Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 6.0.6000
9/5/2008 7:03:47 AM
mbam-log-2008-09-05 (07-03-47).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 242223
Time elapsed: 4 hour(s), 47 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 10
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 52
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\wvUmnKec.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c85bd9f1-5b95-46da-9f39-979db6b58484} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Logon Applicationedc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1d8b4aa6 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1eb8793a (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc9qtj0egbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\wvUmnKec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\boyers\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\boyers\AppData\Local\Temp\yayYSKcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RRLEP1E\kb65666[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ERJ8V88\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ERJ8V88\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\ddCTnMGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\dxwlxdac.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\geBtSIyX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\nnnMeDwV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\ohxahsmq.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tjlrtgbj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\xxyyYoOf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\yayxvWNd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\yekxjijt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\bYooMecY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\cbXRLbYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\awtqNDUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\jdsktdnd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\jrtmtemc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\pmnmkkIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rcplachd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rqRHwXQK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\rqRkifEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\vfgnqawd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\vtUomlii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\opnlKaYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00012319 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00019617 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00021f81 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0003fe2c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0004a459 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0005c0ce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp0005eee0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00086824 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp000a77cd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp008cbc5e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00a5fae4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp00a8c776 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\tmp024dbe3b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\goguilwh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\hgGYPGyW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\idojsgma.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkhebX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\boyers\Setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll (Trojan.Agent) -> Delete on reboot.
C:\Users\Random\AppData\Local\Temp\lnlgxyrw.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll (Malware.Trace) -> Delete on reboot.
Logfile of random's system information tool (written by random/random)
Run by Random at 2008-09-05 07:16:43
Microsoft® Windows Vista™ Home Premium
System drive C: has 298 GB (80%) free of 373 GB
Total RAM: 2942 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:20 AM, on 9/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Random\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Random.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll,c
O4 - HKCU\..\Run: [BM1d8b4aa6] Rundll32.exe "C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll",s
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Doyles Room Poker - {725E77D3-B919-4eef-8EEE-D09DE618B6C1} - C:\Microgaming\Poker\DoylesRoomMPP\MPPoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4129B5DC-99F9-495A-8760-E0646DEAD679}: NameServer = 192.168.1.1
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11746 bytes
Scheduled tasks folder
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Ian.job
C:\Windows\tasks\User_Feed_Synchronization-{A5E1E1A6-CF71-43E7-B1C3-7F98D3DD1B94}.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-11 96936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-11 607888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-06-09 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
""= []
"SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-25 185896]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-07-06 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-07-06 8466432]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-07-06 81920]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"MSConfig"=C:\Windows\System32\msconfig.exe [2006-11-02 222208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-02 1244848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-12 1773568]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"cmds"=C:\Users\Random\AppData\Local\Temp\opnmJCrO.dll []
"BM1d8b4aa6"=C:\Users\Random\AppData\Local\Temp\qlxfdvof.dll []
"MSServer"=C:\Users\Random\AppData\Local\Temp\ssqOfEtR.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2007-04-27 50736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe -logon []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRSRun]
C:\Program Files\NCH Swift Sound\VRS\vrs.exe -logon []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^boyers^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warkeys Update.lnk]
C:\Program Files\Warkeys\update\Warkeys Update.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Users\Random\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bb0612b-fa1e-11db-84bd-806e6f6e6963}]
shell\AutoRun\command - E:\Installer.exe
File associations
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
List of files/folders created in the last three months
2008-09-05 07:16:43 ----D---- C:\rsit
2008-09-05 07:05:53 ----D---- C:\Avenger
2008-09-05 07:05:53 ----A---- C:\avenger.txt
2008-09-04 20:41:22 ----D---- C:\Users\Random\AppData\Roaming\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\ProgramData\Malwarebytes
2008-09-04 20:41:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-03 19:12:48 ----D---- C:\ie-spyad_zo
2008-09-03 18:34:58 ----D---- C:\Program Files\SpywareBlaster
2008-09-02 20:06:26 ----D---- C:\Program Files\Panda Security
2008-09-02 19:57:04 ----D---- C:\Users\Random\AppData\Roaming\NCH Swift Sound
2008-09-01 18:28:28 ----D---- C:\Program Files\a-squared Free
2008-09-01 13:48:17 ----D---- C:\Program Files\Trend Micro
2008-08-31 20:51:18 ----D---- C:\Program Files\MSN Messenger
2008-08-27 22:25:16----A----C:\ProgramData\pskt.ini
2008-08-27 22:25:16----A----C:\ProgramData\BM1d8b4aa6.txt
2008-08-27 19:18:56 ----D---- C:\Windows\system32\eMaxt02
2008-08-27 19:18:56 ----D---- C:\Temp
2008-08-23 18:35:15 ----D---- C:\Users\Random\AppData\Roaming\WildTangent
2008-08-22 18:23:00 ----D---- C:\Program Files\Apple Software Update
2008-08-22 18:21:47 ----D---- C:\Program Files\iPod
2008-08-22 18:21:42 ----D---- C:\Program Files\iTunes
2008-08-22 18:20:19 ----D---- C:\Program Files\Bonjour
2008-08-22 18:18:38 ----D---- C:\Program Files\QuickTime
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wups2.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wucltux.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-22 09:40:09 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wups.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wudriver.dll
2008-08-22 09:39:29 ----A---- C:\Windows\system32\wuapi.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-22 09:39:17 ----A---- C:\Windows\system32\wuapp.exe
2008-08-13 03:03:27 ----A---- C:\Windows\system32\tzres.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\winipsec.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\polstore.dll
2008-08-12 23:44:06 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-12 23:44:06 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-12 23:44:02 ----A---- C:\Windows\system32\es.dll
2008-08-12 23:43:53 ----A---- C:\Windows\system32\mshtml.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\wininet.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\urlmon.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\mshtmled.dll
2008-08-12 23:43:52 ----A---- C:\Windows\system32\ieframe.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\mstime.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieui.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iesetup.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\iernonce.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ieapfltr.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\ie4uinit.exe
2008-08-12 23:43:51 ----A---- C:\Windows\system32\dxtrans.dll
2008-08-12 23:43:51 ----A---- C:\Windows\system32\advpack.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\ieUnatt.exe
2008-08-12 23:43:50 ----A---- C:\Windows\system32\icardie.dll
2008-08-12 23:43:50 ----A---- C:\Windows\system32\dxtmsft.dll
2008-08-12 23:43:49 ----A---- C:\Windows\system32\pngfilt.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-12 23:43:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-11 13:54:12 ----D---- C:\Program Files\Bodog Poker
2008-08-10 17:55:12 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-09 12:31:02 ----D---- C:\ProgramData\PlayersOnly Poker
2008-08-07 20:04:31 ----D---- C:\Users\Random\AppData\Roaming\InstallShield Installation Information
2008-08-07 19:51:00 ----D---- C:\Users\Random\AppData\Roaming\Full Tilt Poker
2008-08-07 19:31:10 ----AD---- C:\Program Files\PlayersOnly Poker
2008-08-07 19:18:09 ----D---- C:\Users\Random\AppData\Roaming\Microgaming
2008-07-29 13:30:04 ----D---- C:\Users\Random\AppData\Roaming\Template
2008-07-24 17:08:49 ----D---- C:\downloads
2008-07-24 17:08:37 ----D---- C:\Program Files\Free Music Zilla
2008-07-23 20:36:55 ----D---- C:\Users\Random\AppData\Roaming\vlc
2008-07-21 07:05:50 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-07-21 07:05:48 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-07-21 07:05:39 ----A---- C:\Windows\system32\NlsData0009.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000c.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NlsData000a.dll
2008-07-21 07:05:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0027.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData000d.dll
2008-07-21 07:05:36 ----A---- C:\Windows\system32\NlsData0001.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0011.dll
2008-07-21 07:05:35 ----A---- C:\Windows\system32\NlsData0007.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData003e.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData002a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0024.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0022.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0021.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData001a.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0018.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData000f.dll
2008-07-21 07:05:34 ----A---- C:\Windows\system32\NlsData0002.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0816.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData001d.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0019.dll
2008-07-21 07:05:33 ----A---- C:\Windows\system32\NlsData0010.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0049.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0039.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0020.dll
2008-07-21 07:05:32 ----A---- C:\Windows\system32\NlsData0013.dll
2008-07-21 07:05:31 ----A---- C:\Windows\system32\NlsData0416.dll
2008-07-21 07:05:30 ----A---- C:\Windows\system32\NlsData0414.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004c.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData004a.dll
2008-07-21 07:05:28 ----A---- C:\Windows\system32\NlsData0047.dll
2008-07-21 07:05:27 ----A---- C:\Windows\system32\NlsData081a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0046.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0045.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData001b.dll
2008-07-21 07:05:26 ----A---- C:\Windows\system32\NlsData0000.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004e.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData004b.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0026.dll
2008-07-21 07:05:25 ----A---- C:\Windows\system32\NlsData0003.dll
2008-07-21 07:05:11 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-07-21 07:05:10 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-07-21 07:05:08 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-07-21 07:05:07 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-07-21 07:05:06 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-07-21 07:05:05 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-07-21 07:05:04 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-07-21 07:05:03 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-07-21 07:05:02 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-07-21 07:05:01 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-07-16 18:49:25 ----D---- C:\Users\Random\AppData\Roaming\LimeWire
2008-07-14 14:44:29 ----D---- C:\Users\Random\AppData\Roaming\WinRAR
2008-07-14 02:13:48 ----D---- C:\Users\Random\AppData\Roaming\Ventrilo
2008-07-11 22:20:51 ----D---- C:\Users\Random\AppData\Roaming\acccore
2008-07-09 03:58:23 ----A---- C:\Windows\system32\shell32.dll
2008-07-08 20:15:29 ----D---- C:\Users\Random\AppData\Roaming\Apple Computer
2008-07-08 10:47:25 ----D---- C:\Users\Random\AppData\Roaming\Microsoft Games
2008-07-07 13:26:06 ----D---- C:\Program Files\Mixxx
2008-07-07 10:38:43 ----D---- C:\Program Files\UltraMixer
2008-07-07 09:16:10 ----D---- C:\Program Files\att-aace
2008-07-07 09:16:00 ----D---- C:\ProgramData\Motive
2008-07-07 09:15:53 ----D---- C:\Program Files\Common Files\Motive
2008-07-07 09:15:47 ----D---- C:\Program Files\ATT
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Macromedia
2008-07-03 10:52:42 ----D---- C:\Users\Random\AppData\Roaming\Adobe
2008-07-03 10:40:37 ----D---- C:\Users\Random\AppData\Roaming\Hewlett-Packard
2008-07-03 02:33:57 ----D---- C:\Users\Random\AppData\Roaming\Mozilla
2008-07-03 02:15:24 ----D---- C:\Users\Random\AppData\Roaming\Snapfish
2008-07-03 02:15:22 ----D---- C:\Users\Random\AppData\Roaming\Real
2008-07-03 02:14:59 ----D---- C:\Users\Random\AppData\Roaming\Identities
2008-07-03 02:14:32 ----SD---- C:\Users\Random\AppData\Roaming\Microsoft
2008-07-03 02:14:32 ----D---- C:\Users\Random\AppData\Roaming\Media Center Programs
2008-07-02 21:16:51 ----D---- C:\Program Files\PokerStars
2008-06-20 12:34:31 ----D---- C:\Shared
2008-06-19 11:54:56 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-06-19 11:54:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-06-16 10:25:09 ----D---- C:\Program Files\NCSoft
2008-06-15 16:21:31 ----A---- C:\Windows\system32\7100.bat
2008-06-15 15:48:48 ----A---- C:\Windows\system32\8225.bat
2008-06-14 03:31:20 ----A---- C:\Windows\system32\EncDec.dll
2008-06-14 03:31:18 ----A---- C:\Windows\system32\psisdecd.dll
2008-06-14 03:31:17 ----A---- C:\Windows\system32\mcmde.dll
2008-06-13 23:32:49 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-13 23:32:33 ----D---- C:\Program Files\VideoLAN
2008-06-13 23:32:31 ----D---- C:\Program Files\Graboid
2008-06-11 04:13:43 ----A---- C:\Windows\system32\quartz.dll
2008-06-11 04:13:40 ----A---- C:\Windows\system32\wshrm.dll
List of drivers
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2007-08-14 395312]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070813.001\IDSvix86.sys [2007-06-07 212280]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-01-03 417592]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-01-11 25400]
R1 SYMTDI;SYMTDI; C:\Windows\system32\System32\Drivers\SYMTDI.SYS []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2007-07-25 23217]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-08-14 112688]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVENG.SYS [2007-07-23 81232]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070815.008\NAVEX15.SYS [2007-07-23 865904]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-04 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-06 7568832]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-01-11 247608]
R3 SYMDNS;SYMDNS; C:\Windows\system32\System32\Drivers\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2007-04-25 115000]
R3 SYMFW;SYMFW; C:\Windows\system32\System32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; C:\Windows\system32\System32\Drivers\SYMIDS.SYS []
R3 SYMNDISV;SYMNDISV; C:\Windows\system32\System32\Drivers\SYMNDISV.SYS []
R3 SYMREDRV;SYMREDRV; C:\Windows\system32\System32\Drivers\SYMREDRV.SYS []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 cdrmkaun;cdrmkaun; \??\C:\Users\Ian\AppData\Local\Temp\cdrmkaun.sys [2006-09-01 15872]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-28 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-28 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-01-11 276792]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []
List of services
R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-07-31 380536]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-28 303104]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
R2 SymAppCore;Symantec AppCore Service; c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-04 47712]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-11-28 583048]
S3 comHost;COM Host; c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ISPwdSvc;Symantec IS Password Validation; c:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-13 80504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-11-05 1252232]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
-----------------EOF-----------------
info.txt logfile of random's system information tool 2008-09-05 07:18:00
Uninstall list
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Cue Master\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Overball\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AT&T Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
ATT-AACE-->C:\PROGRA~1\ATT\UNWISE.EXE C:\PROGRA~1\ATT\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BitTorrent 5.0.8-->"C:\Program Files\BitTorrent\uninstall.exe"
Bodog Poker Version 2.15.9.3-->"C:\Program Files\Bodog Poker\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSR Screen Recorder 4-->C:\Program Files\BSR Screen Recorder 4\Uninstall Screen Recorder 4.exe
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Doyles Room Poker-->C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\UNWISE.EXE C:\MICROG~1\Poker\DOYLES~1\DOYLES~1\INSTALL.LOG
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Garena-->C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Graboid Video 1.2-->C:\Program Files\Graboid\uninst.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Rise Of Nations-->"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component-->MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component-->MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NSIS Mixxx-->"C:\Program Files\Mixxx\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PlayersOnly Poker-->C:\Program Files\PlayersOnly Poker\uninstall.exe
PlayNC Launcher-->"C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe" -runfromtemp -l0x0009 -removeonly
Pocket Tanks v1.3-->"C:\Program Files\Pocket Tanks\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Replay Media Catcher-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Soldat 1.4.1-->"C:\Soldat\unins000.exe"
Soldat 1.4.2-->"C:\Soldat\unins001.exe"
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars®: Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Total Video Converter 3.11-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
UltraMixer 2.3.3-->"C:\Program Files\UltraMixer\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warkeys 1.7.0.0b-->C:\Users\boyers\Desktop\Warkeys\uninst.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Hosts File
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com127.0.0.1 008k.com
127.0.0.1
www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com127.0.0.1 032439.com
Security center information
AS: Spybot - Search and Destroy (disabled) (outdated)
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
-----------------EOF-----------------