Here are my logs:
Logfile of random's system information tool 1.04 (written by random/random)
Run by XP USER at 2008-11-13 19:32:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 57 GB (75%) free of 76 GB
Total RAM: 511 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:09 PM, on 11/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\EMBARQ Online Security\FSPC\fspc.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\XP USER\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\XP USER.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: EarthLink Google Search -
res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\EMBARQ Online Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) -
http://vsp.closetmaid.com/vsp/cmaidctl_ ... loader.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
--
End of file - 8168 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-0000-0000-0000-000000000002}]
ElnkBhoGuard Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2006-07-06 198424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-08-24 439872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]
ElnkScamBHO Class - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll [2006-07-06 198424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2006-07-06 206616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2006-07-06 247576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-07-11 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-10 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2006-07-06 96024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-08-24 439872]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2006-07-06 243480]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-07-11 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-10-08 57344]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2004-09-14 684032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-16 77824]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2007-04-26 176177]
"F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2007-04-26 733184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-22 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Microsoft Office\Office\1033\WFXMSRVR.EXE"="C:\Program Files\Microsoft Office\Office\1033\WFXMSRVR.EXE:*:Disabled:WFXMSRVR"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2008-11-13 19:32:54 ----D---- C:\rsit
2008-11-13 18:42:37 ----D---- C:\Documents and Settings\XP USER\Application Data\Malwarebytes
2008-11-13 18:42:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-13 18:42:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-12 19:46:21 ----SHD---- C:\Config.Msi
2008-11-12 19:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-12 19:45:48 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-11-12 19:45:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-12 10:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 10:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 10:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-12 08:35:49 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-11 07:27:52 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-11-10 23:35:15 ----D---- C:\Program Files\Trend Micro
2008-11-10 12:12:29 ----A---- C:\WINDOWS\system32\6LN0dYGS.exe_
2008-11-02 20:13:00 ----A---- C:\WINDOWS\system32\8kMi8jMs.exe
2008-10-24 08:55:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 10:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 10:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 10:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 10:13:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 10:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 10:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
======List of files/folders modified in the last 1 months======
2008-11-13 19:33:07 ----D---- C:\WINDOWS\Temp
2008-11-13 19:32:58 ----D---- C:\WINDOWS\Prefetch
2008-11-13 19:32:05 ----D---- C:\WINDOWS\system32
2008-11-13 18:42:32 ----D---- C:\WINDOWS\system32\drivers
2008-11-13 18:42:25 ----RD---- C:\Program Files
2008-11-13 16:53:06 ----D---- C:\Program Files\Mozilla Firefox
2008-11-13 16:00:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-13 10:33:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-13 10:33:19 ----A---- C:\WINDOWS\OPLIMIT.INI
2008-11-12 19:47:45 ----SHD---- C:\WINDOWS\Installer
2008-11-12 19:46:26 ----D---- C:\Program Files\Lavasoft
2008-11-12 19:45:48 ----D---- C:\WINDOWS
2008-11-12 19:45:40 ----D---- C:\Program Files\Common Files
2008-11-12 10:36:27 ----HD---- C:\WINDOWS\inf
2008-11-12 10:01:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 10:01:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 10:01:02 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 10:00:05 ----D---- C:\WINDOWS\WinSxS
2008-11-12 08:36:37 ----D---- C:\Documents and Settings
2008-11-12 00:28:27 ----A---- C:\WINDOWS\win.ini
2008-11-12 00:28:25 ----A---- C:\WINDOWS\ppdrv.ini
2008-11-11 07:30:23 ----D---- C:\Program Files\SmartDraw 2008
2008-11-11 07:27:57 ----D---- C:\Program Files\Common Files\Scanner
2008-11-11 07:27:38 ----D---- C:\Program Files\Yahoo!
2008-11-11 07:25:18 ----SD---- C:\WINDOWS\Tasks
2008-11-09 13:01:37 ----D---- C:\Program Files\Microsoft Home Publishing 2000
2008-11-08 21:29:05 ----A---- C:\WINDOWS\vista32.ini
2008-11-08 21:28:37 ----D---- C:\VSTASCAN
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 14:00:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 07:28:02 ----D---- C:\Program Files\EMBARQ Online Security
2008-10-20 18:12:06 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 PPCLASS;PPCLASS; C:\WINDOWS\system32\drivers\PPCLASS.sys [1997-04-09 85868]
R2 PPSCAN;PPSCAN; C:\WINDOWS\system32\drivers\PPSCAN.sys [1998-02-20 115136]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-10-03 391552]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-10-09 475788]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-11-03 146888]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys []
R3 G400DH;G400DH; C:\WINDOWS\system32\DRIVERS\g400dhm.sys [2004-09-14 348800]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-17 322432]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\XPUSER~1\LOCALS~1\Temp\oflpydin.sys []
S3 s3m;s3m; C:\WINDOWS\system32\DRIVERS\s3m.sys [2001-08-17 166720]
S3 tgiul50;tgiul50; C:\WINDOWS\system32\DRIVERS\tgiulnt5.sys [2001-08-17 138528]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-04-14 88704]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys []
S4 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-06-10 1422336]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-04-26 41043]
R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-04-26 106546]
R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-04-26 450560]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-04-26 446464]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor; C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe [2008-11-12 147456]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-11 138168]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-11-13 19:33:15
======Uninstall list======
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Army Men Sarge's War-->MsiExec.exe /I{FCC373B6-1FBD-4280-A4BF-E371095DABE8}
Backyard Football 2004-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{211C4AB9-E3FD-44CE-A495-75B8F545886A}
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Cisco Systems VPN Client 4.6.04.0043-->MsiExec.exe /X{8A3A2363-2129-43FB-8DFC-F237DA58038C}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
EMBARQ Online Security-->"C:\Program Files\EMBARQ Online Security\FSGUI\PostInstall.exe" /tUnInstall
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_11a0bac\Setup.exe /APR-REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrox Graphics Software (remove only)-->C:\WINDOWS\system32\PDesk\PDUninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Greetings 2000-->MsiExec.exe /I{5264E937-B015-11D2-8C0E-00C04FBBCFF9}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Publishing 2001-->MsiExec.exe /I{15D9EB74-998E-4A04-B468-51C2E7B32182}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery of the Monkey Kingdom(TM)-->C:\Program Files\The Learning Company\Mystery of the Monkey Kingdom(TM)\uninstall.exe
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Norton Spyware Scan provided by Yahoo!-->C:\PROGRA~1\Yahoo!\Common\unynss.exe
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! ImageFolio LE-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\ImgFolio\DeIsL1.isu"
Presto! PageManager-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\DeIsL1.isu"
Presto! PageType-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PageManager\PageType\DeIsL1.isu"
Presto! PhotoAlbum-->C:\WINDOWS\uninst.exe -f"C:\Program Files\NewSoft\PhotoAlbum\DeIsL1.isu"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit I Can Read! With Phonics-->C:\Program Files\The Learning Company\Reader Rabbit I Can Read! With Phonics\uninstal.exe
Reader Rabbit(R) Reading Ages 6-9-->C:\Program Files\The Learning Company\Reader Rabbit(R) Reading Ages 6-9\uninstall.exe
Reader Rabbit's Kindergarten-->C:\TLCWIN\RRK20\UNWISE.EXE C:\TLCWIN\RRK20\INSTALL.LOG
Reader Rabbit's(R) Math Ages 6 - 9-->C:\Program Files\The Learning Company\Reader Rabbit's(R) Math Ages 6 - 9\uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Ringling Bros. - Frankie Goes to the Circus-->C:\WINDOWS\unjsrbbb.exe
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpongeBob SquarePants Employee of the Month-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Employee of the Month\Uninst.isu"
SpongeBob SquarePants® Operation Krabby Patty-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\THQ\SpongeBob SquarePants\Operation Krabby Patty\Uninst.isu"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
The Mystery of Veggie Island-->C:\WINDOWS\uninst.exe -f"C:\Program Files\BigIdea\The Mystery of Veggie Island\DeIsL1.isu"
Third Grade Adventures-->C:\WINDOWS\IsUninst.exe -fC:\Tlcwin\3RDADV\Uninst\DeIsL1.isu
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Treasure Mountain!-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Tmtcd\uninstal\DeIsL1.isu
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{C94C253C-069F-4C02-8E5B-C1D056827643}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: EMBARQ Online Security 7.00
FW: EMBARQ Online Security 7.00
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.30
Database version: 1395
Windows 5.1.2600 Service Pack 3
11/13/2008 7:32:05 PM
mbam-log-2008-11-13 (19-32-05).txt
Scan type: Full Scan (C:\|)
Objects scanned: 117311
Time elapsed: 45 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{669c3e6e-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669c3e6e-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669c3e6e-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{669c3e6f-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{669c3e6f-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{669c3e6f-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{669c3e6e-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{669c3e6e-a263-4a2f-9f8e-527de5d7cd41} (Adware.Mirar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{EC32D294-D566-4951-B9C4-7B33F0EBC607}\RP700\A0121083.0xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC32D294-D566-4951-B9C4-7B33F0EBC607}\RP701\A0122111.0xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC32D294-D566-4951-B9C4-7B33F0EBC607}\RP701\A0122120.0xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC32D294-D566-4951-B9C4-7B33F0EBC607}\RP701\A0122136.0xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EC32D294-D566-4951-B9C4-7B33F0EBC607}\RP701\A0122150.0xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6LN0dYGS.0xe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6LN0dYGS.1xe (Trojan.Adclicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winkc75.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6LN0dYGS.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8kMi8jMs.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
Thanks