MalwareBytes' Asnti - Malware log:
Malwarebytes' Anti-Malware 1.41
Database version: 2973
Windows 5.1.2600 Service Pack 2
17/10/2009 1:31:42 PM
mbam-log-2009-10-17 (13-31-42).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 386438
Time elapsed: 1 hour(s), 13 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 82
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\3yalgc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\cqb6wo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\t2hjo0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\vlvtdflx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\wrsf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\BenBen\Local Settings\Temp\cvasds2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mum&Grandma\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mum&Grandma\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mum&Grandma\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018585.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018598.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018613.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018626.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018669.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018820.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP45\A0024417.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024437.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024438.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024453.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024552.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024566.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0024870.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0025006.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP49\A0025714.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0026925.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0027085.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\3yalgc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\cqb6wo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\t2hjo0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\vlvtdflx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\wrsf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018587.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018601.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018615.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018628.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018671.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018822.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP45\A0024419.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024439.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024455.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024554.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024568.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0024872.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0025008.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP49\A0025716.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0026927.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0027087.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0027263.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\3yalgc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\cqb6wo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\t2hjo0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\vlvtdflx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\wrsf.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\Documents and Settings\Ben Ben\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018589.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018603.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018617.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018630.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018673.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP44\A0018824.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP45\A0024421.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024441.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024457.exe (Worm.Taterf) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024556.exe (Worm.Taterf) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP46\A0024570.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0024874.exe (Worm.Taterf) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0025011.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP48\A0025168.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP49\A0025718.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0026929.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{365BBDC4-8272-4274-B1F9-EFBB1747BF42}\RP51\A0027089.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\s3ek.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\sp1jensi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\mje12tni.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\w9uxx92.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\BenBen\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\Admin\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Rist Log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by BenBen at 2009-10-17 13:59:14
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 38 GB (76%) free of 50 GB
Total RAM: 3326 MB (84% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:25 PM, on 17/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Documents and Settings\Ben Ben\temp\TeamViewer\Version4\TeamViewer_Service.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Documents and Settings\Ben Ben\Desktop\RSIT.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
E:\Downloads\BenBen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Trinh Family Trust
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: README.lnk = E:\README.txt
O4 - User Startup: README.lnk = E:\README.txt
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - E:\Documents and Settings\Ben Ben\temp\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6930 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CC5B68AB-112A-46A0-92A3-2E4D362CA911}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2004-07-14 705808]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-08-20 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"TBPanel"=C:\Program Files\XpertVision\TBPanel.exe [2008-01-29 2157064]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-01-09 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-01-09 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"CAP3ON"=C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE [2002-07-19 22528]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"Steam"=d:\games\steam\steam.exe -silent []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdoosoft]
C:\DOCUME~1\BenBen\LOCALS~1\Temp\herss.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Canon LASER SHOT LBP-1120 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
E:\Documents and Settings\Ben Ben\Start Menu\Programs\Startup
README.lnk - E:\README.txt
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe"="D:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe"="D:\Games\Steam\steamapps\common\crayon physics deluxe demo\launcher.exe:*:Enabled:Crayon Physics Deluxe Demo"
"C:\Program Files\Free Download Manager\fdmwi.exe"="C:\Program Files\Free Download Manager\fdmwi.exe:*:Disabled:fdmwi"
"K:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe"="K:\Games\Steam\steamapps\benben321\garrysmod\hl2.exe:*:Enabled:hl2"
"K:\Games\Steam\Steam.exe"="K:\Games\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"K:\Games\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe"="K:\Games\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"K:\Games\Steam\steamapps\common\cities xl\runme.exe"="K:\Games\Steam\steamapps\common\cities xl\runme.exe:*:Enabled:Cities XL - Limited Edition"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7cdef897-4dcf-11de-a018-806d6172696f}]
shell\AutoRun\command - K:\mje12tni.exe
shell\open\command - K:\mje12tni.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df32cb20-79d0-11de-8730-002018a21f20}]
shell\AutoRun\command - K:\ZensUsb.exe
shell\Lock or Unlock USB\command - K:\LOCK.bat
shell\Run Startup Program\command - K:\ZensUsb.exe
shell\This Usb Belongs to Zen Ly\command - K:\README.txt
======List of files/folders created in the last 1 months======
2009-10-17 13:42:32 ----D---- C:\Program Files\Tweak Manager
2009-10-17 12:18:08 ----D---- C:\rsit
2009-10-17 12:16:24 ----D---- E:\Documents and Settings\Ben Ben\Application Data\Malwarebytes
2009-10-17 12:16:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-17 12:16:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 19:48:54 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-10-12 19:48:54 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-10-12 19:48:54 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-10-12 19:48:53 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-10-12 19:48:53 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-10-12 19:48:53 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-10-12 19:48:52 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-10-12 19:48:52 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-10-12 19:48:51 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-10-12 19:48:51 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-10-12 19:48:51 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-10-12 19:48:34 ----D---- C:\WINDOWS\Logs
2009-10-06 16:56:52 ----D---- C:\Program Files\TeamViewer
2009-10-05 12:37:26 ----D---- C:\Program Files\SEGA
2009-10-03 17:34:11 ----D---- E:\Documents and Settings\Ben Ben\Application Data\TeamViewer
2009-10-03 12:48:34 ----D---- C:\Program Files\TC Digital
2009-10-03 12:14:58 ----D---- C:\Program Files\Unity
2009-09-28 13:18:08 ----D---- E:\Documents and Settings\Ben Ben\Application Data\Desktopicon
2009-09-26 18:32:29 ----D---- C:\WINDOWS\pss
======List of files/folders modified in the last 1 months======
2009-10-17 13:59:08 ----D---- C:\WINDOWS\Temp
2009-10-17 13:59:08 ----A---- C:\WINDOWS\DFC.INI
2009-10-17 13:57:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 13:57:00 ----D---- E:\Documents and Settings\Ben Ben\Application Data\Free Download Manager
2009-10-17 13:42:44 ----D---- C:\WINDOWS\Prefetch
2009-10-17 13:42:33 ----D---- C:\WINDOWS\system32
2009-10-17 13:42:32 ----RD---- C:\Program Files
2009-10-17 13:30:11 ----D---- C:\WINDOWS\CAVTemp
2009-10-17 12:23:50 ----D---- E:\Documents and Settings\Ben Ben\Application Data\uTorrent
2009-10-17 12:16:20 ----D---- C:\WINDOWS\system32\drivers
2009-10-17 11:36:16 ----D---- C:\WINDOWS\Internet Logs
2009-10-15 18:14:48 ----HD---- C:\WINDOWS
2009-10-12 20:25:06 ----SHD---- C:\WINDOWS\Installer
2009-10-12 20:24:55 ----D---- C:\WINDOWS\WinSxS
2009-10-12 19:48:54 ----HD---- C:\WINDOWS\inf
2009-10-12 19:48:37 ----D---- C:\WINDOWS\system32\DirectX
2009-10-12 12:46:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-08 20:17:18 ----D---- E:\Documents and Settings\Ben Ben\Application Data\Microsoft
2009-10-07 20:33:26 ----A---- C:\WINDOWS\ODBC.INI
2009-10-03 19:40:46 ----HD---- C:\Downloads
2009-09-28 14:25:47 ----D---- C:\Program Files\Unlocker
2009-09-28 13:12:32 ----D---- E:\Documents and Settings\Ben Ben\Application Data\TortoiseSVN
2009-09-26 18:33:08 ----RSH---- C:\boot.ini
2009-09-26 18:33:08 ----A---- C:\WINDOWS\win.ini
2009-09-26 18:33:08 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2009-05-31 114856]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2004-05-28 21605]
R1 VETMONNT;VET File and Macro Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2009-05-31 896472]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2004-05-28 15668]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2004-07-14 270672]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-02-01 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-02-01 16176]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-08-28 4609024]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-01-09 7434336]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-02-28 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CAISafe;CA ISafe; C:\WINDOWS\system32\ZoneLabs\isafe.exe [2004-05-28 184320]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-01-09 155716]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 TeamViewer4;TeamViewer 4; E:\Documents and Settings\Ben Ben\temp\TeamViewer\Version4\TeamViewer_Service.exe [2009-09-30 185640]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2004-07-14 918792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Rist info.txt:
info.txt logfile of random's system information tool 1.06 2009-10-17 12:18:18
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Chivalry Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/17515Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Canon LASER SHOT LBP-1120-->C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3UNIK.EXE
Chaotic-->MsiExec.exe /I{D1BA4778-61DB-4405-AD57-03C939080E19}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cities XL - Limited Edition-->"K:\Games\Steam\steam.exe"
steam://uninstall/35500Crayon Physics Deluxe Demo-->"D:\games\Steam\steam.exe"
steam://uninstall/26910D.I.P.R.I.P. Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/17535Dark Messiah Might and Magic Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/2145Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/5DMIView B7.0108.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
ESForces-->K:\Games\Steam\Steamapps\sourceMods\ESForces\esf_openbeta\uninstall.exe
Face_Wizard B07.0509.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E76FCE6B-9999-4250-8C75-B2DA4AD41268}\setup.exe" -l0x9 -removeonly
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\DOCUME~1\Admin\LOCALS~1\Temp\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)-->C:\WINDOWS\system32\msiexec.exe /package {DD622B1D-A78E-3FE8-9C8C-246F5764B0D0} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Office (KB950278)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FED55BA1-5A70-44B4-8EB1-E72274AED780}
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
i-Cool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28184E01-D57A-4933-A09B-F65403F16D82}\setup.exe" -l0x9 -uninst -removeonly
Insurgency Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/17705Iron Man-->MsiExec.exe /X{26D8D185-F70E-4311-A511-22E979A036C5}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Left 4 Dead Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/510Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Database Publishing Wizard 1.3-->MsiExec.exe /I{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSs22.inf, Uninstall
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
muveeNow 2.1-->C:\Program Files\InstallShield Installation Information\{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
Peggle Extreme-->"K:\Games\Steam\steam.exe"
steam://uninstall/3483QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synergy Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/17525Team Fortress 2 Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/310TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
The Ship Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/2403TortoiseSVN 1.5.7.15182 (32 bit)-->MsiExec.exe /X{27968397-2FC3-4D79-BD5D-E6AC44A263FE}
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Unreal Tournament 3-->"D:\games\Steam\steam.exe"
steam://uninstall/13210Update for Microsoft Visual Studio Web Authoring Component (KB945140)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {F9DE79A2-9049-4589-9787-815147371581}
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XpertVision 6.1-->"C:\Program Files\XpertVision\unins000.exe"
Zombie Panic! Source Dedicated Server-->"D:\games\Steam\steam.exe"
steam://uninstall/17505ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\bbuninst.exe
======Security center information======
AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall
======System event log======
Computer Name: ZHOMECOM
Event Code: 1002
Message: The IP address lease 192.168.2.2 for the Network Card with network address 002018A21F20 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Record Number: 5679
Source Name: Dhcp
Time Written: 20090925013551.000000+480
Event Type: error
User:
Computer Name: ZHOMECOM
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 5675
Source Name: Windows Update Agent
Time Written: 20090923184853.000000+480
Event Type: error
User:
Computer Name: ZHOMECOM
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Cannot create a file when that file already exists.
Record Number: 5642
Source Name: Service Control Manager
Time Written: 20090923134744.000000+480
Event Type: error
User:
Computer Name: ZHOMECOM
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Cannot create a file when that file already exists.
Record Number: 5597
Source Name: Service Control Manager
Time Written: 20090922071221.000000+480
Event Type: error
User:
Computer Name: ZHOMECOM
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 5576
Source Name: Windows Update Agent
Time Written: 20090921143416.000000+480
Event Type: error
User:
=====Application event log=====
Computer Name: ZHOMECOM
Event Code: 1517
Message: Windows saved user ZHOMECOM\Mum&Grandma registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6180
Source Name: Userenv
Time Written: 20090925191318.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: ZHOMECOM
Event Code: 1517
Message: Windows saved user ZHOMECOM\Mum&Grandma registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 6110
Source Name: Userenv
Time Written: 20090925022300.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: ZHOMECOM
Event Code: 1517
Message: Windows saved user ZHOMECOM\Mum&Grandma registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5978
Source Name: Userenv
Time Written: 20090922202736.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: ZHOMECOM
Event Code: 1517
Message: Windows saved user ZHOMECOM\Mum&Grandma registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5893
Source Name: Userenv
Time Written: 20090921145210.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: ZHOMECOM
Event Code: 1517
Message: Windows saved user ZHOMECOM\Mum&Grandma registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 5852
Source Name: Userenv
Time Written: 20090920202942.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0202
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------