Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

2 extra ghost drives, and searches redirect.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » July 31st, 2009, 9:39 pm

Hello gokutrunks55,

Thanks for the logs and information. Your welcome, glad to help. :)

Will be back as soon as possible after researching logs.

Thank you
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top
Advertisement
Register to Remove

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » August 1st, 2009, 5:58 am

Hello gokutrunks55,

**Please Copy these instructions to Notepad or Print out as you will be off the internet for part of the fix.
*If any questions, or problems with a step, stop and ask me before proceeding further.

Step 1

Use TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Step 2
EMPTY NORTON QUARANTEE FOLDERS
Go to this page and follow the directions for emptying Quarantine for your version of Norton Antivirus:Removing files from Norton AntiVirus Quarantine



Step 3
Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
KillAll::

http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=44272
Collect::
C:\WINDOWS\system32\drivers\hjgruicpsjqeen.sys
C:\WINDOWS\system32\drivers\aqr7ngji.sys 
C:\WINDOWS\System32\systemwin32s.exe  

Folder::
c:\documents and settings\Jorge\Application Data\Azureus
c:\program files\Azureus

Driver::
aqr7ngji
hjgruicpsjqeen


Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Step 4
Open your Malwarebytes' Anti-Malware
  • Update Malwarebytes' Anti-Malware
  • Click Update Tab
  • Click Check For Updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Please be sure all other windows and programs are closed and work saved. This is in case MBAM needs to reboot as soon as scan is finished to complete removal of some files.



Step 5

Rerun RSIT
**Delete File info.txt from C:\rsit folder first**
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, 2 logs will open:
    • log.txt will be opened maximized. Info.txt will be minimized
    • Please post the contents of log.txt

Post

Combofix log
MBAM log
New RSIT log.txt and info.txt
How the computer is doing

Thank you
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 2nd, 2009, 3:17 am

ComboFix 09-07-31.02 - Jorge 08/02/2009 0:07.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2365 [GMT -4:00]
Running from: c:\documents and settings\Jorge\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jorge\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point

file zipped: c:\windows\system32\drivers\aqr7ngji.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jorge\Application Data\Azureus
c:\documents and settings\Jorge\Application Data\Azureus\.certs
c:\documents and settings\Jorge\Application Data\Azureus\.keystore
c:\documents and settings\Jorge\Application Data\Azureus\.lock
c:\documents and settings\Jorge\Application Data\Azureus\active\0F87FCBC6C11DB6CCF933DD9F71C603A91104F6F.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\0F87FCBC6C11DB6CCF933DD9F71C603A91104F6F.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\2B6BECACCC1C91E726D50A987EB7B28D51848E9C.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\2B6BECACCC1C91E726D50A987EB7B28D51848E9C.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\3BBF9E5AAE5335BB90D5A76981234E8576EE3B92.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\3BBF9E5AAE5335BB90D5A76981234E8576EE3B92.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\65F3D2913EE0336142E650EAC86D1FDE4EB54EA6.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\65F3D2913EE0336142E650EAC86D1FDE4EB54EA6.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\83D7B4C976CD523A2FB4D86FA921BA88299CFCCC.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\83D7B4C976CD523A2FB4D86FA921BA88299CFCCC.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\B18FA81D74FFF8A0815AB312FDEA4A4BABA33C3A.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\BB71BD84B1A22BDF4960483DAED04D76E8AB016B.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\BB71BD84B1A22BDF4960483DAED04D76E8AB016B.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\active\cache.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\D4B65E3C70D988512A118C9D40DC8E7A1BB47BDD.dat
c:\documents and settings\Jorge\Application Data\Azureus\active\D4B65E3C70D988512A118C9D40DC8E7A1BB47BDD.dat.bak
c:\documents and settings\Jorge\Application Data\Azureus\azureus.config
c:\documents and settings\Jorge\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\azureus.statistics
c:\documents and settings\Jorge\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Jorge\Application Data\Azureus\banips.config
c:\documents and settings\Jorge\Application Data\Azureus\banips.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\block.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\general.dat
c:\documents and settings\Jorge\Application Data\Azureus\dht\version.dat
c:\documents and settings\Jorge\Application Data\Azureus\downloads.config
c:\documents and settings\Jorge\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50593.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50594.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50595.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50596.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50597.tmp
c:\documents and settings\Jorge\Application Data\Azureus\tmp\AZU50598.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\AZU20239.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\AZU6640.tmp
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Chris_Rock___Kill_The_Messenger___HBO_Special.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Darkwing_Duck__All_Seasons__1_2_amp_3__Complete.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\DivxITAMenInBlack.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Music_Bob_Marley___The_Very_Best_Of_legend.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\Radiohead___IN_RAINBOWS__FULL_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\TheBrownBunnyUNRATEDLiMiTEDDVDRiPXViDHLS.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E01_HDTV_XviD_NoTV.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E02_HDTV_XviD_NoTV__saimex_com_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\True_Blood_S02E03_HDTV_XviD_NoTV__.torrent
c:\documents and settings\Jorge\Application Data\Azureus\torrents\VA_Forgetting_Sarah_Marshall_OST__2008___Mp3_.torrent
c:\documents and settings\Jorge\Application Data\Azureus\tracker.config
c:\documents and settings\Jorge\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Jorge\Application Data\Azureus\update.log
c:\documents and settings\Jorge\Application Data\Azureus\update.properties
c:\program files\Azureus
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\Uninstall.exe
H:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_aqr7ngji


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 03:57 . 2009-08-02 04:16 -------- d-----w- c:\windows\system32\wbem\Logs
2009-08-02 03:47 . 2009-08-02 03:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-02 03:46 . 2009-08-02 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-02 03:46 . 2009-08-02 03:46 152576 ----a-w- c:\documents and settings\Jorge\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-28 04:19 . 2009-07-28 04:19 -------- d-----w- C:\rsit
2009-07-22 13:44 . 2009-07-22 13:44 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 03:12 . 2009-07-21 03:12 -------- d-----w- c:\documents and settings\Jorge\dwhelper
2009-07-17 17:01 . 2009-07-17 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 07:02 . 2009-07-15 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-12 15:40 . 2009-07-12 15:42 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-12 15:40 . 2009-07-12 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-07-12 15:31 . 2009-07-12 15:47 -------- d-----w- c:\documents and settings\Jorge\Application Data\DAEMON Tools Pro
2009-07-12 14:38 . 2009-07-12 14:38 -------- d-----w- c:\program files\PowerISO
2009-07-11 18:06 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-10 23:16 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-10 22:39 . 2009-07-10 22:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 22:39 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-10 22:38 . 2009-07-10 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-10 22:38 . 2009-07-10 22:38 -------- d-----w- c:\program files\Lavasoft
2009-07-09 23:07 . 2009-08-01 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 02:32 . 2008-11-06 06:03 -------- d-----w- C:\SDFix
2009-07-09 01:33 . 2009-07-09 01:33 87264 ----a-w- c:\documents and settings\Jorge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 01:32 . 2009-07-09 01:32 -------- d-----w- c:\documents and settings\Jorge\Local Settings\Application Data\Identities
2009-07-09 01:32 . 2009-07-09 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-09 01:15 . 2009-07-09 01:15 -------- d-----w- c:\documents and settings\Jorge\Application Data\Malwarebytes
2009-07-09 01:14 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 01:14 . 2009-07-09 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 01:14 . 2009-07-09 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 01:14 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-08 17:31 . 2009-07-08 17:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-08 17:30 . 2009-07-09 01:22 -------- d-----w- c:\documents and settings\Jorge\Application Data\Messenger
2009-07-05 19:04 . 2009-07-05 19:04 -------- d-----w- c:\documents and settings\Dad\Application Data\Windows Desktop Search
2009-07-05 19:03 . 2009-07-05 19:03 -------- d-sh--w- c:\documents and settings\Dad\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 04:18 . 2007-02-18 05:19 -------- d-----w- c:\documents and settings\Jorge\Application Data\stickies
2009-08-02 04:17 . 2009-03-20 16:05 117760 ----a-w- c:\documents and settings\Jorge\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-02 03:46 . 2005-03-03 05:39 -------- d-----w- c:\program files\Java
2009-08-02 03:41 . 2008-09-14 22:07 -------- d-----w- c:\program files\CCleaner
2009-08-02 01:58 . 2009-07-01 17:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-01 23:33 . 2005-09-19 02:05 -------- d-----w- c:\program files\WinTV
2009-08-01 00:08 . 2009-06-19 17:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 11:42 . 2008-12-19 03:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-22 13:49 . 2006-11-14 20:20 -------- d-----w- c:\program files\iTunes
2009-07-22 13:48 . 2005-09-15 16:50 -------- d-----w- c:\program files\iPod
2009-07-22 13:48 . 2007-10-27 22:33 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 15:31 . 2006-02-27 04:30 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-12 01:41 . 2005-03-03 01:59 -------- d-----w- c:\program files\Google
2009-07-12 01:39 . 2005-03-03 01:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 01:37 . 2009-06-19 17:13 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-09 16:17 . 2009-06-19 19:02 -------- d-----w- c:\program files\Symantec
2009-07-09 16:17 . 2009-06-19 19:03 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-09 16:17 . 2009-06-19 19:03 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-09 16:17 . 2007-03-30 16:26 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-09 16:17 . 2007-03-30 16:26 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-09 00:09 . 2005-03-02 13:40 -------- d-----w- c:\program files\Temp
2009-07-03 17:09 . 2004-12-07 21:37 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 17:59 . 2005-03-03 06:26 -------- d-----w- c:\documents and settings\Jorge\Application Data\Aim
2009-07-01 17:30 . 2009-07-01 17:30 -------- d-----w- c:\documents and settings\Jorge\Application Data\Thunderbird
2009-06-24 20:09 . 2009-06-24 20:09 127872 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\uninstall.exe
2009-06-24 20:09 . 2007-03-28 17:25 -------- d--h--w- c:\documents and settings\Jorge\Application Data\Move Networks
2009-06-24 20:09 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-24 20:09 . 2009-06-24 20:09 1686272 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-20 04:07 . 2006-11-14 20:19 -------- d-----w- c:\program files\QuickTime
2009-06-20 02:56 . 2007-08-24 16:46 -------- d-----w- c:\program files\AIM6
2009-06-20 02:27 . 2006-09-14 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-20 02:26 . 2005-10-19 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-19 19:05 . 2009-06-19 19:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-19 19:05 . 2009-06-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-19 18:58 . 2008-06-02 05:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-19 17:50 . 2009-06-19 17:50 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-19 17:50 . 2009-06-19 17:14 -------- d-----w- c:\program files\Microsoft
2009-06-19 17:14 . 2009-06-19 17:14 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-19 16:03 . 2008-06-12 05:08 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 14:36 . 2003-07-16 20:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-07-16 20:28 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Jorge\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-05 15:42 . 2009-04-15 13:23 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2007-10-27 22:33 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2005-03-02 21:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 05:36 . 2009-06-20 02:26 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-20 02:26 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-20 02:26 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-20 02:26 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-20 02:26 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-20 02:26 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-20 02:26 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-20 02:26 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-12 19:12 . 2005-03-02 22:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2003-07-16 20:32 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-17 16:01 . 2009-07-12 14:38 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-01_00.35.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-02 04:15 . 2009-08-02 04:15 16384 c:\windows\TEMP\Perflib_Perfdata_444.dat
+ 2009-08-02 03:47 . 2009-08-02 03:46 148888 c:\windows\system32\javaws.exe
+ 2009-08-02 03:47 . 2009-08-02 03:46 144792 c:\windows\system32\javaw.exe
+ 2009-08-02 03:47 . 2009-08-02 03:46 144792 c:\windows\system32\java.exe
+ 2009-08-02 03:46 . 2009-08-02 03:46 536576 c:\windows\Installer\5d7ff2f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-29 1830128]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-26 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]

c:\documents and settings\Jorge\Start Menu\Programs\Startup\
Citrus Alarm Clock.lnk - c:\program files\Citrus Alarm Clock\Citrus Alarm Clock.exe [2008-10-7 326656]
Stickies.lnk - c:\program files\stickies\stickies.exe [2007-1-22 700416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-03-09 12:37 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\mtg17\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\rc6987\\day of defeat\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129682049\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129682049\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\gokutrunks86\\rag doll kung fu demo\\Rag_Doll_Kung_Fu_Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\buccaneer demo\\Buccaneer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\battlestations pacific - demo\\bspdemo.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"6112:TCP"= 6112:TCP:froxen throne
"6112:UDP"= 6112:UDP:froxen throne

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/10/2009 07:16 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/3/2008 03:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 03:07 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/16/2008 01:46 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 03:07 PM 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S2 MicrosoftCorporationsr;Microsoftkeysd;"c:\windows\System32\systemwin32s.exe" -netsvcs --> c:\windows\System32\systemwin32s.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2/26/2009 09:02 AM 23888]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [2/27/2008 11:09 PM 815104]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/13/2006 12:51 AM 41088]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10910

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-16 06:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {11AD0565-448A-4FCA-88A9-3912D0E5BD0F} = 192.168.1.1
DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} - hxxps://register.resnet.stonybrook.edu/CAT/CNICAT.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://pdc.resnet.stonybrook.edu/webinst.cab
FF - ProfilePath - c:\documents and settings\Jorge\Application Data\Mozilla\Firefox\Profiles\wo1s66px.default\
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - plugin: c:\documents and settings\Jorge\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 00:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-299502267-436374069-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,75,f0,48,7b,01,2a,f4,8a,16,ba,0d,2d,dc,46,2f,f3,ce,88,a5,39,82,d2,
e8,cc,15,43,c2,30,05,ea,d4,a7,17,cb,6b,b8,c4,7b,3a,d8,e0,f4,33,ec,29,06,dd,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-299502267-436374069-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:55,84,17,28,7d,08,68,45,c6,75,91,a8,23,ac,a8,7f,2c,bc,5c,40,77,
5f,f4,62,e4,60,86,c8,cf,b2,f8,fc,59,b7,d1,62,24,d6,8d,e4,cc,cf,76,76,bb,23,\
"rkeysecu"=hex:b7,6a,cc,a8,bf,69,cc,ec,64,61,71,99,c7,40,fd,bb

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""

[HKEY_LOCAL_MACHINE\System\MountedDevices]
@Denied: (Read) (Administrators)
"\\??\\Volume{80ae9b22-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
"\\??\\Volume{80ae9b23-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,53,00,41,00,4d,00,\
"\\??\\Volume{80ae9b24-8b20-11d9-a214-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
"\\DosDevices\\D:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,53,00,41,00,4d,00,53,00,55,00,4e,00,47,00,5f,00,43,\
"\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,43,00,5f,00,44,00,56,00,44,00,2b,\
"\\??\\Volume{80ae9b26-8b20-11d9-a214-806d6172696f}"=hex:4a,b1,4a,b1,00,7e,00,
00,00,00,00,00
"\\DosDevices\\C:"=hex:4a,b1,4a,b1,00,7e,00,00,00,00,00,00
"\\??\\Volume{5c77b07d-90e8-11d9-8475-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{669c2486-9fc6-11d9-847c-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bd1c94cd-36dc-11da-853f-00111128372c}"=hex:d0,96,7f,14,00,7e,00,
00,00,00,00,00
"\\??\\Volume{089fd790-4bc3-11da-86f9-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{b9767c2a-4bf7-11da-86fd-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{c7fbee00-4bf8-11da-86fe-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{35301dba-4c01-11da-86ff-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\H:"=hex:46,c6,6a,5b,00,7e,00,00,00,00,00,00
"\\??\\Volume{35301dbb-4c01-11da-86ff-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\I:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
"\\??\\Volume{55f52dc4-4c04-11da-8702-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{55f52dc5-4c04-11da-8702-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{69ed86a1-65df-11da-8710-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{5d866ea2-8d24-11da-8732-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bc5e6138-91d2-11da-8735-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{72897b9a-a64d-11da-8743-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{99315a2e-a6fc-11da-8745-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{250cf2ba-a74a-11da-8747-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{441248aa-fb02-11da-8777-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{8fc4a277-58e6-11db-87a7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4c5e2db0-5c93-11db-87a8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{2f428340-684e-11db-87ab-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e3e5317f-7dea-11db-87b3-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e3e53194-7dea-11db-87b3-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ead2ea85-8971-11db-87b7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ca0bdeb4-ab40-11db-87bf-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a41101e3-b231-11db-87c0-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4d1f899c-b8e2-11db-87cb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,55,00,53,00,42,00,53,00,54,00,4f,00,52,00,23,00,43,00,64,00,52,00,6f,00,\
"\\??\\Volume{4d1f899d-b8e2-11db-87cb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a9a25c73-bf0f-11db-87ce-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{84feedfe-d2c6-11db-87d0-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{f7a65ca4-f69d-11db-87db-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{08f1e270-896e-11dc-883e-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{968bba06-9171-11dc-8843-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4328a59a-10b6-11dd-88d1-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{4affc534-1e55-11dd-9380-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,54,00,45,00,41,00,\
"\\??\\Volume{ed47b9ba-26ba-11dd-9389-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{910ab220-27a4-11dd-938a-00111128372c}"=hex:88,55,53,02,00,7e,00,
00,00,00,00,00
"\\??\\Volume{910ab221-27a4-11dd-938a-00111128372c}"=hex:09,88,15,7c,00,7e,00,
00,00,00,00,00
"\\??\\Volume{e97a2d72-51bd-11dd-93a4-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ee89526f-628a-11dd-93a8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{9a032f87-6876-11dd-93ab-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{06706a5e-7cf6-11dd-93b7-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6f6beb99-7f3a-11dd-93b8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{6f6beb9e-7f3a-11dd-93b8-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{ab7fc37d-8e3f-11dd-93bf-00111128372c}"=hex:8a,79,9c,8f,00,7e,00,
00,00,00,00,00
"\\??\\Volume{5781dd91-b0db-11dd-93cf-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{17590a8f-eaac-11dd-93de-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{bfd64600-fea6-11dd-a595-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{e76ed83a-0485-11de-a597-00111128372c}"=hex:46,c6,6a,5b,00,7e,00,
00,00,00,00,00
"\\??\\Volume{e76ed83b-0485-11de-a597-00111128372c}"=hex:4c,0f,85,28,00,7e,00,
00,00,00,00,00
"\\??\\Volume{55ff2871-1631-11de-a5ac-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{55ff296c-1631-11de-a5ac-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
"\\??\\Volume{a520cb31-2a9f-11de-a5b9-00111128372c}"=hex:22,9b,dd,ac,00,7e,00,
00,00,00,00,00
"\\??\\Volume{a476a798-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{a476a799-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\??\\Volume{a476a79a-6efa-11de-a5eb-00111128372c}"=hex:5c,00,3f,00,3f,00,5c,
00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
"\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,45,00,44,00,53,\
"\\??\\Volume{334efa17-75a4-11de-a5ed-00111128372c}"=hex:7c,ea,3e,52,00,7e,00,
00,00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\WINSPOOL.DRV

- - - - - - - > 'explorer.exe'(1608)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-02 0:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 04:24
ComboFix2.txt 2009-08-01 00:45

Pre-Run: 112,575,979,520 bytes free
Post-Run: 112,498,106,368 bytes free

Current=5 Default=5 Failed=2 LastKnownGood=1 Sets=1,2,3,4,5
543 --- E O F --- 2009-07-31 12:19
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 2nd, 2009, 3:18 am

Malwarebytes' Anti-Malware 1.39
Database version: 2544
Windows 5.1.2600 Service Pack 3

8/2/2009 03:03:28 AM
mbam-log-2009-08-02 (03-03-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 223614
Time elapsed: 2 hour(s), 24 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\hjgruiggkpnapp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.



info.txt logfile of random's system information tool 1.06 2009-08-02 03:14:57

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applied Population Ecology with RAMAS EcoLab-->"C:\Program Files\Applied Population Ecology with RAMAS EcoLab\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x735c
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Battlestations: Pacific - Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/8180
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Buccaneer: The Pursuit of Infamy Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/23110
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citrus Alarm Clock 2.0-->"C:\Program Files\Citrus Alarm Clock\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberLink PhotoNow-->"C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Empire: Total War Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10620
EndItAll 2.0-->"C:\Program Files\EndItAll\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.1-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hauppauge English Help Files and Resources-->C:\PROGRA~1\WinTV\UNHLPeng.EXE C:\PROGRA~1\WinTV\WTV2Keng.LOG
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
Hauppauge WinTV TV Services-->C:\PROGRA~1\WinTV\uniTvSrv.exe C:\PROGRA~1\WinTV\UniTVSrv.LOG
Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\Documents and Settings\Jorge\Desktop\Spyware_Tools\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Mega Codec Pack 3.9.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/500
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
nanoPEG-Editor 2.3 Hauppauge Edition-->"C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
nanoPEG-Editor 2.6.0 for WinTV-->"C:\Program Files\nanoPEG for WinTV\nanoPEG Editor\unins000.exe"
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Oddworld: Abe's Oddysee Demo-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/15730
Online Manuals for WinTV (English)-->C:\PROGRA~1\WinTV\UNTVmans.exe C:\PROGRA~1\WinTV\WinTVMan.LOG
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Picturetrail Photo Editor 1.6-->"C:\Program Files\Picturetrail Photo Editor\Version 1.0\unins000.exe"
PodUtil 2.5.2-->"C:\Program Files\PodUtil\unins000.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
SoundFont Bank Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
SPORE™ Creature Creator-->"C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam-->C:\PROGRA~1\Valve\Steam\UNWISE.EXE C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stickies 6.0a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0a
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Endpoint Protection-->MsiExec.exe /I{06B594A0-2D2B-4376-94E4-13A0BD4A88F8}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Unreal Tournament 3-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/13210
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: Symantec Endpoint Protection

======System event log======

Computer Name: BEAST
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 101089
Source Name: Service Control Manager
Time Written: 20090619135015.000000-240
Event Type: error
User:

Computer Name: BEAST
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Record Number: 101088
Source Name: Service Control Manager
Time Written: 20090619135015.000000-240
Event Type: error
User:

Computer Name: BEAST
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Record Number: 101087
Source Name: DCOM
Time Written: 20090619135015.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BEAST
Event Code: 7000
Message: The Microsoftkeysd service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 101055
Source Name: Service Control Manager
Time Written: 20090619133040.000000-240
Event Type: error
User:

Computer Name: BEAST
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Live Essentials.

Record Number: 101029
Source Name: Windows Update Agent
Time Written: 20090619131521.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: BEAST
Event Code: 0
Message:
Record Number: 577
Source Name: OfficeUpdateV3
Time Written: 20090425100400.000000-240
Event Type: audit success
User:

Computer Name: BEAST
Event Code: 0
Message:
Record Number: 576
Source Name: OfficeUpdateV3
Time Written: 20090425100400.000000-240
Event Type: audit success
User:

Computer Name: BEAST
Event Code: 0
Message:
Record Number: 575
Source Name: OfficeUpdateV3
Time Written: 20090425100400.000000-240
Event Type: audit success
User:

Computer Name: BEAST
Event Code: 0
Message:
Record Number: 574
Source Name: OfficeUpdateV3
Time Written: 20090425100400.000000-240
Event Type: audit success
User:

Computer Name: BEAST
Event Code: 0
Message:
Record Number: 573
Source Name: OfficeUpdateV3
Time Written: 20090425100400.000000-240
Event Type: audit success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 SE;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 2nd, 2009, 3:19 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jorge at 2009-08-02 03:14:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 107 GB (45%) free of 238 GB
Total RAM: 3070 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:14:54 AM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\WinTV\WinTV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
C:\Documents and Settings\Jorge\Desktop\RSIT.exe
C:\Documents and Settings\Jorge\Desktop\Spyware_Tools\Jorge.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://resnet.stonybrook.edu/wpad.dat
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - S-1-5-18 Startup: Citrus Alarm Clock.lnk = C:\Program Files\Citrus Alarm Clock\Citrus Alarm Clock.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Citrus Alarm Clock.lnk = C:\Program Files\Citrus Alarm Clock\Citrus Alarm Clock.exe (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'Default user')
O4 - Startup: Citrus Alarm Clock.lnk = C:\Program Files\Citrus Alarm Clock\Citrus Alarm Clock.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 9801695468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/webinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11AD0565-448A-4FCA-88A9-3912D0E5BD0F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11AD0565-448A-4FCA-88A9-3912D0E5BD0F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11AD0565-448A-4FCA-88A9-3912D0E5BD0F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{11AD0565-448A-4FCA-88A9-3912D0E5BD0F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{11AD0565-448A-4FCA-88A9-3912D0E5BD0F}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoftkeysd (MicrosoftCorporationsr) - Unknown owner - C:\WINDOWS\System32\systemwin32s.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12090 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-11-07 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-23 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-01 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-01 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-08-25 339968]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-11-07 122940]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-02-26 115560]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-01 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-29 1830128]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-02-26 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1129682049\ee\AOLSoftware.exe [2005-11-02 50792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoftkeysd]
systemwin32s.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-10-05 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
/L:ENG []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\valve\steam\steam.exe [2009-07-01 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe [2005-03-04 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\Documents and Settings\Jorge\Start Menu\Programs\Startup
Citrus Alarm Clock.lnk - C:\Program Files\Citrus Alarm Clock\Citrus Alarm Clock.exe
Stickies.lnk - C:\Program Files\stickies\stickies.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-03-09 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Valve\Steam\steam.exe"="C:\Program Files\Valve\Steam\steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\mtg17\counter-strike source\hl2.exe"="C:\Program Files\Valve\Steam\SteamApps\mtg17\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\SteamApps\rc6987\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\rc6987\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1129682049\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1129682049\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1129682049\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1129682049\ee\aim6.exe:*:Enabled:AOL"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Valve\Steam\SteamApps\gokutrunks86\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe"="C:\Program Files\Valve\Steam\SteamApps\gokutrunks86\rag doll kung fu demo\Rag_Doll_Kung_Fu_Steam.exe:*:Enabled:Rag Doll Kung Fu Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\unreal tournament 3\Binaries\UT3.exe"="C:\Program Files\Valve\Steam\SteamApps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes oddysee demo\AbeDemo.exe"="C:\Program Files\Valve\Steam\SteamApps\common\oddworld abes oddysee demo\AbeDemo.exe:*:Enabled:Oddworld: Abe's Oddysee Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\empire total war demo\Empire.exe"="C:\Program Files\Valve\Steam\SteamApps\common\empire total war demo\Empire.exe:*:Enabled:Empire: Total War Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\buccaneer demo\Buccaneer.exe"="C:\Program Files\Valve\Steam\SteamApps\common\buccaneer demo\Buccaneer.exe:*:Enabled:Buccaneer: The Pursuit of Infamy Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Valve\Steam\SteamApps\common\battlestations pacific - demo\bspdemo.exe"="C:\Program Files\Valve\Steam\SteamApps\common\battlestations pacific - demo\bspdemo.exe:*:Enabled:Battlestations: Pacific - Demo"
"C:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Valve\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1124319245\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124319245\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-02 03:14:12 ----SHD---- C:\RECYCLER
2009-08-02 00:24:44 ----A---- C:\ComboFix.txt
2009-08-02 00:16:54 ----A---- C:\WINDOWS\{00000004-00000000-00000002-00001102-00000004-10031102}.BAK
2009-08-01 23:47:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-01 23:47:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-01 23:47:09 ----A---- C:\WINDOWS\system32\java.exe
2009-08-01 23:47:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-01 23:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-31 20:22:37 ----A---- C:\Boot.bak
2009-07-31 20:22:24 ----RASHD---- C:\cmdcons
2009-07-31 20:20:41 ----A---- C:\WINDOWS\zip.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\SWSC.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\SWREG.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\sed.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\PEV.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-31 20:20:41 ----A---- C:\WINDOWS\grep.exe
2009-07-31 20:20:35 ----D---- C:\WINDOWS\ERDNT
2009-07-31 20:04:10 ----D---- C:\Qoobox
2009-07-28 00:19:04 ----D---- C:\rsit
2009-07-17 13:01:07 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 03:02:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-12 20:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-12 11:40:11 ----D---- C:\Program Files\DAEMON Tools Pro
2009-07-12 11:40:11 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-07-12 11:31:18 ----D---- C:\Documents and Settings\Jorge\Application Data\DAEMON Tools Pro
2009-07-12 10:38:45 ----D---- C:\Program Files\PowerISO
2009-07-11 14:06:29 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-10 18:39:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 18:38:42 ----D---- C:\Program Files\Lavasoft
2009-07-10 18:38:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-09 19:07:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-08 22:32:13 ----D---- C:\SDFix
2009-07-08 21:32:20 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 21:15:01 ----D---- C:\Documents and Settings\Jorge\Application Data\Malwarebytes
2009-07-08 21:14:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-08 21:14:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-08 20:26:19 ----D---- C:\WINDOWS\TEMP
2009-07-08 13:30:12 ----D---- C:\Documents and Settings\Jorge\Application Data\Messenger

======List of files/folders modified in the last 1 months======

2009-08-02 03:09:53 ----D---- C:\Program Files\Mozilla Firefox
2009-08-02 03:09:10 ----D---- C:\Program Files\WinTV
2009-08-02 03:07:47 ----D---- C:\Documents and Settings\Jorge\Application Data\stickies
2009-08-02 03:07:02 ----SD---- C:\WINDOWS\Tasks
2009-08-02 03:05:54 ----D---- C:\WINDOWS\system32\drivers
2009-08-02 03:05:54 ----D---- C:\Program Files
2009-08-02 03:05:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-02 01:16:06 ----D---- C:\Program Files\Temp
2009-08-02 00:43:43 ----D---- C:\WINDOWS\system32\config
2009-08-02 00:24:47 ----D---- C:\WINDOWS\system32
2009-08-02 00:24:44 ----D---- C:\WINDOWS\Prefetch
2009-08-02 00:23:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-02 00:17:01 ----D---- C:\WINDOWS
2009-08-02 00:16:59 ----A---- C:\WINDOWS\system.ini
2009-08-02 00:15:57 ----SHD---- C:\System Volume Information
2009-08-02 00:15:57 ----D---- C:\WINDOWS\system32\Restore
2009-08-02 00:10:18 ----D---- C:\WINDOWS\AppPatch
2009-08-02 00:10:15 ----D---- C:\Program Files\Common Files
2009-08-01 23:57:20 ----D---- C:\WINDOWS\system32\wbem
2009-08-01 23:56:11 ----D---- C:\Documents and Settings\Jorge\Application Data\Macromedia
2009-08-01 23:48:09 ----D---- C:\WINDOWS\security
2009-08-01 23:48:09 ----D---- C:\WINDOWS\Debug
2009-08-01 23:47:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-01 23:47:20 ----SHD---- C:\WINDOWS\Installer
2009-08-01 23:47:15 ----D---- C:\Config.Msi
2009-08-01 23:46:48 ----D---- C:\Program Files\Java
2009-08-01 23:41:27 ----D---- C:\Program Files\CCleaner
2009-08-01 21:58:04 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-31 20:43:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-31 20:31:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-31 20:31:05 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 20:22:38 ----RASH---- C:\boot.ini
2009-07-31 20:08:37 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 07:42:44 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-29 03:01:00 ----HD---- C:\WINDOWS\inf
2009-07-29 03:00:49 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:00:17 ----D---- C:\WINDOWS\WinSxS
2009-07-22 09:49:01 ----D---- C:\Program Files\iTunes
2009-07-22 09:48:48 ----D---- C:\Program Files\iPod
2009-07-22 09:48:47 ----D---- C:\Program Files\Common Files\Apple
2009-07-21 21:04:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 18:58:31 ----SD---- C:\Documents and Settings\Jorge\Application Data\Microsoft
2009-07-12 10:38:33 ----D---- C:\Documents and Settings\Jorge\Application Data\Mozilla
2009-07-11 21:41:12 ----D---- C:\Program Files\Google
2009-07-11 21:39:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-11 21:38:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-11 21:37:43 ----D---- C:\WINDOWS\system32\en-US
2009-07-11 21:37:41 ----D---- C:\Program Files\Windows Desktop Search
2009-07-10 19:16:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-09 12:17:49 ----D---- C:\Program Files\Symantec
2009-07-09 12:17:47 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 13:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 13:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 13:09:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-02-26 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-02-26 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-26 191536]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-11-07 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-11-07 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-11-07 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-11-07 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-11-07 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-11-07 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-11-07 94332]
R2 drvnddm;drvnddm; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-02-27 223128]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2006-08-11 78336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090801.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090801.021\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-26 27696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 hjgruiulbknidu;hjgruiulbknidu; C:\WINDOWS\system32\drivers\hjgruicpsjqeen.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ay2q0v9m;ay2q0v9m; C:\WINDOWS\system32\drivers\ay2q0v9m.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Jorge\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-09-07 41088]
S3 mqdmbus;Motorola DM Composite Driver (WDM); C:\WINDOWS\system32\DRIVERS\mqdmbus.sys [2007-02-04 66656]
S3 mqdmmdfl;Motorola USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys [2007-02-04 9232]
S3 mqdmmdm;Motorola USB Modem; C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys [2007-02-04 92064]
S3 mqdmserd;Motorola USB Diag; C:\WINDOWS\system32\DRIVERS\mqdmserd.sys [2007-02-04 79328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-02-26 319792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-02-26 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-02-26 108392]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-01 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-04-07 241734]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-02-26 1799496]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-02-26 2440120]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 MicrosoftCorporationsr;Microsoftkeysd; C:\WINDOWS\System32\systemwin32s.exe -netsvcs []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 HauppaugeTVServer;HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 815104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-02-26 320840]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 2nd, 2009, 3:22 am

The temp file cleaner freed up about 10 gigs of space.
Ran combo fix, Ran Malwarebytes upon cleaning norton picked up several trojans and spyware and quarantined some deleted others.
THe ghost drives are gone, and no more redirects on google searches
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » August 2nd, 2009, 6:40 am

Hello gokutrunks55,

Great job :)

*Print all instructions or Copy to Notepad for reference.
Lets get some updates to eliminate security risks of the older versions and a final online scan to check things out.

Step 1
Open Hijack This, Select Perform Scan Only and place a check in the following: *Do not worry if they are not present.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Games\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Microsoftkeysd (MicrosoftCorporationsr) - Unknown owner - C:\WINDOWS\System32\systemwin32s.exe (file missing)


Step 2
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall the following
  • Adobe Reader 8.1.3
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2
    Spybot - Search & Destroy 1.3 --->>This is out of date
  • Reboot your computer


Step 3
Update Adobe Reader

    Recently there have been vulnerabilities detected in ALL older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.



Step 4
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Step 6
Open HijackThis and select: Do a system scan and save a log file.

When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents in your post.


Post
ESET Scan Results
New HiJackThis Log
How Computer is running

Thank you,
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 4th, 2009, 7:02 pm

Quick Question, aside from placing a check on the hijack this list, am i supposed to delete, or "fix selected"?
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » August 4th, 2009, 7:18 pm

Hello gokutrunks,
Apologies, typing mistake. Just click the "fix selected", once done exit then continue with the other instructions.
Thank you for asking.
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 4th, 2009, 11:37 pm

Hey Trurtledove, while trying uninstall Adobe reader, i keep getting this error
Error 1402. could not open key: Hkey_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficeient access to that key, or contact your support personnel
i tried reinstalling it, "fixing" it using the program itself, redownloading it and installing it, nothing works. I have access being that im the admin on this computer. Any suggestions?
thanks again for all the help
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » August 6th, 2009, 12:18 am

Hello gokutrunks55,

You are welcome. :)
Let's try the following please: As always copy/print instructions.*

Step 1 *Important*
Backup Your Registry with ERUNT


* Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
* For version with the Installer:
Use the setup program to install ERUNT on your computer
* For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the Desktop.



Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
Code: Select all
RegLock::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]


Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

C:\ComboFix.txt please post this in in your next reply.

Can you now try and uninstall Adobe reader? Then update Adobe as instructed earlier?

If so, , please continue with the previous instructions.

Post
Combofix.txt
What happened with Adobe update
Any other issues

Thank you
TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby gokutrunks55 » August 6th, 2009, 7:21 pm

Evening Turtledove,
used the instructions you gave me, and they didnt work. The install/uninstall still has the same error. at this point i dont care if i use adobe or not, but it would be nice to uninstall it lol. Any other suggestions?
thanks again
gokutrunks55
Regular Member
 
Posts: 24
Joined: July 12th, 2009, 12:31 pm
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby turtledove » August 7th, 2009, 12:15 am

Hello gokutrunks55,

Happy to help, you're welcome. :)

*Print all instructions or Copy to Notepad for reference.
Lets get some updates to eliminate security risks of the older versions and a final online scan to check things out.

Step 1
Open Hijack This, Select Perform Scan Only and place a check in the following: *Do not worry if they are not present.



O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe
O23 - Service: Microsoftkeysd (MicrosoftCorporationsr) - Unknown owner - C:\WINDOWS\System32\systemwin32s.exe (file missing)


Step 2
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall the following

    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2
    Spybot - Search & Destroy 1.3 --->>This is out of date
  • Reboot your computer


Step 3
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Step 4

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\Adobe\Reader 8.0



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 4
Please open HijackThis
Select Do Scan and Save log
Post results in next reply, after other scans have been done.




Post:
C:\Program Files\Eset\Eset Online Scanner\log.txt
C:\ComboFix.txt
New HijackThis log
Any other remaining or new problems
*May need 2 posts

Thank you

TD
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California
Top

Re: 2 extra ghost drives, and searches redirect.

Unread postby Shaba » August 10th, 2009, 10:41 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Previous
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 430 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index