Free Malware Removal Forum

by **dnothnagel** » August 4th, 2009, 5:54 pm

This thing is driving me nutz the HJT log is included. Im not sure if i have a virus or if it is a software problem any help would be great!
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:31 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmbc.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6481 bytes

by **km2357** » August 6th, 2009, 2:32 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!

by **km2357** » August 6th, 2009, 2:40 pm

Step # 1:Remove one of your Anti Virus programs.

You are operating your computer with multiple Anti Virus programs running in memory at once:

Norton

Authentium

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them.

Step # 2: Remove Hijackthis Entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

If an Administrator has not set a policy restricting access to Internet Explorer settings and you have not configured any software such as Spybot S & D or a similar program to prevent changing Internet Explorer settings, then you can also fix these O6 entries with HijackThis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

Step # 3: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Step # 4 Download and Run RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next post/reply, I need to see the following:

1. Uninstall List
2. The two RSIT Logs (info and log.txt)

by **dnothnagel** » August 6th, 2009, 4:33 pm

i can do that, however norton AV Isnt installed on this system that i know of, Norton Utilities is however. trend micro is my AV.

I will work on the other things and be sending you the requested logs in the next few days

Thanks

by **km2357** » August 7th, 2009, 1:35 am

dnothnagel wrote:i can do that, however norton AV Isnt installed on this system that i know of, Norton Utilities is however. trend micro is my AV.

Thanks

Thanks for clearing the AV situation up. Looking at the Norton Utilities webpage, Norton Utilities doesn't have any AV component to it, so both Trend Micro and NU can stay on your computer.

Post the logs when you're ready.

by **dnothnagel** » August 10th, 2009, 2:42 pm

Here are the files you had asked for, thanks again for your help.

Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AIM 6
aiofw
aioprnt
aioscnnr
AnswerWorks 4.0 Runtime - English
Audit Support Center 1.0
Authentium AntiVirus SDK - 2
Bonjour
C4USelfUpdater
ccCommon
CCScore
center
CheckIt Diagnostics
Component Framework
Connection Keep Alive
Creative EAX Console
Creative MediaSource
Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin
Creative Speaker Settings
Creative System Information
Data Lifeguard Tools
DeductionPro 2008
Device Control
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
filehippo.com Update Checker
Google Earth
Google Update Helper
GPOAccelerator
HiJaak Image Manager 1.5
HijackThis 2.0.2
HollywoodPoker.com (remove only)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
ieSpell
Java DB 10.4.1.3
Java(TM) 6 Update 15
KODAK All-in-One Printer Software
Kodak EasyShare software
ksDIP
Learning QuickBooks 2009
Learning QuickBooks 2009
LightScribe System Software 1.10.16.1
LimeWire 5.1.4
LiveUpdate 3.2 (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Macromedia Flash Player 8
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Live Add-in 1.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Sounds
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.5.1)
MSN
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero 8 Essentials
neroxml
netbrdg
Norton Cleanup
Norton Protection Center
Norton SystemWorks
Norton SystemWorks
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton Utilities
OfotoXMI
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PerformanceTest
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PreReq
QuickBooks
QuickBooks Premier: Mfg and Whsle Edition 2009
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
SecurDisc Viewer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
SFR
SHASTA
skin0001
SKINXSDK
Skype add-on for IE
Skype web features
Skype™ 4.1
Sound Blaster Live! 24-bit
SPBBC 32bit
staticcr
SupportSoft Assisted Service
TaxCut Basic + Efile 2008
tooltips
Trend Micro Internet Security Pro
Trend Micro Internet Security Pro
Trend Micro RUBotted
TurboTax Deluxe 2007
Ulead DVD Player
UniChromeII Graphics Driver and Utilities
VCRedistSetup
VIA Integrated Setup Wizard
VIA Rhine-Family Fast-Ethernet Adapter
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
VPRINTOL
Windows Defender
Windows Imaging Component
Windows Live ID Sign-in Assistant
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows Presentation Foundation
Windows XP Service Pack 3
WIRELESS
Yahoo! Messenger
_____________
Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-08-10 13:13:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (47%) free of 76 GB
Total RAM: 1983 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:36 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmbc.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\Trend Micro\Internet Security\Quarantine\Folder\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: is-C8MG5.lnk = C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OAYHSQ - Unknown owner - C:\DOCUME~1\Don\LOCALS~1\Temp\OAYHSQ.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

_____________________
End of file - 12243 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\ErrorFix Scan.job
C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Norton WinDoctor.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{50CA3099-5EFB-434D-AE3F-D9EFF62AD1EA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
AcroIEHelperShimObj Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
C:\Program Files\Trend Micro\Internet Security\Quarantine\Folder\iWinGamesHookIE.dll [2009-06-04 141472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-08-26 115560]
"NSWosCheck"=C:\Program Files\Norton SystemWorks\osCheck.exe [2007-09-18 25472]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2008-11-18 623880]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 1468296]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-06-01 1501064]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-04-07 1511424]
"Conime"=C:\WINDOWS\system32\conime.exe [2008-03-20 27648]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-08-19 45056]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-03-20 143360]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"ASUS Probe"= []
"iolo AntiVirus"= []
"iolo Personal Firewall"= []
"LGODDFU"= []
"NBKeyScan"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-20 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]
"DriverCure"= []
"MSMSGS"= []
"swg"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-03 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-08-26 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-19 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymKeepAlive]
C:\Program Files\Norton SystemWorks Premier Edition\CKA\CKA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-03-06 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2003-11-18 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-11-07 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3
"InCDsrv"=2
"gusvc"=3
"GoogleDesktopManager"=3
"GoogleDesktopManager-092308-165331"=3
"Norton Save and Restore"=2
"WMPNetworkSvc"=3
"RUBotted"=2
"ose"=3
"LightScribeService"=2
"KodakSvc"=2
"KodakCCS"=3
"gupdate1c9d0b27b583d0a"=2
"Automatic LiveUpdate Scheduler"=2
"CLTNetCnService"=2
"ACDaemon"=3
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Don\Start Menu\Programs\Startup
is-C8MG5.lnk - C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winubg32]
winubg32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoFileSharing"=1
"NoDrives"=0
"NoViewOnDrive"=0
"NoTaskGrouping"=1
"NoDriveAutoRun"=E7FFFF03
"NoSimpleStartMenu"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe"="C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak AiO Scheduled Maintenance"
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe"="C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe:*:Enabled:Trend Micro Support Diagnostic Toolkit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7966881-0b15-11de-b3d8-0017311d6874}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======File associations======

.js - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-08-10 13:13:54 ----D---- C:\rsit
2009-08-05 15:05:48 ----D---- C:\Program Files\Carbonite
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\java.exe
2009-08-04 15:06:56 ----D---- C:\Program Files\QUAD Utilities
2009-07-25 08:13:20 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 05:25:07 ----D---- C:\6e6c8e44d97400d3b6d30afb98e81e
2009-07-22 08:43:13 ----A---- C:\SDFix.exe
2009-07-20 10:41:19 ----D---- C:\Program Files\Smith Micro
2009-07-18 13:51:06 ----D---- C:\Program Files\Common Files\Skype
2009-07-18 13:50:57 ----RD---- C:\Program Files\Skype
2009-07-18 05:50:27 ----D---- C:\Program Files\GPOAccelerator
2009-07-18 05:43:40 ----A---- C:\WINDOWS\system32\mmc.exe.config
2009-07-18 04:50:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-17 13:25:10 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-07-15 10:56:16 ----D---- C:\SAV32CLI

======List of files/folders modified in the last 1 months======

2009-08-10 13:14:19 ----D---- C:\WINDOWS\Temp
2009-08-10 13:13:59 ----D---- C:\WINDOWS\Prefetch
2009-08-10 09:56:00 ----AC---- C:\WINDOWS\SchedLgU.Txt
2009-08-10 09:11:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-10 09:10:23 ----SD---- C:\WINDOWS\Tasks
2009-08-09 12:29:41 ----D---- C:\WINDOWS\system32\Adobe
2009-08-09 10:43:12 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-08-09 10:43:11 ----D---- C:\Documents and Settings\Don\Application Data\Macromedia
2009-08-09 10:43:09 ----D---- C:\WINDOWS\system32\Macromed
2009-08-09 10:41:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-06 15:49:59 ----D---- C:\Program Files\Norton SystemWorks
2009-08-05 15:42:39 ----C---- C:\WINDOWS\system.ini
2009-08-05 15:42:39 ----ASH---- C:\boot.ini
2009-08-05 15:42:39 ----AC---- C:\WINDOWS\win.ini
2009-08-05 15:05:49 ----SHD---- C:\WINDOWS\Installer
2009-08-05 15:05:48 ----D---- C:\Program Files
2009-08-05 15:05:47 ----SHD---- C:\Config.Msi
2009-08-05 15:04:02 ----D---- C:\WINDOWS\system32
2009-08-05 15:03:45 ----D---- C:\Program Files\Java
2009-08-05 12:01:16 ----D---- C:\WINDOWS\system32\drivers
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\kdfvmgr.exe
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\Kdfhok.dll
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\kdfapi.dll
2009-08-05 12:01:15 ----A---- C:\WINDOWS\system32\kdfmgr.exe
2009-08-05 12:01:15 ----A---- C:\WINDOWS\system32\kdfinj.dll
2009-08-05 11:52:07 ----D---- C:\WINDOWS\pss
2009-08-05 11:43:47 ----D---- C:\SDFix
2009-08-05 11:19:41 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-08-05 11:11:59 ----D---- C:\Program Files\Common Files\ArcSoft
2009-08-05 11:11:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-04 15:07:23 ----D---- C:\WINDOWS
2009-08-03 04:45:43 ----D---- C:\WINDOWS\WinSxS
2009-07-31 10:46:58 ----SHD---- C:\System Volume Information
2009-07-31 10:46:58 ----D---- C:\WINDOWS\system32\Restore
2009-07-30 16:44:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 10:41:08 ----HD---- C:\WINDOWS\inf
2009-07-29 10:40:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-25 08:13:49 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-24 09:56:00 ----D---- C:\Documents and Settings\Don\Application Data\TaxCut
2009-07-24 09:55:29 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-07-24 05:04:41 ----D---- C:\Program Files\Internet Explorer
2009-07-24 04:41:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-24 04:40:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-24 04:37:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-24 04:36:00 ----D---- C:\WINDOWS\ie7updates
2009-07-23 13:52:14 ----D---- C:\WINDOWS\system32\config
2009-07-23 13:51:09 ----D---- C:\WINDOWS\system32\wbem
2009-07-23 13:51:09 ----D---- C:\WINDOWS\Registration
2009-07-22 15:15:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 08:26:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-21 08:26:27 ----D---- C:\Program Files\NOS
2009-07-20 09:53:53 ----D---- C:\WINDOWS\system32\en-US
2009-07-20 09:53:50 ----D---- C:\WINDOWS\Media
2009-07-20 09:53:50 ----D---- C:\WINDOWS\Help
2009-07-20 09:38:27 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-19 05:07:34 ----D---- C:\Program Files\Google
2009-07-18 14:43:43 ----D---- C:\Documents and Settings\Don\Application Data\LimeWire
2009-07-18 13:53:24 ----D---- C:\Documents and Settings\Don\Application Data\Skype
2009-07-18 13:52:51 ----D---- C:\Documents and Settings\Don\Application Data\skypePM
2009-07-18 13:51:06 ----D---- C:\Program Files\Common Files
2009-07-18 13:50:56 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-17 16:38:27 ----D---- C:\WINDOWS\Debug
2009-07-17 09:54:02 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-07-17 06:11:35 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-07-16 15:12:24 ----D---- C:\Restored_Bevscornerstore_Files
2009-07-14 14:01:59 ----D---- C:\Program Files\Trend Micro
2009-07-14 13:55:57 ----D---- C:\WINDOWS\network diagnostic
2009-07-13 10:05:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 07:12:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 is-C8MG5drv;is-C8MG5drv; C:\WINDOWS\system32\DRIVERS\30976384.sys [2008-07-08 148496]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-03-20 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-03-03 80400]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2008-06-01 750904]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-20 10368]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NPDriver;Norton UnErase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-06-01 14736]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-06-01 27792]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-03-20 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-03-20 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-20 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-03-20 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-12-19 133632]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-03-20 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-20 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-09-03 41984]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-20 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-20 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-20 10880]
S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-03-20 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-20 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-20 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-20 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2008-06-01 177448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
R2 NProtectService;Norton UnErase Protection; C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE [2008-08-26 95832]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2009-03-07 24576]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE [2008-08-26 181672]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-04-01 1251720]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-03 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [2009-05-04 279960]
S2 OAYHSQ;OAYHSQ; C:\DOCUME~1\Don\LOCALS~1\Temp\OAYHSQ.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2008-11-18 61440]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-20 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
S4 gupdate1c9d0b27b583d0a;Google Update Service (gupdate1c9d0b27b583d0a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S4 KodakSvc;Kodak AiO Device Service; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [2009-04-17 32768]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Don at 2009-08-10 13:13:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 36 GB (47%) free of 76 GB
Total RAM: 1983 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:36 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Don\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmbc.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\Trend Micro\Internet Security\Quarantine\Folder\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: is-C8MG5.lnk = C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OAYHSQ - Unknown owner - C:\DOCUME~1\Don\LOCALS~1\Temp\OAYHSQ.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12243 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\ErrorFix Scan.job
C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Norton WinDoctor.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{50CA3099-5EFB-434D-AE3F-D9EFF62AD1EA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
AcroIEHelperShimObj Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}]
TSToolbarBHO - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
C:\Program Files\Trend Micro\Internet Security\Quarantine\Folder\iWinGamesHookIE.dll [2009-06-04 141472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll [2008-11-08 83800]
{CCAC5586-44D7-4c43-B64A-F042461A97D2} - Trend Micro Toolbar - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll [2009-02-12 144720]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-08-26 115560]
"NSWosCheck"=C:\Program Files\Norton SystemWorks\osCheck.exe [2007-09-18 25472]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2008-11-18 623880]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 1468296]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-06-01 1501064]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-04-07 1511424]
"Conime"=C:\WINDOWS\system32\conime.exe [2008-03-20 27648]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-08-19 45056]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-03-20 143360]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"ASUS Probe"= []
"iolo AntiVirus"= []
"iolo Personal Firewall"= []
"LGODDFU"= []
"NBKeyScan"= []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-20 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]
"DriverCure"= []
"MSMSGS"= []
"swg"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-03 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-08-26 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-19 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SymKeepAlive]
C:\Program Files\Norton SystemWorks Premier Edition\CKA\CKA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-03-06 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
C:\PROGRA~1\VIA\RAID\RAID_T~1.EXE [2003-11-18 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\Logitech\QuickCam\eReg.exe [2008-11-07 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3
"InCDsrv"=2
"gusvc"=3
"GoogleDesktopManager"=3
"GoogleDesktopManager-092308-165331"=3
"Norton Save and Restore"=2
"WMPNetworkSvc"=3
"RUBotted"=2
"ose"=3
"LightScribeService"=2
"KodakSvc"=2
"KodakCCS"=3
"gupdate1c9d0b27b583d0a"=2
"Automatic LiveUpdate Scheduler"=2
"CLTNetCnService"=2
"ACDaemon"=3
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Don\Start Menu\Programs\Startup
is-C8MG5.lnk - C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winubg32]
winubg32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoFileSharing"=1
"NoDrives"=0
"NoViewOnDrive"=0
"NoTaskGrouping"=1
"NoDriveAutoRun"=E7FFFF03
"NoSimpleStartMenu"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe"="C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak AiO Scheduled Maintenance"
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe"="C:\Program Files\Trend Micro\Internet Security\TISTOOL.exe:*:Enabled:Trend Micro Support Diagnostic Toolkit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7966881-0b15-11de-b3d8-0017311d6874}]
shell\AutoRun\command - F:\LaunchU3.exe -a

======File associations======

.js - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-08-10 13:13:54 ----D---- C:\rsit
2009-08-05 15:05:48 ----D---- C:\Program Files\Carbonite
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-05 15:04:01 ----A---- C:\WINDOWS\system32\java.exe
2009-08-04 15:06:56 ----D---- C:\Program Files\QUAD Utilities
2009-07-25 08:13:20 ----D---- C:\Program Files\Mozilla Firefox
2009-07-24 05:25:07 ----D---- C:\6e6c8e44d97400d3b6d30afb98e81e
2009-07-22 08:43:13 ----A---- C:\SDFix.exe
2009-07-20 10:41:19 ----D---- C:\Program Files\Smith Micro
2009-07-18 13:51:06 ----D---- C:\Program Files\Common Files\Skype
2009-07-18 13:50:57 ----RD---- C:\Program Files\Skype
2009-07-18 05:50:27 ----D---- C:\Program Files\GPOAccelerator
2009-07-18 05:43:40 ----A---- C:\WINDOWS\system32\mmc.exe.config
2009-07-18 04:50:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-17 13:25:10 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-07-15 10:56:16 ----D---- C:\SAV32CLI

======List of files/folders modified in the last 1 months======

2009-08-10 13:14:19 ----D---- C:\WINDOWS\Temp
2009-08-10 13:13:59 ----D---- C:\WINDOWS\Prefetch
2009-08-10 09:56:00 ----AC---- C:\WINDOWS\SchedLgU.Txt
2009-08-10 09:11:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-10 09:10:23 ----SD---- C:\WINDOWS\Tasks
2009-08-09 12:29:41 ----D---- C:\WINDOWS\system32\Adobe
2009-08-09 10:43:12 ----D---- C:\Documents and Settings\Don\Application Data\Adobe
2009-08-09 10:43:11 ----D---- C:\Documents and Settings\Don\Application Data\Macromedia
2009-08-09 10:43:09 ----D---- C:\WINDOWS\system32\Macromed
2009-08-09 10:41:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-06 15:49:59 ----D---- C:\Program Files\Norton SystemWorks
2009-08-05 15:42:39 ----C---- C:\WINDOWS\system.ini
2009-08-05 15:42:39 ----ASH---- C:\boot.ini
2009-08-05 15:42:39 ----AC---- C:\WINDOWS\win.ini
2009-08-05 15:05:49 ----SHD---- C:\WINDOWS\Installer
2009-08-05 15:05:48 ----D---- C:\Program Files
2009-08-05 15:05:47 ----SHD---- C:\Config.Msi
2009-08-05 15:04:02 ----D---- C:\WINDOWS\system32
2009-08-05 15:03:45 ----D---- C:\Program Files\Java
2009-08-05 12:01:16 ----D---- C:\WINDOWS\system32\drivers
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\kdfvmgr.exe
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\Kdfhok.dll
2009-08-05 12:01:16 ----A---- C:\WINDOWS\system32\kdfapi.dll
2009-08-05 12:01:15 ----A---- C:\WINDOWS\system32\kdfmgr.exe
2009-08-05 12:01:15 ----A---- C:\WINDOWS\system32\kdfinj.dll
2009-08-05 11:52:07 ----D---- C:\WINDOWS\pss
2009-08-05 11:43:47 ----D---- C:\SDFix
2009-08-05 11:19:41 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-08-05 11:11:59 ----D---- C:\Program Files\Common Files\ArcSoft
2009-08-05 11:11:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-04 15:07:23 ----D---- C:\WINDOWS
2009-08-03 04:45:43 ----D---- C:\WINDOWS\WinSxS
2009-07-31 10:46:58 ----SHD---- C:\System Volume Information
2009-07-31 10:46:58 ----D---- C:\WINDOWS\system32\Restore
2009-07-30 16:44:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 10:41:08 ----HD---- C:\WINDOWS\inf
2009-07-29 10:40:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-25 08:13:49 ----D---- C:\Documents and Settings\Don\Application Data\Mozilla
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-24 09:56:00 ----D---- C:\Documents and Settings\Don\Application Data\TaxCut
2009-07-24 09:55:29 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2009-07-24 05:04:41 ----D---- C:\Program Files\Internet Explorer
2009-07-24 04:41:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-24 04:40:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-24 04:37:50 ----A---- C:\WINDOWS\imsins.BAK
2009-07-24 04:36:00 ----D---- C:\WINDOWS\ie7updates
2009-07-23 13:52:14 ----D---- C:\WINDOWS\system32\config
2009-07-23 13:51:09 ----D---- C:\WINDOWS\system32\wbem
2009-07-23 13:51:09 ----D---- C:\WINDOWS\Registration
2009-07-22 15:15:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 08:26:29 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-21 08:26:27 ----D---- C:\Program Files\NOS
2009-07-20 09:53:53 ----D---- C:\WINDOWS\system32\en-US
2009-07-20 09:53:50 ----D---- C:\WINDOWS\Media
2009-07-20 09:53:50 ----D---- C:\WINDOWS\Help
2009-07-20 09:38:27 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-19 05:07:34 ----D---- C:\Program Files\Google
2009-07-18 14:43:43 ----D---- C:\Documents and Settings\Don\Application Data\LimeWire
2009-07-18 13:53:24 ----D---- C:\Documents and Settings\Don\Application Data\Skype
2009-07-18 13:52:51 ----D---- C:\Documents and Settings\Don\Application Data\skypePM
2009-07-18 13:51:06 ----D---- C:\Program Files\Common Files
2009-07-18 13:50:56 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-17 16:38:27 ----D---- C:\WINDOWS\Debug
2009-07-17 09:54:02 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2009-07-17 06:11:35 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-07-16 15:12:24 ----D---- C:\Restored_Bevscornerstore_Files
2009-07-14 14:01:59 ----D---- C:\Program Files\Trend Micro
2009-07-14 13:55:57 ----D---- C:\WINDOWS\network diagnostic
2009-07-13 10:05:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 07:12:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 is-C8MG5drv;is-C8MG5drv; C:\WINDOWS\system32\DRIVERS\30976384.sys [2008-07-08 148496]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-03-20 14592]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-03-03 80400]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2008-06-01 750904]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-20 10368]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NPDriver;Norton UnErase Protection Driver; \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS []
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-06-01 14736]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-06-01 27792]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-20 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-03-20 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-03-20 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-20 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-20 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-20 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-03-20 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-12-19 133632]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-03-20 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Don\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-20 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-09-03 41984]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-20 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-20 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-20 10880]
S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-03-20 61824]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
S3 SDdriver;SDdriver; \??\C:\WINDOWS\system32\Drivers\sddriver.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-20 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-20 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-20 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-20 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-12 44032]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2008-06-01 177448]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
R2 NProtectService;Norton UnErase Protection; C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE [2008-08-26 95832]
R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2009-03-07 24576]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service; C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [2009-02-12 181584]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE [2008-08-26 181672]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-04-01 1251720]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-03 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [2009-05-04 279960]
S2 OAYHSQ;OAYHSQ; C:\DOCUME~1\Don\LOCALS~1\Temp\OAYHSQ.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2008-11-18 61440]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-20 14336]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
S4 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-08-26 108392]
S4 gupdate1c9d0b27b583d0a;Google Update Service (gupdate1c9d0b27b583d0a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe []
S4 KodakSvc;Kodak AiO Device Service; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [2009-04-17 32768]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

by **dnothnagel** » August 10th, 2009, 2:44 pm

And now the rest of the files;

info.txt logfile of random's system information tool 1.06 2009-08-10 13:15:45

======Uninstall list======

-->"C:\Program Files\Creative\SB Live! 24-bit\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
aiofw-->MsiExec.exe /I{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}
aioprnt-->MsiExec.exe /I{59B73DDC-593A-4D02-B9CA-1D8C9F912324}
aioscnnr-->MsiExec.exe /I{074AED0D-DD1C-432A-B38D-F8733604033F}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Audit Support Center 1.0-->C:\Program Files\Audit Support Center\uninst.exe
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{22B90C20-2697-4790-A95E-56463563F2EF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
CheckIt Diagnostics-->MsiExec.exe /X{4B9B1B84-FEC0-46D5-BDB9-832565779422}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connection Keep Alive-->MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}
Creative EAX Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
Creative MediaSource NOMAD Jukebox 2/3/Zen Plugin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\Setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DeductionPro 2008-->"C:\Program Files\InstallShield Installation Information\{61100673-2546-42E1-BF92-467B5CB2AC6D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPOAccelerator-->MsiExec.exe /I{79C5455C-E646-4BA8-8D63-9DA28196E59E}
HiJaak Image Manager 1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7FD13E2-EAFE-4F08-B00C-81688C153B5B}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HollywoodPoker.com (remove only)-->"C:\Program Files\HollywoodPoker\uninstall.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
KODAK All-in-One Printer Software-->C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_1f67ac\Setup.exe /APR-REMOVE
ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}
Learning QuickBooks 2009-->"C:\Documents and Settings\All Users\Application Data\{3C9AC65C-E0D8-4966-B6B5-2A499289A6AF}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Learning QuickBooks 2009-->C:\Documents and Settings\All Users\Application Data\{3C9AC65C-E0D8-4966-B6B5-2A499289A6AF}\Setup.exe
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Sounds-->MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{6710FE30-27F7-492B-A660-D31D4A898A43}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSRedist-->MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8 Essentials-->MsiExec.exe /X{9A5B876D-A900-4AAB-B557-DE827BE46E6C}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton Cleanup-->MsiExec.exe /I{CA31120D-2101-484D-9FF1-195DE96FE346}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Norton SystemWorks (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{71E7B3F5-CFAF-4C1E-B494-528E28707937}\{71E7B3F5-CFAF-4C1E-B494-528E28707937}.exe" /X
Norton SystemWorks-->MsiExec.exe /I{71E7B3F5-CFAF-4C1E-B494-528E28707937}
Norton SystemWorks-->MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}
Norton SystemWorks-->MsiExec.exe /I{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}
Norton Utilities-->MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
PerformanceTest-->MsiExec.exe /X{849089CF-4988-49ED-A2DD-110CD5D9D7E8}
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
QuickBooks Premier: Mfg and Whsle Edition 2009-->msiexec.exe /I {9A2F0810-369F-4E86-9072-973FBE1679C5} UNIQUE_NAME="wholesale" QBFULLNAME="QuickBooks Premier: Mfg and Whsle Edition 2009" ADDREMOVE=1
QuickBooks-->MsiExec.exe /I{9A2F0810-369F-4E86-9072-973FBE1679C5}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
SecurDisc Viewer-->MsiExec.exe /X{BE90CE58-41DE-4708-9291-A9D1D49B1033}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype web features-->MsiExec.exe /I{F1362843-0E0E-4F74-8662-724CF101ADCE}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
TaxCut Basic + Efile 2008-->MsiExec.exe /X{D81FBA6E-5492-4C46-BAE3-3A9242C27210}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Trend Micro Internet Security Pro-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security Pro-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Ulead DVD Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
UniChromeII Graphics Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Integrated Setup Wizard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2009-08-10]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Trend Micro Internet Security Pro
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: DON-7Z51BGB8S25
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
Access is denied.

Record Number: 2646788
Source Name: Service Control Manager
Time Written: 20090810092713.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 20035
Message: Remote Access Connection Manager failed to start because it could not create buffers.
Restart the computer. Access is denied.

Record Number: 2646785
Source Name: Rasman
Time Written: 20090810092713.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
Access is denied.

Record Number: 2646784
Source Name: Service Control Manager
Time Written: 20090810092711.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 20035
Message: Remote Access Connection Manager failed to start because it could not create buffers.
Restart the computer. Access is denied.

Record Number: 2646781
Source Name: Rasman
Time Written: 20090810092711.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 7023
Message: The Remote Access Connection Manager service terminated with the following error:
Access is denied.

Record Number: 2646780
Source Name: Service Control Manager
Time Written: 20090810092711.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DON-7Z51BGB8S25
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Record Number: 5993
Source Name: Userenv
Time Written: 20090623134013.000000-300
Event Type: warning
User: DON-7Z51BGB8S25\Don

Computer Name: DON-7Z51BGB8S25
Event Code: 1001
Message: Fault bucket 1180947459.

Record Number: 5990
Source Name: Application Hang
Time Written: 20090623132556.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5989
Source Name: Application Hang
Time Written: 20090623132533.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 1002
Message: Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5988
Source Name: Application Hang
Time Written: 20090623132325.000000-300
Event Type: error
User:

Computer Name: DON-7Z51BGB8S25
Event Code: 1002
Message: Hanging application OUTLOOK.EXE, version 11.0.8217.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5987
Source Name: Application Hang
Time Written: 20090623132325.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"FP_NO_HOST_CHECK"=NO
"kds_language"=13
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Intuit\QBPOSSDKRuntime
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2c02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

by **km2357** » August 10th, 2009, 3:03 pm

As you have Trend Micro as your AV, please uninstall the following, so that you do not have 2 AV's running on your computer:

Authentium AntiVirus SDK - 2

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.4

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.

by **dnothnagel** » August 10th, 2009, 3:15 pm

New HJT Log files

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:09 PM, on 8/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kmbc.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\Trend Micro\Internet Security\Quarantine\Folder\iWinGamesHookIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: is-C8MG5.lnk = C:\Program Files\Trend Micro\Internet Security\Quarantine\startup.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: OAYHSQ - Unknown owner - C:\DOCUME~1\Don\LOCALS~1\Temp\OAYHSQ.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12235 bytes

by **km2357** » August 11th, 2009, 1:22 am

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

Use multiple posts if you can't fit everything into one post.

by **km2357** » August 14th, 2009, 1:26 am

dnothnagel? Do you still need help?

by **dnothnagel** » August 14th, 2009, 2:52 pm

Yes I do, my cable went down and i am now back online. I so\hould be able to work on this now.

also, i should tell you that i am under going chemo at this time and it will slow me down as well

by **km2357** » August 14th, 2009, 3:11 pm

Ok, thanks for letting me know.

We can continue when you're ready to do so.

by **dnothnagel** » August 14th, 2009, 3:47 pm

ComboFix 09-08-10.06 - Don 08/14/2009 14:28.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1230 [GMT -5:00]
Running from: c:\documents and settings\Don\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\QUAD Utilities
c:\recycler\NPROTECT
C:\SDFix.exe
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Installer\100bf0a1.msp
c:\windows\Installer\102d6ce5.msp
c:\windows\Installer\10441501.msp
c:\windows\Installer\10640ce7.msp
c:\windows\Installer\10788ec8.msp
c:\windows\Installer\109afb86.msp
c:\windows\Installer\10af5de8.msp
c:\windows\Installer\10d1eca6.msp
c:\windows\Installer\10e8712d.msp
c:\windows\Installer\1108ec0e.msp
c:\windows\Installer\111d3b85.msp
c:\windows\Installer\113ff097.msp
c:\windows\Installer\1146531.msp
c:\windows\Installer\11542a82.msp
c:\windows\Installer\118b1894.msp
c:\windows\Installer\11a1e53.msp
c:\windows\Installer\12876d9d.msp
c:\windows\Installer\137dfafc.msp
c:\windows\Installer\138c4b0f.msp
c:\windows\Installer\138c4b21.msp
c:\windows\Installer\138c4b29.msp
c:\windows\Installer\138c4b3b.msp
c:\windows\Installer\138c4b43.msp
c:\windows\Installer\13e64b57.msp
c:\windows\Installer\141e7a56.msp
c:\windows\Installer\143acbba.msp
c:\windows\Installer\144c7bae.msp
c:\windows\Installer\14717ed7.msp
c:\windows\Installer\1484bbc4.msp
c:\windows\Installer\14be946c.msp
c:\windows\Installer\14f3d55b.msp
c:\windows\Installer\14f556cb.msp
c:\windows\Installer\152a97e9.msp
c:\windows\Installer\152c46d2.msp
c:\windows\Installer\1561859e.msp
c:\windows\Installer\1563385f.msp
c:\windows\Installer\159876dd.msp
c:\windows\Installer\159a21af.msp
c:\windows\Installer\15cf62bd.msp
c:\windows\Installer\15d11465.msp
c:\windows\Installer\16065479.msp
c:\windows\Installer\1608015e.msp
c:\windows\Installer\163d4451.msp
c:\windows\Installer\16743429.msp
c:\windows\Installer\1695bd.msp
c:\windows\Installer\16ab1d59.msp
c:\windows\Installer\16bd8090.msp
c:\windows\Installer\17a54a62.msp
c:\windows\Installer\182da4a.msp
c:\windows\Installer\193d11a1.msp
c:\windows\Installer\1973c0b7.msp
c:\windows\Installer\1974e88d.msp
c:\windows\Installer\19aaafe2.msp
c:\windows\Installer\19ad249c.msp
c:\windows\Installer\19e19e14.msp
c:\windows\Installer\1a188cc3.msp
c:\windows\Installer\1a4f7a59.msp
c:\windows\Installer\1a867491.msp
c:\windows\Installer\1d3c3090.msp
c:\windows\Installer\1d8bbe.msi
c:\windows\Installer\1df2cc6d.msp
c:\windows\Installer\1fff9d.msi
c:\windows\Installer\21f24b23.msp
c:\windows\Installer\22c2e7cb.msi
c:\windows\Installer\22c2e7d9.msp
c:\windows\Installer\22c2e7de.msi
c:\windows\Installer\22c2e7e3.msi
c:\windows\Installer\22e7bc8.msp
c:\windows\Installer\23aba.msp
c:\windows\Installer\294f0.msp
c:\windows\Installer\2eec32.msp
c:\windows\Installer\3157399.msp
c:\windows\Installer\316b020.msp
c:\windows\Installer\3712fab.msp
c:\windows\Installer\394828.msp
c:\windows\Installer\39846a.msp
c:\windows\Installer\39ced1.msp
c:\windows\Installer\3a04d5.msp
c:\windows\Installer\3b729.msp
c:\windows\Installer\3eff1ae.msp
c:\windows\Installer\40fe7b0.msp
c:\windows\Installer\40fe7ba.msi
c:\windows\Installer\425e297.msp
c:\windows\Installer\4272306.msp
c:\windows\Installer\4303c01.msp
c:\windows\Installer\449d305.msp
c:\windows\Installer\45d4685.msp
c:\windows\Installer\45edbe8.msp
c:\windows\Installer\4640aef.msp
c:\windows\Installer\46673d3.msp
c:\windows\Installer\4953483.msp
c:\windows\Installer\49d26c1.msp
c:\windows\Installer\4a71bae.msp
c:\windows\Installer\4af6527.msp
c:\windows\Installer\4cc119e.msp
c:\windows\Installer\4d498c9.msp
c:\windows\Installer\4eb0f27.msp
c:\windows\Installer\503394f.msp
c:\windows\Installer\51b7e.msp
c:\windows\Installer\5233aca.msp
c:\windows\Installer\5390623.msp
c:\windows\Installer\56ffd9c.msp
c:\windows\Installer\59c070c.msp
c:\windows\Installer\5f9dd5.msp
c:\windows\Installer\62ad8.msp
c:\windows\Installer\656944f.msp
c:\windows\Installer\674a66b.msp
c:\windows\Installer\68d80fa.msp
c:\windows\Installer\6a92989.msp
c:\windows\Installer\6c62bd0.msp
c:\windows\Installer\6fb5cb2.msp
c:\windows\Installer\703ca3.msp
c:\windows\Installer\7324bee.msp
c:\windows\Installer\76939a2.msp
c:\windows\Installer\7a028fd.msp
c:\windows\Installer\7fa5499.msp
c:\windows\Installer\8b2aaf7.msp
c:\windows\Installer\907e16b.msp
c:\windows\Installer\9b19b32.msp
c:\windows\Installer\9e856cb.msp
c:\windows\Installer\a1f64e9.msp
c:\windows\Installer\a5635cf.msp
c:\windows\Installer\a8d227a.msp
c:\windows\Installer\ac5e433.msp
c:\windows\Installer\ad03d2d.msp
c:\windows\Installer\afdbda0.msp
c:\windows\Installer\b31f0e8.msp
c:\windows\Installer\b44aa0c.msp
c:\windows\Installer\b68dc8a.msp
c:\windows\Installer\ba154f5.msp
c:\windows\Installer\bd8671a.msp
c:\windows\Installer\c0da8b6.msp
c:\windows\Installer\c449428.msp
c:\windows\Installer\d2eb1.msp
c:\windows\Installer\d62b4ce.msp
c:\windows\Installer\e382c9.msp
c:\windows\Installer\e64a8a2.msp
c:\windows\Installer\ebf63.msi
c:\windows\Installer\ec1217e.msp
c:\windows\Installer\ef96f21.msp
c:\windows\Installer\f3059e8.msp
c:\windows\Installer\f65c5ee.msp
c:\windows\Installer\f9cbd96.msp
c:\windows\Installer\fd57686.msp
c:\windows\system32\Data
c:\windows\system32\kdfinj.dll
c:\windows\system32\mfc45.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-11 10:39 . 2009-08-11 10:55 -------- d-----w- c:\program files\support.com
2009-08-11 10:39 . 2009-08-11 10:39 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\SupportSoft
2009-08-10 18:13 . 2009-08-10 18:15 -------- d-----w- C:\rsit
2009-08-07 06:15 . 2009-08-07 06:15 869640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2009-08-05 20:05 . 2009-08-05 21:11 -------- d-----w- c:\program files\Carbonite
2009-08-05 19:55 . 2009-08-05 19:55 152576 ----a-w- c:\documents and settings\Don\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-07-28 15:38 . 2009-04-02 23:08 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-27 18:07 . 2009-07-28 15:38 -------- d-----w- c:\documents and settings\Don\.housecall6.6
2009-07-27 16:15 . 2009-07-27 16:15 -------- d-----w- c:\documents and settings\Don\log
2009-07-25 13:13 . 2009-07-25 13:13 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Mozilla
2009-07-24 10:25 . 2009-07-24 13:25 -------- d-----w- C:\6e6c8e44d97400d3b6d30afb98e81e
2009-07-23 18:51 . 2009-07-23 18:51 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-20 15:41 . 2009-07-20 15:41 -------- d-----w- c:\program files\Smith Micro
2009-07-18 18:52 . 2009-07-18 18:53 -------- d-----w- c:\documents and settings\Don\Local Settings\Application Data\Temp
2009-07-18 18:51 . 2009-07-18 18:51 -------- d-----w- c:\program files\Common Files\Skype
2009-07-18 18:50 . 2009-08-10 20:48 -------- d-----r- c:\program files\Skype
2009-07-18 10:50 . 2009-07-18 10:51 -------- d-----w- c:\program files\GPOAccelerator
2009-07-18 09:50 . 2009-07-18 09:50 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-17 18:26 . 2009-07-22 21:47 -------- d-----w- c:\documents and settings\Don\SecurityScans
2009-07-17 18:25 . 2009-07-17 18:25 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 17:57 . 2008-12-29 18:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-14 14:36 . 2009-07-15 16:12 134769332 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-14 14:36 . 2009-07-15 16:12 4294967200 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-10 20:59 . 2009-02-12 21:10 -------- d-----w- c:\program files\Common Files\Nero
2009-08-10 20:58 . 2008-12-30 18:50 -------- d-----w- c:\program files\Nero
2009-08-10 20:57 . 2009-02-12 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-10 20:53 . 2009-03-06 22:13 -------- d-----w- c:\documents and settings\Don\Application Data\Skype
2009-08-10 20:51 . 2009-03-06 23:33 -------- d-----w- c:\documents and settings\Don\Application Data\skypePM
2009-08-10 19:09 . 2008-01-31 23:44 -------- d-----w- c:\program files\LimeWire
2009-08-06 20:49 . 2009-07-04 04:53 -------- d-----w- c:\program files\Norton SystemWorks
2009-08-05 20:03 . 2008-01-18 14:36 -------- d-----w- c:\program files\Java
2009-08-05 17:01 . 2009-04-01 19:42 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-08-05 17:01 . 2009-04-01 19:42 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-08-05 17:01 . 2009-04-01 19:42 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-08-05 17:01 . 2009-04-01 19:42 387288 ----a-w- c:\windows\system32\kdfmgr.exe
2009-08-05 16:11 . 2009-04-11 00:05 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-08-05 16:11 . 2008-01-18 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 10:14 . 2009-04-11 00:06 602 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-07-30 21:44 . 2008-01-22 22:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 10:23 . 2008-11-24 15:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 14:56 . 2009-02-09 23:01 -------- d-----w- c:\documents and settings\Don\Application Data\TaxCut
2009-07-24 14:55 . 2009-02-25 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-07-21 21:46 . 2008-01-18 18:03 44776 ----a-w- c:\documents and settings\Don\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 13:26 . 2008-10-03 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-21 13:26 . 2008-10-03 14:15 -------- d-----w- c:\program files\NOS
2009-07-19 10:07 . 2008-02-25 21:55 -------- d-----w- c:\program files\Google
2009-07-18 19:43 . 2008-01-31 23:45 -------- d-----w- c:\documents and settings\Don\Application Data\LimeWire
2009-07-18 18:50 . 2009-03-06 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-17 14:54 . 2008-03-03 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-07-16 20:20 . 2009-02-19 22:39 7484 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-07-16 10:58 . 2008-07-17 16:35 41840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 19:01 . 2008-08-27 20:53 -------- d-----w- c:\program files\Trend Micro
2009-07-12 12:12 . 2008-06-12 23:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 18:29 . 2009-06-18 16:37 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-07-09 18:29 . 2009-06-18 16:37 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-07-09 18:29 . 2009-06-18 16:37 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-07-07 22:08 . 2009-03-02 16:48 -------- d-----w- c:\documents and settings\Don\Application Data\Temp
2009-07-04 05:32 . 2008-04-03 22:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-04 05:00 . 2009-07-04 04:50 -------- d-----w- c:\program files\Symantec
2009-07-04 05:00 . 2009-07-04 04:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-04 05:00 . 2009-07-04 04:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-04 05:00 . 2009-07-04 04:50 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-04 05:00 . 2009-07-04 04:50 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-04 04:58 . 2008-04-03 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:46 . 2009-06-18 16:38 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-07-03 17:46 . 2009-06-18 16:37 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-07-03 17:46 . 2009-06-18 16:37 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-07-03 17:46 . 2009-06-18 16:37 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-07-03 17:46 . 2009-05-28 18:29 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-07-03 17:46 . 2009-05-28 18:29 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-07-03 17:46 . 2009-05-28 18:29 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-07-03 17:46 . 2009-06-18 16:37 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-07-03 17:46 . 2009-06-18 16:37 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-07-03 17:46 . 2009-06-18 16:37 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-07-03 17:45 . 2009-06-18 16:37 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-07-03 17:45 . 2009-06-18 16:37 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-07-03 17:45 . 2009-06-18 16:37 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-07-03 17:45 . 2009-06-18 16:37 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-25 18:14 . 2008-09-25 17:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 18:14 . 2008-10-08 14:10 38208 ----a-w- c:\documents and settings\Don\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-25 18:11 . 2009-06-25 18:11 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-06-01 18:51 . 2008-01-27 21:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-28 18:29 . 2009-05-28 18:29 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-05-28 18:29 . 2009-02-10 20:45 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-22 08:02 . 2008-08-14 17:23 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2008-08-14 17:23 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2008-08-14 17:23 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
2009-05-19 22:25 . 2009-05-19 22:25 192512 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\ICSharpCode.SharpZipLib.dll
2009-04-28 14:18 . 2009-04-20 01:49 25600 -c--a-w- c:\program files\Bevs Corner Store.doc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-26 115560]
"NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-09-18 25472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"Conime"="c:\windows\system32\conime.exe" [2008-03-20 27648]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-03-20 143360]
"CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-04 64512]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2003-08-20 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Don\Start Menu\Programs\Startup\
is-C8MG5.lnk - c:\program files\Trend Micro\Internet Security\Quarantine\startup.exe [2009-7-16 65745]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-3-11 984352]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileSharing"= 1 (0x1)
"NoViewOnDrive"= 0 (0x0)
"NoTaskGrouping"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Don^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"GoogleDesktopManager-092308-165331"=3 (0x3)
"Norton Save and Restore"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"RUBotted"=2 (0x2)
"ose"=3 (0x3)
"LightScribeService"=2 (0x2)
"KodakSvc"=2 (0x2)
"KodakCCS"=3 (0x3)
"gupdate1c9d0b27b583d0a"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"ACDaemon"=3 (0x3)
"ERSvc"=2 (0x2)
"UPS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TISTOOL.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9322:TCP"= 9322:TCP:EKDiscovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/5/2009 2:28 PM 64160]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/27/2009 11:55 AM 77312]
R0 XPacket;iolo Personal Firewall Driver;c:\windows\system32\xpacket.sys [1/18/2008 2:03 PM 39424]
R1 is-C8MG5drv;is-C8MG5drv;c:\windows\system32\drivers\30976384.sys [7/15/2009 11:12 AM 148496]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/26/2008 1:32 PM 95832]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [4/1/2009 2:29 PM 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/1/2009 2:27 PM 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/14/2008 12:23 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [4/1/2009 2:28 PM 677128]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/25/2008 3:58 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [8/14/2008 12:23 PM 335376]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [4/9/2009 8:52 AM 206608]
S2 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/21/2009 8:26 AM 66056]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
S2 OAYHSQ;OAYHSQ;c:\docume~1\Don\LOCALS~1\Temp\OAYHSQ.exe --> c:\docume~1\Don\LOCALS~1\Temp\OAYHSQ.exe [?]
S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [4/1/2009 2:28 PM 497008]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1029456]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [4/9/2009 8:52 AM 206608]
S4 gupdate1c9d0b27b583d0a;Google Update Service (gupdate1c9d0b27b583d0a);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 9:28 AM 133104]
S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S4 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
S4 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [4/9/2009 8:52 AM 582992]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:45]

2009-08-14 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\AiO\Center\Kodak.Statistics.exe [2009-05-04 17:15]

2009-08-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-08-10 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2007-09-18 13:22]

2009-08-14 c:\windows\Tasks\Norton WinDoctor.job
- c:\progra~1\NORTON~1\NORTON~1\windoc.exe [2008-08-26 18:32]

2009-08-14 c:\windows\Tasks\User_Feed_Synchronization-{50CA3099-5EFB-434D-AE3F-D9EFF62AD1EA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-SymKeepAlive - c:\program files\Norton SystemWorks Premier Edition\CKA\CKA.exe
HKCU-Run-DriverCure - (no file)
HKCU-Run-MSMSGS - (no file)
HKCU-Run-swg - (no file)
HKLM-Run-ASUS Probe - (no file)
HKLM-Run-iolo AntiVirus - (no file)
HKLM-Run-iolo Personal Firewall - (no file)
HKLM-Run-LGODDFU - (no file)
HKLM-Run-NBKeyScan - (no file)
Notify-winubg32 - winubg32.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.kmbc.com/index.html
mLocal Page =
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Don\Application Data\Mozilla\Firefox\Profiles\qkpvdtzr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.kmbc.com/index.html
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 14:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-1004336348-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-08-14 14:39
ComboFix-quarantined-files.txt 2009-08-14 19:39

Pre-Run: 35,124,826,112 bytes free
Post-Run: 35,068,825,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

508 --- E O F --- 2009-08-10 14:54

by **km2357** » August 15th, 2009, 12:46 am

Step # 1: Run CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all

KILLALL::

Driver::

OAYHSQ

File::

c:\docume~1\Don\LOCALS~1\Temp\OAYHSQ.exe

Folder::

c:\program files\LimeWire
c:\documents and settings\Don\Application Data\LimeWire

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Note: This CFScript is for use on dnothnagel's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh HiJackThis Log taken after Step 1 has been completed.

Free Malware Removal Forum

Need some help please

Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Re: Need some help please

Who is online