;lxdu_device; C:\WINDOWS\system32\lxducoms.exe -service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2006-12-02 86528]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 137200]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTSMLBIZ;SQLAgent$MICROSOFTSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE [2005-05-03 323584]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm

RSIT info.txt

Unread postby vancehome » April 11th, 2009, 3:08 am

info.txt logfile of random's system information tool 1.06 2009-04-10 23:48:02

======Uninstall list======

-->MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
-->MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AGEIA PhysX v2.4.4-->"C:\Program Files\AGEIA Technologies\uninstall.exe"
AMD Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center-->MsiExec.exe /I{AC6AE077-1566-4655-BE73-38A869C150DC}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Banctec Service Agreement-->MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Barbie(TM) as Rapunzel-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\RapunzelUn.exe
Belles Beauty Boutique-->"C:\Program Files\MSN Games\Belles Beauty Boutique\Uninstall.exe" "C:\Program Files\MSN Games\Belles Beauty Boutique\install.log"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bricks of Atlantis-->"C:\Program Files\MSN Games\Bricks of Atlantis\Uninstall.exe" "C:\Program Files\MSN Games\Bricks of Atlantis\install.log"
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Burger Shop-->"C:\Program Files\MSN Games\Burger Shop\Uninstall.exe" "C:\Program Files\MSN Games\Burger Shop\install.log"
Cake Mania 2-->"C:\Program Files\MSN Games\Cake Mania 2\Uninstall.exe" "C:\Program Files\MSN Games\Cake Mania 2\install.log"
Cake Mania-->"C:\Program Files\MSN Games\Cake Mania\Uninstall.exe" "C:\Program Files\MSN Games\Cake Mania\install.log"
Chocolatier 2 Secret Ingredients-->"C:\Program Files\MSN Games\Chocolatier 2 Secret Ingredients\Uninstall.exe" "C:\Program Files\MSN Games\Chocolatier 2 Secret Ingredients\install.log"
Clayside-->"C:\Program Files\MSN Games\Clayside\Uninstall.exe" "C:\Program Files\MSN Games\Clayside\install.log"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Doggie Dash-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\DOGGIE~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\DOGGIE~1\INSTALL.LOG
Dream Day First Home-->"C:\Program Files\MSN Games\Dream Day First Home\Uninstall.exe" "C:\Program Files\MSN Games\Dream Day First Home\install.log"
Dream Day Wedding Married in Manhattan-->"C:\Program Files\MSN Games\Dream Day Wedding Married in Manhattan\Uninstall.exe" "C:\Program Files\MSN Games\Dream Day Wedding Married in Manhattan\install.log"
EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Escape from Paradise-->"C:\Program Files\MSN Games\Escape from Paradise\Uninstall.exe" "C:\Program Files\MSN Games\Escape from Paradise\install.log"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Farm Frenzy-->"C:\Program Files\MSN Games\Farm Frenzy\Uninstall.exe" "C:\Program Files\MSN Games\Farm Frenzy\install.log"
Favorit-->"c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe" -uninstall
Feeding Frenzy 2-->"C:\Program Files\MSN Games\Feeding Frenzy 2\Uninstall.exe" "C:\Program Files\MSN Games\Feeding Frenzy 2\install.log"
Fisher-Price Petshop-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fisher-Price®\Petshop\DeIsL1.isu"
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Garden Defense-->"C:\Program Files\MSN Games\Garden Defense\Uninstall.exe" "C:\Program Files\MSN Games\Garden Defense\install.log"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Granny in Paradise-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\GRANNY~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\GRANNY~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Horse and Pony Tycoon 1.13-->"C:\Program Files\Horse and Pony Tycoon\unins000.exe"
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINDOWS\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICRAplus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03D87B7F-805C-4284-A1C8-D3BC1B1ADFCA}\Setup.exe" -l0x9
IKEA HomePlanner Kitchen-->MsiExec.exe /I{E215F522-2FD6-46F4-9507-747E14D71598}
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jigsaw Gallery-->"C:\Program Files\MSN Games\Jigsaw Gallery\Uninstall.exe" "C:\Program Files\MSN Games\Jigsaw Gallery\install.log"
Jigsaw Puzzle 2 Mix-->"C:\Program Files\MSN Games\Jigsaw Puzzle 2 Mix\Uninstall.exe" "C:\Program Files\MSN Games\Jigsaw Puzzle 2 Mix\install.log"
Language Arts-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47CB6CDA-2196-4C25-8F6B-642277327D19}\setup.exe" -l0x9 -removeonly
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark Printable Web-->regsvr32.exe /s /u "C:\Program Files\Lexmark Printable Web\bho.dll"
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Magic Match-->"C:\Program Files\MSN Games\Magic Match\Uninstall.exe" "C:\Program Files\MSN Games\Magic Match\install.log"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MetaFrame Presentation Server Web Client for Win32-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Mevo and The Groove Riders-->"C:\Program Files\MSN Games\Mevo and The Groove Riders\Uninstall.exe" "C:\Program Files\MSN Games\Mevo and The Groove Riders\install.log"
MH Cursed Valley-->"C:\Program Files\MSN Games\MH Cursed Valley\Uninstall.exe" "C:\Program Files\MSN Games\MH Cursed Valley\install.log"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook 2003 with Business Contact Manager Update-->MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95FC84C0-9F15-4831-8605-396FDC42071D}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Monkey Business-->"C:\Program Files\MSN Games\Monkey Business\Uninstall.exe" "C:\Program Files\MSN Games\Monkey Business\install.log"
Monopoly SpongeBob SquarePants Edition-->"C:\Program Files\MSN Games\Monopoly SpongeBob SquarePants Edition\Uninstall.exe" "C:\Program Files\MSN Games\Monopoly SpongeBob SquarePants Edition\install.log"
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville-->"C:\Program Files\MSN Games\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Case Files - Huntsville\install.log"
Mystery of Shark Island-->"C:\Program Files\MSN Games\Mystery of Shark Island\Uninstall.exe" "C:\Program Files\MSN Games\Mystery of Shark Island\install.log"
Mystery PI-->"C:\Program Files\MSN Games\Mystery PI\Uninstall.exe" "C:\Program Files\MSN Games\Mystery PI\install.log"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OPERATION MANIA-->"C:\Program Files\MSN Games\OPERATION MANIA\Uninstall.exe" "C:\Program Files\MSN Games\OPERATION MANIA\install.log"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Pet Vet 3D Animal Hospital-->"C:\Program Files\Braingame\Pet Vet 3D Animal Hospital\unins000.exe"
Posh Shop-->"C:\Program Files\MSN Games\Posh Shop\Uninstall.exe" "C:\Program Files\MSN Games\Posh Shop\install.log"
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Puzzle Express-->"C:\Program Files\MSN Games\Puzzle Express\Uninstall.exe" "C:\Program Files\MSN Games\Puzzle Express\install.log"
Puzzle Inlay-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\PUZZLE~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\PUZZLE~1\INSTALL.LOG
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SpongeBob's Obstacle Odyssey-->"C:\Program Files\MSN Games\SpongeBobs Obstacle Odyssey\Uninstall.exe" "C:\Program Files\MSN Games\SpongeBobs Obstacle Odyssey\install.log"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! Puzzle Gallery 2-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERC~2\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERC~2\INSTALL.LOG
Super Collapse! Puzzle Gallery 3-->C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\MSNGAM~2\GAMESP~1\SUPERC~1\INSTALL.LOG
SweetIM for Messenger 2.5-->MsiExec.exe /X{91DEF70E-4C96-41B3-BC6F-33974CE23CAC}
SweetIM Toolbar for Internet Explorer 3.2-->MsiExec.exe /X{36D6A89E-C39F-4EE8-9181-C13E9BC739A5}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Totem Tribe-->"C:\Program Files\MSN Games\Totem Tribe\Uninstall.exe" "C:\Program Files\MSN Games\Totem Tribe\install.log"
Trend Micro PC-cillin Internet Security 14-->C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 14-->MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Turtle Odyssey 2-->"C:\Program Files\MSN Games\Turtle Odyssey 2\Uninstall.exe" "C:\Program Files\MSN Games\Turtle Odyssey 2\install.log"
U.B. Funkeys-->C:\Program Files\U.B. Funkeys\uninstall.exe
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare Family Safety-->MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Womens Murder Club 2-->"C:\Program Files\MSN Games\Womens Murder Club 2\Uninstall.exe" "C:\Program Files\MSN Games\Womens Murder Club 2\install.log"
Womens Murder Club-->"C:\Program Files\MSN Games\Womens Murder Club\Uninstall.exe" "C:\Program Files\MSN Games\Womens Murder Club\install.log"
Yahoo! Music Jukebox-->MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}
ZenGems-->"C:\Program Files\MSN Games\ZenGems\Uninstall.exe" "C:\Program Files\MSN Games\ZenGems\install.log"

=====HijackThis Backups=====

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-08]

======Security center information======

AV: PC-cillin Internet Security - Virus Protection (outdated)
FW: PC-cillin Internet Security - Firewall

======System event log======

Computer Name: DCNH86C1
Event Code: 7031
Message: The ICRAplus service terminated unexpectedly. It has done this 45 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Record Number: 8178
Source Name: Service Control Manager
Time Written: 20090324212550.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 7031
Message: The ICRAplus service terminated unexpectedly. It has done this 44 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Record Number: 8177
Source Name: Service Control Manager
Time Written: 20090324212547.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 7031
Message: The ICRAplus service terminated unexpectedly. It has done this 43 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Record Number: 8176
Source Name: Service Control Manager
Time Written: 20090324212543.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 7031
Message: The ICRAplus service terminated unexpectedly. It has done this 42 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Record Number: 8175
Source Name: Service Control Manager
Time Written: 20090324212540.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 7031
Message: The ICRAplus service terminated unexpectedly. It has done this 41 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.

Record Number: 8174
Source Name: Service Control Manager
Time Written: 20090324212537.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: DCNH86C1
Event Code: 1001
Message: Fault bucket 369086987.

Record Number: 4534
Source Name: Application Error
Time Written: 20090327235753.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 1000
Message: Faulting application pccguide.exe, version 0.0.0.0, faulting module pccguide.exe, version 0.0.0.0, fault address 0x0006fe4c.

Record Number: 4533
Source Name: Application Error
Time Written: 20090327235744.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 1000
Message: Faulting application pccguide.exe, version 0.0.0.0, faulting module pccguide.exe, version 0.0.0.0, fault address 0x0006fe4c.

Record Number: 4528
Source Name: Application Error
Time Written: 20090327235649.000000-420
Event Type: error
User:

Computer Name: DCNH86C1
Event Code: 19011
Message:
Record Number: 4524
Source Name: MSSQL$MICROSOFTSMLBIZ
Time Written: 20090327235602.000000-420
Event Type: warning
User:

Computer Name: DCNH86C1
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4481
Source Name: Application Hang
Time Written: 20090327201703.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm

Re: Please review this file...

Unread postby muppy03 » April 11th, 2009, 7:32 pm

Hi Vancehome,

I notice from your logs that you have downloaded Avenger. Are you being helped elsewhere? Take note that Avenger is an extremely powerful tool and should only be used under expert supervision. With that being said could you please post the log it created for me to look at.

Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
 :Files 
c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe
c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"xsaqstg"=-
"uesiwgq"=-

:Commands
[emptytemp]


  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Please reply with:-
  • New HJT log
  • OTMoveit3 logs
  • Avenger log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please review this file...

Unread postby vancehome » April 12th, 2009, 4:50 am

Dear Muppy03,

Thanks for your help. I'm not geting help from any other forum. I don't think I used Avenger at any point (does it come bundled with something else?). I think all I've done (besides your instructions) are Spy Bot and Ad-Aware. Ad-Aware caught some stuff that spybot did not. I'll put the Ad-Aware log at the bottom below the Oldtimer stuff. BTW, the popups seem to have stopped!! They stopped after the Malwarebytes thing I think.

Thanks!

========== FILES ==========
File/Folder c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe not found.
File/Folder c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xsaqstg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uesiwgq deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_1024.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_88c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7329.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF780B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF782D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF79E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7A0A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7AA7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7ACF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7C29.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\W3QQ3N4L\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\UXX0962A\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\HVRESEMV\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04112009_220415

Files moved on Reboot...
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_1024.dat not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_88c.dat not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7329.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF780B.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF782D.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF79E3.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7A0A.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7AA7.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7ACF.tmp not found!
C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7C29.tmp moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\W3QQ3N4L\OTMoveIt3[1].exe moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\UXX0962A\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[1].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[2].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\HVRESEMV\default[1].htm moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat not found!


_______________________________________________________________________________________________________

Here is the Ad-Aware Log Stuff


Logfile created: 4/9/2009 9:42:12
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Peyton Vogel

*********************** Definitions database information ***********************
Lavasoft definition file: 148.7
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 141858
Objects detected: 146


Type Detected
==========================
Processes.......: 0
Registry entries: 53
Hostfile entries: 0
Files...........: 25
Folders.........: 2
LSPs............: 0
Cookies.........: 66
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adbrite* Family Name: Cookies Clean status: Success Item ID: 409218 Family ID: 0
Description: *adlegend* Family Name: Cookies Clean status: Success Item ID: 409170 Family ID: 0
Description: *addynamix* Family Name: Cookies Clean status: Success Item ID: 409026 Family ID: 0
Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Failed Item ID: 408737 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *bizrate.co* Family Name: Cookies Clean status: Success Item ID: 409154 Family ID: 0
Description: *boldchat* Family Name: Cookies Clean status: Success Item ID: 409211 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *dealtime* Family Name: Cookies Clean status: Success Item ID: 409235 Family ID: 0
Description: *omniture* Family Name: Cookies Clean status: Success Item ID: 408835 Family ID: 0
Description: *.stats.esomniture* Family Name: Cookies Clean status: Failed Item ID: 409181 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0
Description: *iwon* Family Name: Cookies Clean status: Success Item ID: 408852 Family ID: 0
Description: *live365* Family Name: Cookies Clean status: Success Item ID: 408844 Family ID: 0
Description: *nextstat* Family Name: Cookies Clean status: Success Item ID: 409229 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *overstock* Family Name: Cookies Clean status: Success Item ID: 409142 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *perf.overture* Family Name: Cookies Clean status: Failed Item ID: 408828 Family ID: 0
Description: *pro-market* Family Name: Cookies Clean status: Success Item ID: 408823 Family ID: 0
Description: *searchportal.information* Family Name: Cookies Clean status: Success Item ID: 409134 Family ID: 0
Description: *shareasale* Family Name: Cookies Clean status: Success Item ID: 409322 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Failed Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Failed Item ID: 409125 Family ID: 0
Description: *kontera* Family Name: Cookies Clean status: Success Item ID: 409363 Family ID: 0
Description: *tripod* Family Name: Cookies Clean status: Success Item ID: 408784 Family ID: 0
Description: *valueclick* Family Name: Cookies Clean status: Success Item ID: 409175 Family ID: 0
Description: *webstat* Family Name: Cookies Clean status: Success Item ID: 409228 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description: www.buy* Family Name: Cookies Clean status: Success Item ID: 409113 Family ID: 0
Description: *etracker* Family Name: Cookies Clean status: Success Item ID: 409002 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Failed Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Failed Item ID: 409139 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Failed Item ID: 408927 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
Description: *trafficmp* Family Name: Cookies Clean status: Success Item ID: 408787 Family ID: 0
Description: *ssion-junction* Family Name: Cookies Clean status: Success Item ID: 408969 Family ID: 0
Description: *coremetrics* Family Name: Cookies Clean status: Success Item ID: 409008 Family ID: 0
Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Clean status: Success Item ID: 409131 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Clean status: Failed Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409269 Family ID: 0
Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Clean status: Success Item ID: 408785 Family ID: 0
Description: *wunderloop* Family Name: Cookies Clean status: Success Item ID: 599639 Family ID: 0
Description: C:\Program Files\SweetIM Family Name: SweetIM Clean status: Reboot required Item ID: 59715 Family ID: 1823
Description: c:\Documents and Settings\All Users\Application Data\SweetIM Family Name: SweetIM Clean status: Success Item ID: 59716 Family ID: 1823

Quarantined items:
Description: C:\Program Files\SweetIM\Messenger\SweetIM.exe Family Name: SweetIM Clean status: Success Item ID: 359443 Family ID: 1823
Description: HKLM:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run:SweetIM Family Name: SweetIM Clean status: Success Item ID: 359443 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359438 Family ID: 1823
Description: HKLM:HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 359438 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll Family Name: SweetIM Clean status: Success Item ID: 359446 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359447 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359423 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgArchive.dll Family Name: SweetIM Clean status: Success Item ID: 359424 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgcommunication.dll Family Name: SweetIM Clean status: Success Item ID: 359426 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359428 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mghooking.dll Family Name: SweetIM Clean status: Success Item ID: 359430 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359431 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359433 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359434 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359435 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgSweetIM.dll Family Name: SweetIM Clean status: Success Item ID: 359437 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll Family Name: SweetIM Clean status: Success Item ID: 359439 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359441 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359442 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe Family Name: SweetIM Clean status: Success Item ID: 359445 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359425 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359427 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll Family Name: SweetIM Clean status: Success Item ID: 359429 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll Family Name: SweetIM Clean status: Success Item ID: 359432 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359436 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359440 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49771 Family ID: 1823
Description: HKCR:clsid\{82ac53b4-164c-4b07-a016-437a8388b81a}: Family Name: SweetIM Clean status: Success Item ID: 49774 Family ID: 1823
Description: HKCR:clsid\{a4a0cb15-8465-4f58-a7e5-73084ea2a064}: Family Name: SweetIM Clean status: Success Item ID: 49775 Family ID: 1823
Description: HKCR:clsid\{eee6c35b-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49776 Family ID: 1823
Description: HKCR:clsid\{eee6c35c-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49777 Family ID: 1823
Description: HKCR:clsid\{eee6c35d-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49778 Family ID: 1823
Description: HKCR:interface\{a439801c-961d-452c-ab42-7848e9cbd289}: Family Name: SweetIM Clean status: Success Item ID: 49783 Family ID: 1823
Description: HKCR:typelib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}: Family Name: SweetIM Clean status: Success Item ID: 49784 Family ID: 1823
Description: HKCR:typelib\{eee6c35e-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49785 Family ID: 1823
Description: HKCR:typelib\{eee6c35f-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49786 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\microsoft\internet explorer\toolbar\webbrowser:{eee6c35b-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49787 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\microsoft\internet explorer\urlsearchhooks:{eee6c35d-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49788 Family ID: 1823
Description: HKLM:software\microsoft\internet explorer\toolbar:{eee6c35b-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49809 Family ID: 1823
Description: HKCR:sweetie.ietoolbar: Family Name: SweetIM Clean status: Success Item ID: 49755 Family ID: 1823
Description: HKCR:sweetie.ietoolbar.1: Family Name: SweetIM Clean status: Success Item ID: 49756 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\sweetim: Family Name: SweetIM Clean status: Success Item ID: 49763 Family ID: 1823
Description: HKCR:sweetie.sweetie: Family Name: SweetIM Clean status: Success Item ID: 49764 Family ID: 1823
Description: HKCR:sweetie.sweetie.3: Family Name: SweetIM Clean status: Success Item ID: 49765 Family ID: 1823
Description: HKCR:sweetim_urlsearchhook.toolbarurlsearchhook: Family Name: SweetIM Clean status: Success Item ID: 49766 Family ID: 1823
Description: HKCR:sweetim_urlsearchhook.toolbarurlsearchhook.1: Family Name: SweetIM Clean status: Success Item ID: 49767 Family ID: 1823
Description: HKCR:toolbar3.sweetie: Family Name: SweetIM Clean status: Success Item ID: 49768 Family ID: 1823
Description: HKCR:toolbar3.sweetie.1: Family Name: SweetIM Clean status: Success Item ID: 49769 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\app paths\sweetim.exe: Family Name: SweetIM Clean status: Success Item ID: 49770 Family ID: 1823
Description: HKLM:software\sweetim: Family Name: SweetIM Clean status: Success Item ID: 49772 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\run:sweetim Family Name: SweetIM Clean status: Success Item ID: 49773 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\ Family Name: SweetIM Clean status: Success Item ID: 49789 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\ Family Name: SweetIM Clean status: Success Item ID: 49790 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\conf\ Family Name: SweetIM Clean status: Success Item ID: 49791 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\conf\users\ Family Name: SweetIM Clean status: Success Item ID: 49792 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\data\ Family Name: SweetIM Clean status: Success Item ID: 49793 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\data\contentdb\ Family Name: SweetIM Clean status: Success Item ID: 49794 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\logs\ Family Name: SweetIM Clean status: Success Item ID: 49795 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\update\ Family Name: SweetIM Clean status: Success Item ID: 49796 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\ Family Name: SweetIM Clean status: Success Item ID: 49797 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\ Family Name: SweetIM Clean status: Success Item ID: 49798 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\resources\ Family Name: SweetIM Clean status: Success Item ID: 49799 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\resources\images\ Family Name: SweetIM Clean status: Success Item ID: 49800 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\toolbars\ Family Name: SweetIM Clean status: Success Item ID: 49801 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\toolbars\internet explorer\ Family Name: SweetIM Clean status: Success Item ID: 49802 Family ID: 1823
Description: HKCR:Interface\{EEE6C358-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49803 Family ID: 1823
Description: HKCR:Interface\{EEE6C359-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49804 Family ID: 1823
Description: HKCR:Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49805 Family ID: 1823
Description: HKCR:Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}: Family Name: SweetIM Clean status: Success Item ID: 49806 Family ID: 1823
Description: HKLM:SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49807 Family ID: 1823
Description: HKCR:Installer\Features\E07FED1969C43B14CBF63379C42EC3CA: Family Name: SweetIM Clean status: Success Item ID: 49810 Family ID: 1823
Description: HKCR:Installer\Features\E98A6D63F93C8EE419181CE3B97C935A: Family Name: SweetIM Clean status: Success Item ID: 49811 Family ID: 1823
Description: HKCR:Installer\Products\E07FED1969C43B14CBF63379C42EC3CA: Family Name: SweetIM Clean status: Success Item ID: 49812 Family ID: 1823
Description: HKCR:Installer\Products\E98A6D63F93C8EE419181CE3B97C935A: Family Name: SweetIM Clean status: Success Item ID: 49813 Family ID: 1823
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP137\A0082703.exe Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 328386 Family ID: 1370
Description: HKLM:software\microsoft\windows\currentversion\app paths\internetgamebox.exe: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 12805 Family ID: 1370
Description: HKLM:software\igb: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 48601 Family ID: 1370
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\igb: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 48602 Family ID: 1370

Scan and cleaning complete: Finished correctly after 3608 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Apr 08 23:00:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Apr 08 23:00:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: DCNH86C1
Processor name: AMD Turion(tm) 64 Mobile Technology MK-36
Processor identifier: x86 Family 15 Model 76 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19458, number of processors 1
Physical memory available: 406732800 bytes
Physical memory total: 937467904 bytes
Virtual memory available: 1998516224 bytes
Virtual memory total: 2147352576 bytes
Memory load: 56%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 1212 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1260 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1288 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1332 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1536 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1640 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1680 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1724 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1940 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 432 name: C:\WINDOWS\Explorer.EXE owner: Peyton Vogel domain: DCNH86C1
PID: 476 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 488 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 740 name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 764 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 816 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 860 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 892 name: C:\Program Files\Windows Live\Family Safety\fsssvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1024 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1060 name: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2916 name: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2976 name: C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3124 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3188 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3244 name: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3300 name: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3364 name: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3508 name: C:\WINDOWS\ehome\mcrdsvc.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 256 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 420 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3952 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 164 name: C:\WINDOWS\ehome\ehtray.exe owner: Peyton Vogel domain: DCNH86C1
PID: 5000 name: C:\WINDOWS\system32\ctfmon.exe owner: Peyton Vogel domain: DCNH86C1
PID: 5660 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 972 name: C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2084 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1804 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\WINDOWS\system32\wscntfy.exe owner: Peyton Vogel domain: DCNH86C1
PID: 2256 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Peyton Vogel domain: DCNH86C1
PID: 4912 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4280 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: ehTray
imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: ATICCC
imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: Dell QuickSet
imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
Name: Broadcom Wireless Manager UI
imagepath: C:\WINDOWS\system32\WLTRAY.exe
Name: SigmatelSysTrayApp
imagepath: stsystra.exe
Name: DVDLauncher
imagepath: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Name: pccguide.exe
imagepath: "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: DellHelp
imagepath: C:\Dell\DellHelp\DellHelp.exe /c
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: EPSON Stylus C62 Series
imagepath: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
Name: fssui
imagepath: "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: SweetIM
imagepath: C:\Program Files\SweetIM\Messenger\SweetIM.exe
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
imagepath: C:\Program Files\Digital Line Detect\DLG.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
imagepath: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AOL ACS
displayname: AOL Connectivity Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: Bonjour Service
displayname: Bonjour Service
Name: COMSysApp
displayname: COM+ System Application
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ehRecvr
displayname: Media Center Receiver Service
Name: ehSched
displayname: Media Center Scheduler Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: fsssvc
displayname: Windows Live OneCare Family Safety
Name: helpsvc
displayname: Help and Support
Name: iPod Service
displayname: iPod Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: McrdSvc
displayname: Media Center Extender Service
Name: MDM
displayname: Machine Debug Manager
Name: MSSQL$MICROSOFTSMLBIZ
displayname: MSSQL$MICROSOFTSMLBIZ
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PcCtlCom
displayname: Trend Micro Central Control Component
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RDFLabel
displayname: RDFLabel
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: Tmntsrv
displayname: Trend Micro Real-time Service
Name: TmPfw
displayname: Trend Micro Personal Firewall
Name: tmproxy
displayname: Trend Micro Proxy Service
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wltrysvc
displayname: Dell Wireless WLAN Tray Service
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service

_______________________________________________________________________________________________________
vancehome
Active Member
 
Posts: 6
Joined: April 6th, 2009, 11:22 pm

Re: Please review this file...

Unread postby muppy03 » April 13th, 2009, 4:38 pm

Hi Vancehome,
BTW, the popups seem to have stopped!! They stopped after the Malwarebytes thing I think.


That’s great but we are not quite finished so hang in there ok.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 13.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 13
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u13-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
  • New HJT log
  • Kaspersky report
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please review this file...

Unread postby NonSuch » April 18th, 2009, 12:52 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware